Hacking Attempt

Periodically, I get a raft of user registrations made by bots. They come in waves. with a few months between attempts. The username and full name are random, solid strings of uppercase and lowercase letters and nothing else. There are always two entries for each email address.

My guess is that they’re trying to crack the code sent in the registration email that lets Subscribe (or Register) identify the user it came from. If they were successful, all they could do is activate an existing front-end user, unless I’m missing something. And they could easily do that just by replying to the email.

Is anyone else seeing this?
Any other ideas about what they’re up to?

Nothing sensitive goes into creating the code with Subscribe (unlike Register which uses the username).