go to the flagmecommand.cs or whatever it's called and check the packet.popstring[0:2]. If it contains MOD then when they click Ok simply return a sendwhisper saying that they can not name themselves that, and return; before changeusernamecomposer packet header gets called.
as far as registering just find the register function in the CMS and do something the same.
There's a function in RevCMS in class.users that's named something with Valid. In the if statement check if the username contains the banned keys. Here's an example: if (strpos($username, 'MOD') !== false)