The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.
The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.
Edit: If you don't think this is an issue I urge you to Google "pokemon go belgium ip ban" for a fun rabbit hole.
You quickly run into the same kinds of problems you do in v4 though; most users have access to a shared pool of addresses, and you may need to ban the whole pool to ban an abuser, but then you also ban everyone else in that pool, and the abuser is more likely to have ability and motivation to use other pools.
It's better if you have multiple factors... if you don't like the IP, don't ban it, but be stricter on other measures, etc. So a well behaved client from a 'bad ip' can still play, but enough suspicious things and you can't play anymore.