Running version 3.8.9 and suddenly, in the past 24 hours, we have been hit by a heap of spammers who appear to be bypassing the question and answer method we use as our human interface checks. I have deleted the old questions and replaced them with new ones, but they are still getting past.

I checked Stop Forum Spam and the IP addresses, all different, aren't showing up there, so it seems we are the only ones being targeted.

Has this happened to anyone else in the past day or so? Does anyone have a solution? I'm happy to install reCAPTCHA if there's a good chance that will solve the problem, but if they're getting past the questions and answer method, is it probable that they can get past any of the installed human interface barriers?