That’s sort of a losing situation.
I had to help deal with this sort of thing on the American DJ forum where I was making recommendations for blocking.
Spammers and spammers often know they are using dynamically assigned IP addresses, so they can use this to their advantage to hop around and avoid IP and even sub-net based blocking. You could take it a step further and block large SWIP’s if you want. You could even block based on country code, but the collateral damage is too great. Couple that with most non-North American and European ISP’s don’t apply a reverse lookup for the IP, so there’s no DNS associated so hence no country code block could work. Most large African ISP’s don’t use country codes for this very reason and are usually .com or .net domains.
Then there are the zombies that they’ll abuse so someone else loses their account. This something easily fixed as a clean OS install and a cheap broadband router coupled with anti-virus and anti-spyware software.
Short of that, there’s loads of misconfigured and poorly configured relays and proxies, most of which have admins who aren’t even aware of these problems.
When you find a lot of abuse from a single ISP, you can try complaining to that ISP. They ideally SHOULD(but may not) have records of logins, often with the IP address associated, as well as a start/stop stamp, although with broadband accounts, this isn’t used as much anymore.
On the American DJ forum, we found that by OUTING the spammer, removing the payload of their spam but leaving the post subject(like, we go in and “content remove by mod”), and let the cratered scammer serve as a reminder/remnant that abuse won’t be tolerated. Spammers and scammers don’t like it when their undesired antics gain the wrong kind of attention, especially when mods are allowed to take “creative” measures to help counter the problem. By creative, it goes back to rmoving their message payload with some sort of “notice” message left in it’s place. When people would come back time and time again, at some point, they get tired of having to make a new account and they’ll move on.
It really depends how far you want to go. It’s to the point where we have to assume everyone is suspicious until they prove otherwise in regards to the internet these days. The best thing is to stay on top of it. I notice that this forum doesn’t use some sort of token-based account validation system to prove it’s a human or something. This would help against bots and other automated attacks. It may reduce the problems if you can confirm and validate new sign-ups. I know this site seems to want to be friendly to all, and I appreciate that. But sometimes, to be friendly, we, as those wanting to participate, may have to go through a short series of “trials”. It comes down to what can this web board software support, or if not, what of the existing forum and user database can be salvaged(if it can be) or move onto something else. Of course, it’s perfectly acceptable to have policy changes as things evolve. Existing users would be spared a challenge/token, only new users as of “XXX-date”. It isn’t perfect, but again, it helps.
All I do know is that boards of this nature tend to have a fee associated with it, so the admins of this site have paid not only for hosting and domain name registration(recurring fees for each), but also for additional software to help build a community. It’s always a few bad ones that wreck things and make it difficult for the majority. It’s one thing to make a mistake, we can all do that. But it’s another to intentionally break policy as a matter of routine.
I don’t know about the rest of you, but I’m here to have fun, improve my knowledge and enjoy yoyoing The admins will see through user behaviors(and peer checks) who stays and who goes. In the meantime, I’m off to go to the LEARN area and try to slowly work my way out of the beginner area!