Sometime we have an attack of spam (post comments on forum) we use antispam module and capcha (It will be great to have also in comments).

We have noticed that in parallel appear some permissions in blank.

How we can block the table of permissions?
Who can update this table?
There is a script that can modify this table?
What happen with sub-domains?
can the multi-sites, sharing other tables, update the MAIN common permissions table?
There is a security alert?
What are your recommendations?