« Freaky Facebook Friends | Main | Wiki Upgrade »

Sunday August 21, 2011

ASIRRA Security by Cats

I had a lot of success recently adding security questions to a community bulletin board to stop bots from registering and attempting to spam the forum. I have the same problem on the flashlight wiki, but it hasn't gotten out of hand yet. Lately I have been getting one or two bot registrations a day. Just like on the bulletin board, registering doesn't allow them to post spam, they still have to be confirmed by me to post anything. But I still go in and block them which takes a little time. So I was looking for a way to add security questions like I did for the bulletin board. I like the security questions because they are so easy for users to get correct (unlike the blurry text used in CAPTCHA systems). (To be fair, ReCAPTCHA, where you enter two blurry words, does have a practical purpose in helping to convert scanned books into text.)

But all I was finding for wikis was an extension called ConfirmEdit that is meant to flash a CAPTCHA every time someone makes an edit, which wasn't what I wanted. I should have read more about it though. CAPTCHA doesn't necessarily involve blurry text, it just means "Completely Automated Public Turing test to tell Computers and Humans Apart," which can be any kind of test. And in fact, ConfirmEdit has several choices including blurry text, asking simple questions, asking the user to solve simple math problems, and one that involves the user identifying pictures of cats. Yes, pictures of cats. People can easily recognize whether a picture shows a dog or a cat, but this is much more difficult for a computer. Microsoft has developed a system called ASIRRA ("Animal Species Image Recognition for Restricting Access") which shows you twelve thumbnail pictures of animals. You then click on only the pictures that are cats. The thumbnails are pretty tiny, but a bigger version pops up when your mouse is over the picture. Some people might still have a hard time, for instance if they are blind, though I doubt many people interested in flashlights are blind. Also some of the pictures can be kind of blurry, but you can get a new set of images if you want. The pictures themselves come from millions of pictures stored at petfinder.com and you could even adopt the dogs or cats shown if you want (this is why they make their database available). You can try it at ASIRRA.

Additionally, ConfirmEdit can be configured to control several different types of events, not just confirming edits. One of the options is for new user registration. Perfect.

Well, I had to try out the cat thing. It was pretty easy to install the ConfirmEdit extension and add a couple of lines to my localsettings.php file in my Wiki installation, but it didn't work because I didn't realize I also needed to install the ASIRRA extension (supposedly ConfirmEdit includes ASIRRA by default, but it didn't). Once I got that done, I configured it so that the only time it would use ASIRRA was when a new person registered. I already have anonymous edits turned off and only users that are confirmed by me are allowed to edit, so I'm not worried about spammers, just new registrations. I really like this idea.

catsecure.png


Comments (1)

Last week I had one sign-up that seemed legit even though they didn't send me an e-mail to confirm, so I authorized that account. Then I got one that looked suspicious ("Victoria" which seems unlikely since women typically aren't interested in flashlights). Other than that, the cats seem to be doing a good job.

Post a comment