Good afternoon, colleagues.
Some time on the site Bitrix 15.6.8 began to appear fake users generated by bots. Viewing the results revealed the trouble that the standard captcha, it seems, has a problem with security. Once is enough to look at the captcha and constantly expose to the form and captcha_word captcha_code. Because the password is not changed for each captcha separately, then the attacker can easily quickly sasamat website substituting these two fields to valid in advance.
Now I just change the password in a captcha once a day, but I would like to do for each captcha your password. For example adding to the current password captcha autogermana "salt" (like "QWERT"), which pass through the form parameter.
Maybe someone have ideas on this score?