I have a blog that uses a captcha to verify comments. I have tested the captcha with the usual sql injection and incorrect details and it does not post a comment. It gives an error message as expected.
The problem is that I am getting loads of spam comments added to my site :-( Is there something I am missing or is this the results of human entry? Is there anything I can do to stop this from happening?