I have one suggestion. If it's done by any web bots, we can implement Google reCaptcha in Login and registration page. That will help to avoid bot registration and login. But it's not 100% effective, because in the market lot of paid API's available for break the Google reCaptcha.
If you have any free time, please discuss the same with @arttuaa he can take the right decision
9 Ways to Eliminate Spam in Your Community Forum - An article by Vanilla