depends ..

if you can take a look at your apache logs and see that they are accessing your register.php without coming from your site first, you can send a 403 via your .htaccess

ideally, no-one should be accessing that page without the referer being your own domain.

Of course, they may be sending that referer in which case, its a moot point.

Another quick and dirty solution is to rename login.php and adjust any references to it accordingly.

--
These are, of course, rough solutions, and someone else might have a more plugin-ish solution.

Is it one person, does he create the account from the same IP (check backoffice -> Users). If so you can block the IP in .htaccess.

Is it a person? That should be the first question, or is it a bot, as far as you can see. The [url=http://manual.b2evolution.net/Plugins/captcha_img_plugin]Captcha Image plugin[/url] works on the registration form, if you haven't got that one installed, it's a recommendation.

In the settings (backoffice -> App settings -> General) you can make them validate their email, but I am not sure whether or not you need to enter a valid email at all at registration.

I hope I gave you some leads to a solution.

Good luck

Adding this to your .htaccess will restrict both the registration and comments forms from being accessed from outside the blog...

# Restriction to call registration/comments forms locally
RewriteCond %{HTTP_REFERER} !^http://www.yourblogdomain.com/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*register\.php$ [OR]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

Thanks to whoo for double-checking my syntax.

jj.

actually .. I was testing MY syntax ; Ive advocated doing that for 2 plus years :) and provided the code in several places.

Reposts are always welcome though :)

Excellent, thanks for those ideas, I shall give them a go and see how they work out.

Cheers!