40 email span letters in wholesale reg form with captcha

Hi Shamim, yestarday I had this problem:
I got about 40 email letters from one email address
https://prnt.sc/ydyrrt
in last message i see try inplement in website sql injection:
(select(0)from(select(sleep(15)))v)/*\’+(select(0)from(select(sleep(15)))v)+\’\”+(select(0)from(select(sleep(15)))v)+\”*/
0\”XOR(if(now()=sysdate(),sleep(15),0))XOR\”Z
0\’XOR(if(now()=sysdate(),sleep(15),0))XOR\’Z
if(now()=sysdate(),sleep(15),0)
– there is part of it

Why did I get this problem, because I have the captcha installed? https://prnt.sc/ybgsgd
What can I do to prevent this happening again?

Thanks, Sergey

The page I need help with: [log in to see the link]