I went out of town for the weekend, and decided to delete the wp-signup.php file to prevent any spammers from signing up while I was gone. I deleted it Thursday night.
Someone managed to sign up yesterday anyway. I checked the registration time, it was around 5am yesterday morning. And it was a spammer, the type that post the title spam.
How can someone sign up without a signup page? Is there a way to prevent this, possibly by requiring referrers from a certain page?