This past weekend I had a big attack on my site, I had over 15,000 users/ sites created on my WP multisite.
I did install couple of anti-spam plugins and I have latest version of WP.
After that attack I have disabled registration and I even removed the wp-signup.php file, and I still get registrations. How is this possible without wp-signup.php file? What am I missing? How can I stop the SPAM registrations?