Against my better judgement, the owner of the boards wanted registration to be a seamless venture, thus he made it so when you create your account your automatically registered. Honestly though, the email would just be another step this malicious attacker would care less about, he has been attacking us for almost 2 weeks now. There are ways in which you could essentially filter out dynamic users in this situation, you can partial ban by their localization IP address, for example, if you had a user from 123.123.123.mi.comcast.net you could simply ban mi.comcast.net and it would ban him and anyone else from that area of service from connecting.
The idea however is to put up a filtration wall that the users must get through before they are allowed to register on the website forums. Ideally, we'd want to do something like:
// Written by Jeremy M. 8/10/07 (Riodan@comcast.net)
// Purpose:
// Check to see if a username is allowed to register then do so.
// Else, check to see if the address is in the banned array and send banned message.
<?php
$banned[0] = "IP Address 1";
$banned[1] = "IP Address 2";
$banned[2] = "IP Address 3";
$banned[3] = "IP Address 4";
$Accepted[0] = "Username 1";
$Accepted[1] = "Username 2";
$Accepted[2] = "Username 3";
$Accepted[3] = "Username 4";
if (in_array($_SERVER['USERNAME'], $Accepted))
// Continue on with the registration process. (not sure what goes here yet)
else if (in_array($_SERVER['REMOTE_ADDR'], $banned))
{
echo "You have been banned from this website.";
echo "If you believe you have received this in error contact us.";
echo "admin@blah.net";
}
?>
This code is concept only, I'm a dabbler and may have messed things up in it, but it should atleast illustrate what I'm seeking to accomplish. Instead of echoing the warnings, we could even go so far as to redirect them to a url with that message, either way would work fine. I just need a way to stop the user from getting into the site unless we specifically allow him/her to register with a predesignated registration name.