quaker and Mattf, thank you for your comments.
I thought about the spam problem for quite a while and I asked myself
why not going a step further and delegating the whole process of "verifying that you are a human" to an external project/server?
This would free the forum developers from constantly improving the verification system.
Also it would help to keep the size of the forum code small.
The idea is to load the link of a random image together with the answer from a remote server and use both
to verify if the user is a human.
For testing I set up such a solution for my own forum registration page and it works quite well.
You could use it for your TEST-installation right away if you like.
Only register.php and 70_mod_php5.conf need few additional lines.
Here is how it works:
Download the modified register.php and overwrite the existing register.php with it.
Enable allow_url_fopen only for register.php (Gentoo):
vi /etc/apache2/modules.d/70_mod_php5.confAdd
<Location "/forum/register.php">
php_admin_flag allow_url_fopen On
</Location>Restart Apache
Go to the register page of your forum. For every reload a new random images is loaded.
Patch for register.php
Additional lines only
It is not yet hardened of course. For example the hash of the answer is visible to the client.
In a later stage it may be used with one-time links to the images and all data for the answers should be on the server only.