The default is to let your users in, but "open to the public" suggests you or one of your admins has enabled anonymous access. Is that what you are seeing? People can see your issues in projects without having to log it at all?
If so, take a look at the permission schemes. Look at the "browse project" line, and I think you'll find it includes group:anyone - that needs to be removed.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot