Bit complicated - I paid someone to build me a website which allows visitors to the site to fill in a form which then comes to me in the form of an email and to an 'admin' area of my site for me to check and upload on to the site if OK. Moved to another company to help me run the site (long story)and he has redesigned the site a bit at my request. Now my forms are being attacked daily by spammers. They somehow manage to bypass the CAPTCHA we've put in place. It's v.v. annoying and so time consuming to just delete each one from the system. My guy is scratching his head - he didn't build the form and thought the CAPTCHA would stop it. If I said MYSQL and PHP I think I'd be right, but should I be looking at investing in some heavy-duty security (if there is such a thing!) or what? Any help much appreciated.