I hadn't been worrying much about comment spam recently as I had been banning it successfully in my .htaccess rules as every access attempt had a spammish referrer link.
Once past the .htaccess block they found a bug in my comment captch mod: by just posting without doing a prior read of the page the session was not being set up. I've modified the captcha code to cope with this. Note that this is still Drupal 4.5.1, I haven't upgraded to 4.5.2 yet.
Peter's Moblog
