Hi Richard
Had a similar problem with one of my sites. Actually DNN 6.2.2 (won't be for much longer)
I used SQL (via Access - but you can use SQL Management Studio or the SQL feature under Host) to set the users to Unauthorised and then use the in built feature in DNN to remove Unauthorised Users.
My personal opinion, is DNN is like Social Media - default is "Open". I now have a default policy to disable Registration as the first function when I build a site.
I had added a new portal to the platform and registration was open, we had a large number of "registrations" and they some how managed to hack the site files targeting a few HTML files and injecting some code (b******s)
My recommendation, unless you actually need people to register disable it, or use authorised registration. Check your site for any HTML files. DNN is database driven so really you should not have any HTML files. The ones I found actually related to a clickable map (no longer used) and also instructions dropped when 3rd party modules are added to the site.
If you do need to have users register, if it doesn't need to be immediate I would be inclined to use a "contact form" to get there request and then use a 3rd Party module to bulk add the users.
NOTE: If DNN 9 has removed the Delete Users / Delete Unauthorised and you delete them yourself with SQL also be aware there are Users and ASPNet_Users
Hope this Helps
If you are not familiar with SQL let me know and I'll post sample SQL Queries
Regards
Dave