I've got latest version of your plugin installed and it works, users have to solve the equation to post the comment. However I still see that some spammers pass the protection.
In apache logs I see that the use direct POST, for example:
184.108.40.206 - - [19/Oct/2013:16:26:27 +0200] "POST /wp-comments-post.php HTTP/1.0"
Could you please advise how to stop such a spam? Maybe you are already working for the solution in your plugin?