Having recently cleaned out all my comment spam from Gallery2, I’ve been wondering how it got there in the first place. In order for non-authenticated users to leave a comment, they must first answer a Captcha. Having tested it’s working correctly, I’m forced to conclude that somebody has a bot that can successfully read and reply to the Gallery2 Captchas.
As of this time, I can’t find any information on replacing the Captcha images with other versions. Obviously if all Gallery2 users have identical Captchas then it’s well worth the spammers time and effort to automatically handle them. There are after all only 10 possible digits. If anyone has info on replacing the stock captcha set with others, I’d be pleased to hear about it.