Support

You can never completely defeat spam registrations. Spammers hire actual people to solve CAPTCHAs and fill out registration forms manually for a pittance; think about a pence for every ten forms filled / CAPTCHAs solved. You can, however, reduce their impact on you.

(Note that unpublishing the user registration form does not, in fact, make any difference. Anyone can access Joomla!'s user registration form by visiting index.php?option=com_users&view=registration on a site which allows user registration.)

The first thing you could do is to of course set up a CAPTCHA, which is part of Joomla!, which will inevitably cut down most of the spam registrations coming from bots.

The second thing you could do is enable the self-validation of user registration. The vast majority of spam registrations use fictitious email addresses, or just don't care to check their email, thereby having their newly minted user account remain inactive. This is also part of Joomla! itself.

This is where Admin Tools comes in.

You can automatically remove user accounts which have been created but never activated and used a certain amount of time after their creation. Typically 7 to 14 days is enough to give legitimate users adequate time and get rid of inert spam registrations.

You can also use the Project HoneyPot HTTP:BL integration to get rid of some of the most egregious offenders, blocking them off your site before they even have the chance to see the user registration form.

Also note that if you have third party extensions which allow users to create a user account this might not be enough. Third party extensions may of course bypass all of the Joomla built-in and Admin Tools protections, allowing unchecked user registrations by spammers.