I've been seeing what appears to be a denial of service attack by flooding my website with registrations. The vbStopForumSpam log shows a bot doing "allowed registration" every 3 seconds.

Are there any products out there which can block people from trying to flood registrations?

And if not, are there any products out there that can block e-mail domains from attempting to register? I know this is a weak countermeasure since all they have to do is change the domain they're attempting to register with but thus far the bot they're using appears to only use one domain for the registration e-mail address.

Are they always coming from the same ip, so that you could ban it?

Yes and no - the flood of registrations every 3 seconds is under the same IP address and I just IP banned the most recent flood, but about 12 hours ago they flooded the site and had a different IP address.

Unfortunately they also appear to be using clean e-mail addresses and IP addresses as the StopForumSpam database is showing "Allowed registration" for each of the thousands of attempts.. They're not actually registering an account, so I'm guessing they're cancelling the registration right before the "Submit" function.

There are a couple of mods that would block automatic registrations based on time taken to fill out the form, but if they're not actually registering then i don't see what good it would do for you. Isn't the registration only one page? So if SFS is being consulted wouldn't that mean they would have submitted the form? Maybe there's some other error that's stopping them from completing registration (like the form is not filled out correctly).

Yeah - maybe they're leaving something blank or failing the captcha? SFS is querying to see if their information is in the SFS database so they must be getting so far in the registration process.

As a fix for now, I IP banned a little over 22 "spammer" countries so hopefully that should help.