MF reported a bunch of spam submissions through the "register for a teacher's password" form on http://canadianmysteries.ca/teachers/login/indexen.php There was a javascript function that was supposed to be invoked onSubmit, but from what I could see, the js file (jscripts.js) was not included, so the invocation obviously would fail, and that must be treated the same as returning true, because the action does happen successfully. I also noticed that there are two forms on the register page, and each of them had an email field. That became apparent when I successfully invoked the javascript check function and got an unexpected error. So I renamed/re-id'd the email field in the login form to loginEmail and made necessary modifications to js and php code that relies on that element's name or id. Finally, as a test I added a form element mathsum, into which the user would have to put the value of a simple math question posed on the form. I don't know if implementing that will do any good at all, but I'm not going go to proceed any further unless MF reports that the other modifications have not helped reduce the spam submissions