Neil Harris wrote:
Given that this is an arms-race between the vandals and the software developers, it might be a good idea to implement the following restrictions on creating new usernames.
Usernames should first be NKFC normalized, and then be restricted to contain only:
[snip]
Although these rules sound hairy, they can actually be reduced to just one range-lookup table, and about thirty lines of code.
_That_ should slow the more devious vandals down a bit, and I have more tricks up my sleeve for later.
And, before you ask, yes, I _do_ have some GPL-licenced code for doing this. It's in C, but it's rather straightforward, and should be easily translatable to the language of your choice. If anyone is seriously interested in addressing the issue of bogus and spoofed usernames, I'd be happy to send it to them.
-- Neil