are you able to go to your hosting control panel and see what files are logged as accessd or something? Been a while since I tried tracking someones access to my websites, but there should be some indication of it
Yeah, it looks like somehow the "new users" feature which forces their posts to be moderated is turned off again. I know I had enabled it, but then the other day it was off, so I turned it back on. Now it's turned off again (I just tested it too).
Ok, I think I figured out what's going on. When I set the new users group permissions, I set "post without moderator permission" to "no" however it needed to be set to "never" or they can still get the posts through somehow.
seems that the current spambots are using a very similar algo for all their bot-users.
one of the Facebook, Twitter, Skype, YouTube, Google+ fields is always username plus 2 capitol letters.
if there was some way of scripting in using the username as a substring mask for each of those fields then maybe you could ban the account straight away. I don't know how easy it is to do on phpbb though.