What you can try to do is replace
$secure_image .= '<img src="'.get_gallery_image("captcha".substr($prevent_code,$i,1).".gif").'" border="0" alt="" />';
with:
$secure_image .= '<img src="'.$site_sess->url(ROOT_PATH."securecode.php?id=".($i+1)."&".time()).'" border="0" alt="" />';
(look in the original tutorial to find that line)
Then create a new file
securecode.php in your 4images root with this code inside:
<?php
$nozip = $fast = 1;
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$file = get_gallery_image("spacer.gif");//image which will be used if something went wrong.
if ($id > 0 && $id < 7 && $comment_code = stripslashes($site_sess->get_session_var('comment_code')))
{
$file = get_gallery_image("captcha".substr($comment_code,$id-1,1).".gif");
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // turn off caching
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: pre-check=0, post-check=0, max-age=0"); // HTTP/1.1
header("Cache-Control: no-cache, must-revalidate");
header("Content-Transfer-Encoding: none");
header("Content-Type: image/gif");
header("Content-Length: ".filesize($file));
readfile($file);
?>
And finaly, in guestbook_form.html and comment_form.html templates replace
<noscript>
<table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
</noscript>
<script type="text/javascript">
function spamcode () {
var spamy = {prevent_code};
document.getElementsByName("prevent_code")[0].value = spamy;
}
document.write('<input type="hidden" name="prevent_code" value="0" \/>');
</script>
With:
<table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
<script type="text/javascript">
function spamcode () {
}
</script>
I suspect is because of that javascript code the bots "learned" how to go around the security code.
I havent tested it, so be first