Reinstalling SMF without being hacked

[NormandP]

My prior installation of SMF (version 1.1.16 or 1.1.17) was hacked.  I ended up with thousands of invalid users, spams, etc..  I remove the forum for several weeks and found that there was some security risks with this version, so I installed the latest version (2.x).   I immediately tried to set conditions that would prevent people from creating accounts automatically, by requesting email confirmation, etc. but two hours after my forum was back online, I had 50 new users (one one of them being a valid user). All the other accounts were fake (similar) names.

How can I prevent this from happening?  Is there any option I should set to prevent the creation of those fake accounts?

Normand P.

[JohnS]

Have you added verification questions in the anti spam area ( Admin>>Configuration>>Security & Moderation>>Anti Spam.)

I find that gets rid of most. Try and use questions that will be simple for your users to answer but difficult for robots to guess.

Just having email verification on will not stop them as they are set up to automatically handle that.

Blocking IP's is a bit of a waste of time unless you find a block that is worse that others for hacking.

If that does not stop it then you will have to look to some of the add ons to improve security, though so far I have not found need to use anything else.