Fake users ojs

we used version and we have thousands of fake users in journal website, in spite of CAPTCHA (see below) and account verification (Even those who have not received an e-mail with a validation request - the mail returns as undeliverable)!!

; Whether or not to enable Captcha features
captcha = on

; Whether or not to use Captcha on user registration
captcha_on_register = on

; Whether or not to use Captcha on user comments
captcha_on_comments = on

; Whether or not to use Captcha on notification mailing list registration
captcha_on_mailinglist = on

; Font location for font to use in Captcha images
font_location = /usr/share/fonts/truetype/freefont/FreeSerif.ttf

; Whether to use reCaptcha instead of default Captcha
recaptcha = on

; Public key for reCaptcha (see http://www.google.com/recaptcha)
recaptcha_public_key = xxxxyyyyzzzz

; Private key for reCaptcha (see http://www.google.com/recaptcha)
recaptcha_private_key = xxxxyyyyzzzz

; If enabled, email addresses must be validated before login is possible.
require_validation = On

; Maximum number of days before an unvalidated account expires and is deleted
validation_timeout = 1

How do we stop this?