I wish it was that simple. Couple of points to your idea
1. I would love to bust their chops
2. It would require time. We are unpaid volunteers. we all have other commitments
3. The software the Bot farms use creates bogus info including IPs. The target is elusive
4. Attack requires equipment, software and training we do not have but can obtain with significant $$
5. This forum does not charge, does not sell ads and does not sell information. If we start going down the $$ road the complexity of running this site goes exponentially
6. for every cockroach you step on there are 4 more
7. Finally, I would love to bust their chops
“Maybe”…those multiple IP addresses could be reduced if a verification code were sent to a “cell phone” (via WhatsApp, Telegram, etc.), and that code was entered in the message sent to the email to verify identity and activate the account in the forum…..the attacker may have multiple IPs, multiple emails,…but WhatsApp or Telegram accounts (associated with a cell phone), I think there would be drastically fewer….and it would be easier to “associate” those multiple IPs/ emails/users…with a couple of cell phones…and thus know if the attacker is the same…
.If the hacker did the job well, he will try to use computers where the user usually leaves the WhatsApp sessions open, to be able to read the code verification (the hacker can even send you a cell phone number that is not his, but he has access to WhatsApp chats if the owner of the cell phone number has linked his phone to an “infected” computer… But it reduces the probabilities.
The best thing would be a text message to the cell phone with the verification code (but it is paid)... or the “double code” (two codes sent to two different networks)... which further reduces the probability that someone will use 2 networks (wasap and telegram)...and leave open sessions.
For the safety of the (real) user, when providing the cell phone number, there would be no problem. The risk is the same as providing the email, the vast majority of cell phone numbers are linked to an email, to use this as a backup for the contact book...if a hacker accesses the email, he accesses the contact book phone numbers scheduled on the phone too
I think that is why certain operations use (to corroborate identity) a text message... but it is paid