When configuring your Drupal site it is important that you configure it in a way that doesn't allow spammers and hackers to take advantage of it.
It is highly reccomended that you do not allow users to sign up for accounts on your website without administrator moderation. Not allowing users to register at all is the best option to set, but if you must allow users to register on the site, then require administrator moderation. This will let the administrator approve or deny access to the website.
Another way to prevent your site from getting exploited, is to check the Anonymous user's permissions. Anonymous is the user account that is used when anyone on the internet accesses your website without logging in. In most cases you should not allowed Anonymous to add, edit, or remove any content. There are times however when you do need Anonymous to create content, such as webforms. In the event that you need anonymous users to submit form entries, then you should use some form of Captcha to prevent automated bots from spamming your form results.