ASIRRA Security by Cats

I had a lot of success recently adding security questions to a community bulletin board to stop bots from registering and attempting to spam the forum. I have the same problem on the flashlight wiki, but it hasn’t gotten out of hand yet. Lately I have been getting one or two bot registrations a day. Just like on the bulletin board, registering doesn’t allow them to post spam, they still have to be confirmed by me to post anything. But I still go in and block them which takes a little time. So I was looking for a way to add security questions like I did for the bulletin board. I like the security questions because they are so easy for users to get correct (unlike the blurry text used in CAPTCHA systems). (To be fair, ReCAPTCHA, where you enter two blurry words, does have a practical purpose in helping to convert scanned books into text.)

But all I was finding for wikis was an extension called ConfirmEdit that is meant to flash a CAPTCHA every time someone makes an edit, which wasn’t what I wanted. I should have read more about it though. CAPTCHA doesn’t necessarily involve blurry text, it just means “Completely Automated Public Turing test to tell Computers and Humans Apart,” which can be any kind of test. And in fact, ConfirmEdit has several choices including blurry text, asking simple questions, asking the user to solve simple math problems, and one that involves the user identifying pictures of cats. Yes, pictures of cats. People can easily recognize whether a picture shows a dog or a cat, but this is much more difficult for a computer. Microsoft has developed a system called ASIRRA (“Animal Species Image Recognition for Restricting Access”) which shows you twelve thumbnail pictures of animals. You then click on only the pictures that are cats. The thumbnails are pretty tiny, but a bigger version pops up when your mouse is over the picture. Some people might still have a hard time, for instance if they are blind, though I doubt many people interested in flashlights are blind. Also some of the pictures can be kind of blurry, but you can get a new set of images if you want. The pictures themselves come from millions of pictures stored at petfinder.com and you could even adopt the dogs or cats shown if you want (this is why they make their database available). You can try it at ASIRRA.

Additionally, ConfirmEdit can be configured to control several different types of events, not just confirming edits. One of the options is for new user registration. Perfect.

Well, I had to try out the cat thing. It was pretty easy to install the ConfirmEdit extension and add a couple of lines to my localsettings.php file in my Wiki installation, but it didn’t work because I didn’t realize I also needed to install the ASIRRA extension (supposedly ConfirmEdit includes ASIRRA by default, but it didn’t). Once I got that done, I configured it so that the only time it would use ASIRRA was when a new person registered. I already have anonymous edits turned off and only users that are confirmed by me are allowed to edit, so I’m not worried about spammers, just new registrations. I really like this idea.

catsecure.png

2 thoughts on “ASIRRA Security by Cats

  1. Last week I had one sign-up that seemed legit even though they didn’t send me an e-mail to confirm, so I authorized that account. Then I got one that looked suspicious (“Victoria” which seems unlikely since women typically aren’t interested in flashlights). Other than that, the cats seem to be doing a good job.

  2. Today a guy emailed me and asked me to authorize his account. Even with the security in place, an actual person could sit at a computer and sign up bogus accounts, so the second step was new users had to email me to authorize their accounts. The thing was, no account had been created. I let him know and he tried a few different browsers and was getting stuck on a blank page. I turned off Asirra and told him to try and he immediately was successful, but so was somebody else. Within the next 30 minutes 12 bogus accounts signed up.

    Meanwhile I got to work and found out that Asirra had been discontinued since last October. It’s not like many people sign up for the wiki anyway, and I never do, so I had no idea the signup had been broken all that time. I did try to install a software update recently, but got all kinds of errors, so I reverted back to the old version. It could be that Asirra was doing that. Running MediaWiki is just a horrible experience.

    To stop the bogus accounts, I tried QuestyCaptcha, which you set up with questions that are easy for a real person to answer. I did 4 easy questions that people can answer just by looking at things on the page (like the color of the logo). No bogus signups yet. No legitimate ones either.

Leave a Reply

Your email address will not be published. Required fields are marked *