Well - what I suspected to happen, happened. In fact, in 24hours, I had 6 Bot-Login requests coming through.

I don't know, if valid/real requests had been made here though.
From the submitted E-Mail Addresses, I do think that these are Bots.

Seems I'll have to add a possibility to identify living human brains somehow. Note that the system requests the User to validate his request. he is being sent a link to activate. If he does not do it - even the admin can not unlock the account. So - the Bot-detection is plain simple, and works already. Only that I didn't expect to have such a high number of account requests to come through.
Only - how will I do this ? There are many ways out there - and IMHO - I think I will just deactivate the Creat-login option, and if someone wants to have a login, I'll add it myself (as a Site-Admin).