Need to find out from File_Girl. She doesn't visit the forum that often these days. Last time in December I think.
I'd request an auto-block of port 7001. These seem to be the most common bots programmed to fill people's upload slots. The ones I'm aware of are on the Hostiles list.
Are you using the
Hostiles Security blocklist?
(This version only works with LW 4 or 5/LPE.)
As we know, the last two numbers of the user ID is 'usually' the last two numbers of their ip address. I found 3 with that last series of numbers in the hostiles.
Are you using LPE or LW 5.3.6? I think with 5.3.6 you 'might' be able to right-click the host that's uploading & get information on that host. The ip address for transfers was dropped from this window either in 5.3 or 5.4 or 5.5. (They said they dropped it for privacy reasons of the hosts. Not forgetting they were under court pressure & made some changes they did not wish to over a couple of years.)
AFAIK the console log only logs the present session. And only logs what you ask it to log. You can save the log at end of a session or a time period, but need to do that manually.
BTW even in the non-Japanese blocklist, that ip range is blocked because it was so full of bad hosts. AaronWalkhouse had this range blocked by 12 June 2011, even before I adopted the Hostiles to keep up to date. ie: 220.150.0.0/16 or 220.150.0.0/255.255.0.0 in the original notation. If you don't wish to use the Security Hostiles blocklist, then you can simply add 220.150.0.0/16 to your ip filter.
I remember I always had issues with hosts in the 220.x.x.x range a few years back & used to manually block them. The majority of the trouble-some ones were usually from Japan, USA or Australia. That specific ip range 220.150. is Japanese. Japan uses about 108-109 out of 255 possible 2nd tier ranges in the 220.x. range. Some are static, some dynamic.