diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 67a3b403..793e6b5f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -7,6 +7,7 @@ Changelog
 - FontAwesome 5.12.1 support
 - Mermaid 8.4.8 support
 - clipboard.js updated to v2.0.6
+- fix for spam protection with invisible_captcha
 
 2.0.23
 ++++++
diff --git a/app/overrides/account/register.rb b/app/overrides/account/register.rb
index 3f804be5..995abf8e 100644
--- a/app/overrides/account/register.rb
+++ b/app/overrides/account/register.rb
@@ -1,5 +1,7 @@
-Deface::Override.new virtual_path: 'account/register',
-                     name: 'add-invisble-captcha',
-                     insert_top: 'div.box',
-                     original: 'e64d82c46cc3322e4d953aa119d1e71e81854158',
-                     partial: 'account/invisible_captcha'
+Deface::Override.new(
+  virtual_path: 'account/register',
+  name: 'add-invisble-captcha',
+  insert_top: 'div.box',
+  original: Redmine::VERSION.to_s >= '4.1' ? 'a9c303821376a8d83cba32654629d71cc3926a1d' : 'e64d82c46cc3322e4d953aa119d1e71e81854158',
+  partial: 'account/invisible_captcha'
+)
diff --git a/app/views/account/_invisible_captcha.html.slim b/app/views/account/_invisible_captcha.html.slim
index 0c9c4908..e22a9418 100644
--- a/app/views/account/_invisible_captcha.html.slim
+++ b/app/views/account/_invisible_captcha.html.slim
@@ -1,2 +1,2 @@
 - if Additionals.setting?(:invisible_captcha)
-  = invisible_captcha
+  = f.invisible_captcha :url, autocomplete: 'off'
diff --git a/lib/additionals/patches/account_controller_patch.rb b/lib/additionals/patches/account_controller_patch.rb
index b47d5774..dbfc30de 100644
--- a/lib/additionals/patches/account_controller_patch.rb
+++ b/lib/additionals/patches/account_controller_patch.rb
@@ -2,8 +2,22 @@ module Additionals
   module Patches
     module AccountControllerPatch
       def self.included(base)
+        base.send(:include, InstanceMethods)
         base.class_eval do
-          invisible_captcha only: [:register] if Additionals.setting?(:invisible_captcha)
+          invisible_captcha(only: [:register], on_timestamp_spam: :timestamp_spam_check) if Additionals.setting?(:invisible_captcha)
+        end
+      end
+      module InstanceMethods
+        # required because invisible_captcha uses root_path, which is not available for Redmine
+        def timestamp_spam_check
+          # redmine uses same action for _GET and _POST
+          return unless request.post?
+
+          if respond_to?(:redirect_back)
+            redirect_back(fallback_location: home_url, flash: { error: InvisibleCaptcha.timestamp_error_message })
+          else
+            redirect_to :back, flash: { error: InvisibleCaptcha.timestamp_error_message }
+          end
         end
       end
     end