My favorite book around that age was Dogsbody http://en.wikipedia.org/wiki/Dogsbody_(novel), by Diana Wynne Jones. It's got a litle sci-fi, animals, villains, and one of those tear-jerking endings that will haunt you forever.

There are a variety of low-tech techniques that can be more effective than using Captchas or even "security questions", especially when you mix and match. You don't have to annoy your legitimate users, or make them jump through hoops. One trick is to include a "honeypot input" in your form. Give it a tantalizing name attribute such as "username", give it visibility of "hidden" (with CSS from a style-sheet), and when validating your form simply check to see if any values have been entered. If it's non-empty, it's a bot. On my own site, I load my form into the page via an AJAX call, which means that there is no reference to "registration", "form", "username", or any of the other tokens in the page source that a bot is looking for. Bots may be sophisticated enough to figure out Captchas, but they haven't progressed to the point that they can parse, comprehend, and execute javascript. If a bot ever arises that can thwart both of these techniques used in tandem, it'll be too busy amassing a robot army to bother with your silly little site.