Hello!
Currently I am running a webstore in which all frontend customer registration is disabled. All links to registration are hidden and removed, and even if one tries to access
/customer/account/create/
they get rerouted via a htaccess redirect.
That said, recently, there has been some unintended and unauthorized customer registrations, which appear to be from a script of some sort, in which creates a random customer to a random email, along with the username being a long Chinese writing ending with a link that goes to a casino page.
Checking the admin accounts audits and what not, it doesn't appear they have gained direct access or used it at least for the creation of these customers, and soon as the customer gets deleted, very soon will another one be added. I have also looked into a lot of the core files for Magento which I have not spotted anything suspicious.
Any ideas what could be the cause here? Or how I could possibly truly disable any way of creating a customer that is not done manually from the backend admin? Thanks!