Got hit by the same guy, using IP out of Spain
IP Address: 37.247.121.196
Host: ns1.nuevosdominiosweb.org
Honestly wouldn't a simple solution to be able to ban certain addresses as you can IP addresses?
or
AES_ENCRYPT(1,1) gets put in to the address 1or 2, City or State and the system kicks back not allowing it.
Until there is fix for this we are simply not allowing address changes and have informed clients such changes will be submitted to Billing in a support ticket.
For as long as this has been going on WHMCS should have thought of something so simple and implemented the solution.
By the way you know these people trying this hack are watching this thread.