Originally Posted by cerberuscoins
....I disabled my store for a week to stop this but within a few hours of reopening my store they had submitted 3 more user registrations and it will continue to happen
If you've got full (root) access in your hosting package / setup, then do it outside of X-Cart at Server Level with blocks enabled via IP Tables and/or Apache and/or Nginx.
If you don't have full (root) access, then maybe easiest to do via your hosting company's help desk / support package.
All of the offending
IPv4 and/or IPv6 addresses are recorded in your logs (Server and X-Cart)