In keeping with the theme of reinventing the wheel and writing everything from scratch on this site, I created my own CAPTCHA solution several years ago to prevent spambots from emailing me via the contact form on the home page. It's fairly simple, but since it's completely unique to my site, I figured there's no way anybody would bother taking the time to write a bot just to solve my little custom CAPTCHA.
It seemed to be working fine. Every once in awhile I'd get some spam, but I suspect the spammers were actually paying some poor schmuck to fill out the CAPTCHA form manually. Not a big deal - a CAPTCHA isn't going to stop a real person.
But this week I started getting a series of test messages, identifying as “XRumerTest”. A quick Google search reveals that XRumer is an advanced spambot capable of solving basic AI-based CAPTCHAs such as mine. These were clearly test messages, and not actually spam attempts, but they were clearly sent by a spambot which had solved my CAPTCHA.
What interesting times we live in. Anyway, it recently came to my attention that Google's re:CAPTCHA has gotten less obnoxious to use, and I've implemented the older version of it before without any trouble, so I've switchd to that.