In these days, many spammers are visiting our websites trying to spam our comments pages with robots or even trying to attack the server using SQL injection or javascript xss attacks or trying to upload files in our servers from attackers servers.

The best prevention method is to filter all REQUEST from outside, checking all POSTs and GETs sent to your website. Another thing is to check all variables used on you web , these shound be only in some chars range. For example, if you use for ids integers, this should be always a number.