we used version 2.4.8.0. and we have thousands of fake users in journal website, in spite of CAPTCHA (see below) and account verification (Even those who have not received an e-mail with a validation request - the mail returns as undeliverable)!!
; Whether or not to enable Captcha features
captcha = on
; Whether or not to use Captcha on user registration
captcha_on_register = on
; Whether or not to use Captcha on user comments
captcha_on_comments = on
; Whether or not to use Captcha on notification mailing list registration
captcha_on_mailinglist = on
; Font location for font to use in Captcha images
font_location = /usr/share/fonts/truetype/freefont/FreeSerif.ttf
; Whether to use reCaptcha instead of default Captcha
recaptcha = on
; Public key for reCaptcha (see http://www.google.com/recaptcha)
recaptcha_public_key = xxxxyyyyzzzz
; Private key for reCaptcha (see http://www.google.com/recaptcha)
recaptcha_private_key = xxxxyyyyzzzz
; If enabled, email addresses must be validated before login is possible.
require_validation = On
; Maximum number of days before an unvalidated account expires and is deleted
validation_timeout = 1
How do we stop this?