In the Drupal security advisory that was released on August 19th, 2015 Drupal’s security team announced that it solved an SQL injection vulnerability in the Drupal database API.

The security advisory contained the following description of the SQL injection vulnerability:

A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments.

This article shows how you can effectively protect your website against spam-submissions in comments.

In order to improve the interaction with the visitors of this website, I allowed anonymous users to post comments to all published stories. Since feedback is quite low, I enforced administrator approval of all comments to stay in full control.

However, shortly after enabling comments for anonymous users, I received more and more emails telling me that new comments were posted which needed my approval.

CAPTCHA to the rescue!