1. Ignore the CAPTCHA and submit.
2. Go back, enter "undefined" in the CAPTCHA field and submit again.
Good catch! How did you find this?
attached patch should fix it
changing version to trigger test bot (hopefully)
I was wondering how many of the failed attempts were likely caused by human error as opposed to blocked spammers, and I noticed this in the dblog
comment_form post blocked by CAPTCHA module: challenge "Image" (by module "image_captcha"), user answered "", but the solution was "undefined".
comment_form post blocked by CAPTCHA module: challenge "Image" (by module "image_captcha"), user answered "undefined", but the solution was "50af097255a6807dde16121aa7c05c36".
I think it's best to commit the patch from #1 already.
You have a point about having more information about session reuse attacks in the log, but I think this fits nicely in this feature request of you: #998326: Separate log of wrong and empty responses
committed (D6): http://drupal.org/cvs?commit=466592
to be ported to D7 version
ported and committed to D7:http://drupal.org/cvs?commit=470928
Automatically closed -- issue fixed for 2 weeks with no activity.
Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.
Drupal is a registered trademark of Dries Buytaert.