diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index dbe87e2b..59f5351f 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -11,14 +11,19 @@ $hidden_inputs_twig = array();
 class AntiBot {
 	public $salt, $inputs = array(), $index = 0;
 	
-	public static function randomString($length, $uppercase = false, $special_chars = false) {
+	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
 		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
 		if ($uppercase)
 			$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
 		if ($special_chars)
 			$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
+		if ($unicode_chars) {
+			$len = strlen($chars) / 10;
+			for ($n = 0; $n < $len; $n++)
+				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
+		}
 		
-		$chars = str_split($chars);
+		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
 		
 		$ch = array();
 		
@@ -41,10 +46,10 @@ class AntiBot {
 	}
 	
 	public static function make_confusing($string) {
-		$chars = str_split($string);
+		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
 		
 		foreach ($chars as &$c) {
-			if (rand(0, 2) != 0)
+			if (mt_rand(0, 3) != 0)
 				$c = utf8tohtml($c);
 			else
 				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
@@ -65,13 +70,13 @@ class AntiBot {
 		
 		shuffle($config['spam']['hidden_input_names']);
 		
-		$input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
+		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
 		$hidden_input_names_x = 0;
 		
 		for ($x = 0; $x < $input_count ; $x++) {
-			if ($hidden_input_names_x === false || rand(0, 2) == 0) {
+			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
 				// Use an obscure name
-				$name = $this->randomString(rand(10, 40));
+				$name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
 			} else {
 				// Use a pre-defined confusing name
 				$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
@@ -79,25 +84,33 @@ class AntiBot {
 					$hidden_input_names_x = false;
 			}
 			
-			if (rand(0, 2) == 0) {
+			if (mt_rand(0, 2) == 0) {
 				// Value must be null
 				$this->inputs[$name] = '';
-			} elseif (rand(0, 4) == 0) {
+			} elseif (mt_rand(0, 4) == 0) {
 				// Numeric value
-				$this->inputs[$name] = (string)rand(0, 100);
+				$this->inputs[$name] = (string)mt_rand(0, 100000);
 			} else {
 				// Obscure value
-				$this->inputs[$name] = $this->randomString(rand(5, 100), true, true);
+				$this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
 			}
 		}
 	}
 	
+	public static function space() {
+		if (mt_rand(0, 3) != 0)
+			return ' ';
+		return str_repeat(' ', mt_rand(1, 3));
+	}
+	
 	public function html($count = false) {
 		global $config;
 		
 		$elements = array(
 			'<input type="hidden" name="%name%" value="%value%">',
 			'<input type="hidden" value="%value%" name="%name%">',
+			'<input name="%name%" value="%value%" type="hidden">',
+			'<input value="%value%" name="%name%" type="hidden">',
 			'<input style="display:none" type="text" name="%name%" value="%value%">',
 			'<input style="display:none" type="text" value="%value%" name="%name%">',
 			'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
@@ -110,7 +123,7 @@ class AntiBot {
 		$html = '';
 		
 		if ($count === false) {
-			$count = rand(1, count($this->inputs) / 15);
+			$count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
 		}
 		
 		if ($count === true) {
@@ -125,6 +138,9 @@ class AntiBot {
 			$element = false;
 			while (!$element) {
 				$element = $elements[array_rand($elements)];
+				$element = str_replace(' ', self::space(), $element);
+				if (mt_rand(0, 5) == 0)
+					$element = str_replace('>', self::space() . '>', $element);
 				if (strpos($element, 'textarea') !== false && $value == '') {
 					// There have been some issues with mobile web browsers and empty <textarea>'s.
 					$element = false;
@@ -133,7 +149,7 @@ class AntiBot {
 			
 			$element = str_replace('%name%', utf8tohtml($name), $element);
 			
-			if (rand(0, 2) == 0)
+			if (mt_rand(0, 2) == 0)
 				$value = $this->make_confusing($value);
 			else
 				$value = utf8tohtml($value);
diff --git a/inc/config.php b/inc/config.php
index 0eac92b6..84222009 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -232,6 +232,9 @@
 
 	// How soon after regeneration do hashes expire (in seconds)?
 	$config['spam']['hidden_inputs_expire'] = 60 * 60 * 3; // three hours
+	
+	// Whether to use Unicode characters in hidden input names and values.
+	$config['spam']['unicode'] = true;
 
 	// These are fields used to confuse the bots. Make sure they aren't actually used by Tinyboard, or it won't work.
 	$config['spam']['hidden_input_names'] = array(