Neil Harris wrote:
Given that this is an arms-race between the vandals
and the software
developers, it might be a good idea to implement the following
restrictions on creating new usernames.
Usernames should first be NKFC normalized, and then be restricted to
contain only:
[snip]
Although these rules sound hairy, they can actually be reduced to just
one range-lookup table, and about thirty lines of code.
_That_ should slow the more devious vandals down a bit, and I have more
tricks up my sleeve for later.
And, before you ask, yes, I _do_ have some GPL-licenced code for doing
this. It's in C, but it's rather straightforward, and should be easily
translatable to the language of your choice. If anyone is seriously
interested in addressing the issue of bogus and spoofed usernames, I'd
be happy to send it to them.
-- Neil