Someone dumping emails into my database

By the thousands. I know how to get rid of them but not how to separate them from legitimate subscribers. Suggestions for stopping it?

@FMW2 Have these been added through the subscribe page? You could try blocking that at the web server level by adding a mod rewrite rule to a .htaccess file.

Or try one of the captcha plugins, see plugins:start [phpList Resources]

I have no idea where they originate or how they get into the database. I can’t imagine that someone puts 7000 email addresses one at a time. I assume I’ve been hacked and someone appends them to the database. I don’t have many answers. Could it be as easy as changing a password. If so, how do I do that?