I am not sure how they can be getting in as it look secure - captcha and validaited email address.
Maybe the only way is to manual approve all new registration. you can usually spot the dodgy email address or name, maybe a simple "why do you want to join question" too.
Also I now have no admin access so can't delete anything or do any changes.
John
The administrator has disabled public write access.