The registration is commonly made by robots who look at the right form fields. firstname, lastname , email etcetera. I had this problem too the last weeks of fake accounts exactly as mentiont earlyer. I did the following to trick them;   1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="") 2 rename the original firstname field with a newname ( name ="newfirstname")  + change :  $firstname = tep_db_prepare_input($_POST[newfirstname']); 3 make a rule to give an error when the formfield fistname is being filled up by the robot and place it  in the top somewhere between the other fom check codes:  if(!empty($_POST['firstname'])) {
  $error = true;
 }   Finished. i can see in the server logs that the robot has been trying but could not make an account. for now this is working for me. i hope i could help with this .