The current capture mod does not seem to work very well for me. I think it’s because the forms that are filled in are not done on the website, but by an automated program "POST"ing remotely, directly to the cart, avoiding th CAPTCHA stuff altogether.
Is there a way to spot if a form data has come from somewhere other than the same website? Is there some APACHE directive for this? Checking the referring URL maybe?
Alternatively, do you think that a random number hash, based on the date&time, can be put into an invisible form field (along with the CATPCHA mod), and then checked in the form processing code.
If it’s automatically posting can’t you make it available only from ‘localhost’ considering I doubt you’ld be wanting your competitors using the same said form?