This has happened three times on my Drupal sites (hosted by Godaddy). These are all test sites that I have created for myself as I learn my way around Drupal. Bogus users with names like "finder7x" appear in my users list. Sometimes (LOTS of) bogus content appears, sometimes bogus comments. In one case, so much content was created that I got a warning from Godaddy about the database exceeding their size limits. I know very little about hacking, but it appears that a machine, not a person, is creating all of this stuff. At first I thought it as a Drupal 6 issue, as it had not occurred on my Drupal 7 site.
Then yesterday, I added a brand new virgin untouched Drupal 7.17 installation to one of my test domains. Within 10 minutes, I got an email notification that "finder7x" would like to register. I played with some user/permission settings and, at this point, the potential "users" do not appear on my user list... but I have received EIGHT requests from various "users" requesting registration approval in less than 24 hours.
Does anyone else have this problem? Any explanation? Any way to prevent this? Godaddy was no help.
Here's the email I get ("sender" is the address I used as admin contact when I requested that Godaddy install Drupal 7.17):
finder7x has applied for an account.
(clicking on the link gets a PAGE NOT FOUND error)