Spammers are smarter than they used to be
A friendly internet denizen contacted me about epic buttons of spam on one of our news pages.
Sadly, the registration requiring email activation is no longer sufficient, as the spam bots have email accounts. Not surprising.
So the only solution for chiliproject, sadly (as well as most other things, including the wiki we're using) is to set up manual account activation.
Perhaps one day, I can work out a much better, much more integrated authentication framework using LDAP as the backend and tie in all the items into one account, and activate them more smarter.
Until then, sorry :(