Yes, it can be stopped.
Because phpBB is so popular, all of the registration requirements are well known to the hackers, and they write “bots” that can register on any phpBB forum. The key to keeping them away is to have a unique registration question that the automated bots will not be able to get past. I’ve done it on several phpBB forums, and it stops all of the automated spam.
On the registration page, you need to have a question that will only appear on this site … something like “Type the first word of the phrase ‘Firefly Media Server’ is the box at right”. Humans will be able to do that, so you can still have human spammers, but not the automated bots.
I’d be happy to implement it for the mods, but they will have to send me a couple of their phpBB files (I don’t need to log onto the Admin section or anything like that; they would have to get the files from their install via FTP, email them to me, I would edit them and email them back, and then they have to FTP them back up to the site.)