Andy,
Not to reflect this from JFBConnect, but it's most likely not JFBConnect. We don't alter or have any effect on 'normal' user registrations, which is what's occurring on the page you reference for Create-an-account.html.
With that said, we've been the target of spam accounts in the past. Once you get on the invisible "has open registration list", it's impossible to get off, but not so difficult to lockdown and prevent the spammy accounts. You'll definitely want to add some verification or automation to your registration process to prevent the bogus accounts from being created. That will reduce load on your server as there's less processing to do and, eventually (a long time) start to slow them from being created at all.
For some background, the reason the accounts are generally created in the first place is so that they can place a link to some website in their profile. That's done for SEO purposes so that the site that's paying the spammers possibly gets higher rankings in search engines. It's also 'bad' for your site as your site is linking to a lot of low quality sites. I couldn't find a user-listing page on your site to check, but if you go to K2 in the admin area and look at user 'profiles', you'll likely see a lot of garbage links in the About Me and Website fields.
So, with that, there's a few things to do to prevent this stuff, in order of difficulty:
Disable user registrations entirely
If registrations are important to your site, this obviously isn't possible. But, if you don't need 'users' to login on your site, you can disable registrations altogether. From a quick look, I saw FB Comments, but those can be done without actually logging into your site. It's possible there are great reasons for registering, so don't take this as a 'must' if it's not feasible.
Remove the "About Me" and "Website" fields
These are configurable in K2 and simply removing them will help new accounts to not even be able to fill in these spam-able fields.
Enable Joomla Captcha
While not a perfect solution, a little bit of a stumbling block never hurts. Most of the accounts being created are probably from real people paid to create thousands a day on different websites, so this probably won't have a huge impact.
Enable Email or Admin Activation
Both are simple to enable in Joomla, and prevents accounts from logging in, but usually, the profile of blocked account is still visible. It's also a hassle. The nice thing for email validation is that every month or so, you can simply delete all the accounts that haven't validated their email address. Doesn't stop the problem, but helps keep your user manager tidier.
Use a IP/email validator
There are plugins which will check the IP and email address to see if it's known to be spammy and prevent the account from being created. I don't have any good recommendations for what to use on Joomla 2.5 as the one we use (for J1.5) doesn't work on J2.5.. something we're investigating now as we'll be upgrading soon. You can see a list of validators (free and for-pay) on the pages below:
extensions.joomla.org/extensions/access-...ntication-management
extensions.joomla.org/extensions/access-...rity/spam-protection
Hope that all helps explain and diagnose the problem. Removing the spammy accounts is likely a good idea too, but something to do after you stop them from being created in the first place.
Going back to JFBConnect, again, I don't think the problem is from us. If you have more details on why you think we're being a resource hog, we'll gladly help. The above definitely still applies regardless though.
Thanks,
Alex
Runaway Resource Usage
