Maybe a combination with the text recognition/matching textbox/dropbox idea... Or just pick the one with the least hassle. I honestly think having one of those funky auth code images, then having a box that says, "Input the code in the image into this box", and finally a dropbox that says, "Pick the image with the same code as the first image." Randomize the dropbox order and image/code generation and make it before and after the actual registration forum and bot presence will probably drop a whole damn lot.
If we add the "pick the image with the same code" or the "input the code" box to make a post or thread, then the probability of them being able to get in and annoy us drops further. It introduces hassle to the bots while not introducing much hassle to the actual humans who want to register. It's meant to be fast, random, and secure. Having a broadcast code might cost the botters some extra bandwidth, but if they're an ad corporation then I doubt they'll care. They might even have a way around those sorts of things. They're also likely to have a way around the dual auth code idea but I doubt it will be as effective if the code and images are random and hard for image recognition softwares to decipher the text from. It would take a lot more than two page requests of time/bandwidth to solve the system I propose, and it won't require new arrivals to look for a code. If you tell people to look for a code, too, they might just say, "Screw that, I'll do it later" and end up not registering at all.
I mean, if we have a code and it's meant to tax the bots, then we can't openly display a link for the code. If there is already a method to get past that, which there might be (search for link, go to link, search for likely codes and test them, repeat as needed) then it might not be as taxing as you think. If they are an ad company then they probably have a deep pool of resources to draw from as they would need to figure in fluctuation in bandwidth usage and possible overages. They probably also figure that into what they charge the companies purchasing their surfaces. If this is an attack then, depending on how pissed/stupid/mean they are, they might not care about a few extra clicks or page requests. It might stop them and then again it might not.
On the other hand, that idea does benefit because it requires little coding and such. While it is equal hassle for bot and human alike to register, it does have a strong point in its ease to code. I do think, however, than we might be able to obtain code for code and image generation. Possibly even for the drop-box and the code input portions. If we splice them together or modify the code input portion a bit to act as the drop-box portion of the auth, then we reduce the amount of coding that needs to be done. The name of the image file would also have to be a completely random string of characters. Some auth systems seem to name the images something based on the code and bots may be able to use that to get in. A random and arbitrary naming system would waste bot resources and time, which is very precious to botters. More importantly, each registration would cost them this time. Same with each post and thread creation. Their business is to make many, many, many advertisements in many, many, many forums at an extremely fast rate in order to maximize profits. If we cost them time and bandwidth, we can not only block them from entrance in some/most cases, we can also deter them from even trying to crack the system we have in place.
It would be very excellent if the system we have in place is even incapable of being deciphered or cracked from outside of the server. Then they'd have to actually hack and steal the system we use to figure out how to beat it, in which case we could just modify code generation to completely nullify their attempts yet again. This would then also give us legal leverage as we could sue or even just prosecute against them for such attack. It would be a supreme risk of time, profit, and the business itself to try to crack a system like that.
A server-side code gen device (generate something like a random many, many, many character code that is deposited into a text file that the auth code generator reads and uses random sections of in order to generate a code) would be an act of sheer brilliance, I think. It would be an ultimate randomization and adaptability for the system. Not only could it resist cracking attempts and deter botters, it could also simply change it's code generation technique and style every week or so, nullifying all past attempts to crack it.
Of course, a system like this would be very, very precious and awesome to every forum plagued by adbots. That is, if it works. We could possibly be doing a community service! Even if the botters got a copy of the system, it wouldn't do they any good because the random code gen server side could generate it's many, many digit code from several sources based solely on things that are machine-dependent and variable. Maybe one time it uses core temp and fan speed? I don't know, but it would maximize possible security with an auth code, I think. Also, even if they could somehow magically crack that, having the super-long code would do no good as the web-side code gen uses a random section of that super-long code (random number of chars would be good, too) in order to generate the auth code.
I think it would be a very effective and paranoid way to protect any sort of forum. With testing and such it could quite possibly evolve into the ultimate forum protection system. At least that is what I think.