Author: Alexander

  • WordPress. How to hide email address from bots and spammers

    WordPress. How to hide email address from bots and spammers

    If your email address is posted on the site in the open form, then this is an easy way for bots and spammers to get it for further use and to send spam to you, and to send comments on other sites. Cleantalk Anti-Spam Plugin for WordPress allows you to obscure email addresses on public pages.

    How to obscure email address to hide from bots and spammers

    First of all, you need to install the Cleantalk Anti-Spam Plugin for WordPress. To install the plugin, you can use the instruction.

    After installing the plugin, go to WordPress DashboardSettings Anti-Spam by Cleantalk and mark the Encode Contact Data option and save the settings.

    To check how the obscure email address option works, open a new browser window in incognito mode and go to the page of your site on which your email address was posted. As well as you can try an example below.

    Click the hidden email to see the magic: st********@*****le.com

    On the page, you will see that the email address is hidden. To decode the email address, click on it, and at that moment the anti-spam will check for bots, this will take a few seconds for decoding. After the check is performed, you will see the email in open form. The bots that could not perform the check will be blocked.

    Why do you need to hide email address on website

    Almost every web owner places his contact information on his website so customers can contact it. Sometimes an indication of your email address directly on your website can be the most convenient way for your customers to contact you. However, the simple publication of your email address in the form of simple text can lead to undesirable consequences.

    To hide the email address, you can try to obscure the address manually, for example, email at example dot com. But this method is little effective and the bots recognize it. To solve the problem of collecting email addresses by bots, we have developed a reliable verification method that allows you to block bots.

  • WordPress DDoS Protection. How to Mitigate DDoS Attacks

    WordPress DDoS Protection. How to Mitigate DDoS Attacks

    How to Mitigate DDoS Attacks on WordPress

    To mitigate DDoS attacks you can implement several methods.

    The first method is to forbid access to your website by IP address on the level of your webserver by adding a rule in the file «.htaccess» manually.

    The second method is to install the CleanTalk Security plugin for WordPress, our feature Traffic Control that protects from DoS is enabled by default.

    CleanTalk Traffic Control monitors each request from any IP address and if the number of requests exceeds the limit in a certain time period then this IP address will be temporarily blocked and it wouldn’t be able to access your website at all.

    For instance, if an IP address sends requests to your website with a frequency of 1000 requests per 1 hour, such activity will definitely be blocked for 1 hour.

    You can adjust the settings of Traffic Control as you want and as you find appropriate. To do that, go to your WP Dashboard → Settings → Security by CleanTalk → General Setting → Firewall.

    Time frame to measure page hits – here you can set a time period which will be taken to calculate the number of requests of your visitors.

    Block a visitor if the count of the opened pages in the time frame more than – here you can set your limit of requests after exceeding which any IP address will be blocked.

    Block a visitor if they exceed the limit of opened pages for X minutes – this option is meant for setting a time period a blocked IP address will be put in.

    Ignore logged-in users – tick this option to ignore all requests going from your logged-in users.

    Also, on the tab Firewall, you can see all IP addresses that are visiting your website right now.


    What are DDoS and DoS?

    These are types of attacks on a website when a lot of requests are being sent. If the number of requests is quite high then it will result in problems with the website functioning.

    The difference between DDoS and DoS consists of that DDoS has a distributed attack, meaning it is executed from many IP addresses, while DoS has just one or a few IP addresses.

    Why DDoS and DoS might be dangerous to a website

    Such types of attacks is based on the fact that a webserver has to process each request, thus running all website page scripts, loading all pictures, and so on spending its resources. As a result, the website will function slower or start giving an error on attempts of visiting any page.
    The second trouble is in a high volume of your website traffic, in some cases, it may lead to unexpected expenses or a warning from your hosting provider.

    It’s unwise to underestimate the dangers of such types of attacks and spend your time forbidding IP addresses manually, it’s more efficient to give this task to the automated tools.

    You can install the plugin Security & Malware scan by CleanTalk from the WordPress catalog.

  • Additional Services of CleanTalk Anti-Spam in Demand

    Additional Services of CleanTalk Anti-Spam in Demand

    This article is about our extra services that are in the most demand among the clients of CleanTalk Anti-Spam. The Personal Lists feature (by IP and email addresses) does not count in this review as it’s not an extra feature, it is included in the basic package of the service.

    Extra Package expands the service features and offers other options if you need them. The features included in the Extra Package are not necessary for all of our clients, therefore, the price of the Anti-Spam service stays unchanged for all of our clients and the features might be chosen to be used only by those clients who really need them.

    1. The most popular extra feature is Blocking by Country. Adding a country to the Anti-Spam blacklist allows to block comments, signups and other data from any website forms from the IP addresses that are being considered as a part of the blacklisted country. Keep in mind that only submitted data to the website forms will be blocked, not visiting the website, people still be able to visit your website from the blacklisted countries.
      Read more about Blocking by Country.

    2. The second most popular extra feature is Stop-Words. Stop-Words block messages that contain any word you added to your Personal Lists. It allows blocking messages containing profanity, obscene language and strengthening the Anti-Spam protection from manual spam by adding specific words to your Stop-Words list. Read more about Stop-Words.

    3. Blocking by Countries in SpamFireWall (SFW) takes the third place among popular extra features. The feature blocks access to the website for bots while a normal visitor is able to open any website pages as usual. Each IP address of the blacklisted country will be forbidden to visit your website by the SFW screens, each initial website page load will trigger the SFW check for bots. Normal visitors are able to pass the SFW screens and load the website pages and later on the SFW screens will not disturb them. Meanwhile, bots that fail the SFW check will always get the SFW screens and never visit your website. Read more about Blocking by Countries in SpamFireWall.

    4. The fourth place is taken by the feature of blacklisting domains. When mail domains are added to your Personal Lists all data submitted to your website forms containing the blacklisted domains will be blocked. Read more about blacklisting domains.

    5. Blocking by Language is on the fifth place. All messages in the chosen languages will be blocked when you add these languages to your Personal Lists. At the moment we offer the following languages:
      Chinese
      Korean
      Japanese
      Hindi
      Arabic
      Cyrillic
      Indonesian

      Read more about Blocking by Language.

    We hope that this article gives you a good hint about useful extra features for tuning your Anti-Spam license to be more convenient and functional for you.
    We will be happy to answer your questions and comments.

  • How Do Our Clients Use the CleanTalk Blacklists Database

    How Do Our Clients Use the CleanTalk Blacklists Database

    This article is about how the data of the CleanTalk Blacklists Database is being used by our clients in their businesses.

    Brief description of what the CleanTalk Blacklists Database is
    The CleanTalk Anti-Spam and Security services get data of malicious actions that are being performed on the websites of our clients. IP and email addresses of the suspicious visitors are being added to the CleanTalk Blacklists Database.
    The CleanTalk Blacklists Database is being updated in real time, outdated addresses (that weren’t used for attacks for a certain period of time) are being deleted from the Database while new addresses with malicious activity spotted on several websites at once are being added to the Database.

    What are Possible Ways of Using the CleanTalk Blacklists Database of Spam IP and Email Addresses

    Based on the examples of our clients we want to demonstrate the ways of how they use our data of spam active addresses.

    Online marketing
    Owners of online businesses send their marketing offers and deals by launching their mailing campaigns. They collect their leads from their website forms after receiving completed checkouts or after getting new signups. Spammers on the other hand use website forms to send spam and they can use either lists of fake email addresses or real email addresses of random people.

    In both cases when our clients launch their marketing campaigns using these unreliable email addresses nobody gets anything good. Quantity of emails sent to fake addresses or to unaware people will increase, random people most likely mark such emails as spam or report them. Thus, there are risks for the online email campaigns to get a lot of spam reports and as a result the webservers might be blacklisted, percentage of successfully delivered emails might be lower than expected, there might be problems in delivering emails to legitimate users.

    To avoid this the mailing lists have to be checked for spam and refined from fake and spam addresses. The outcome of the mailing campaign will be much better and more precise.

    Website builders
    Website builders such as WIX.com use our data of spam active addresses for strengthening their defense from spam and malicious activity on websites of their clients. If webservers get an online request from an address that is in the CleanTalk Database then this is a good reason for verification to be made stricter.

    Enterprise networks
    To protect enterprise networks from unauthorized access and hacking. Protection for such networks usually consists of several layers of authentication and other security tools. The CleanTalk Blacklists Database of Spam IP and Email Addresses is one of the tools that helps making protection more reliable.

    Protection for mobile applications
    The CleanTalk Blacklists Database of Spam IP and Email Addresses is also being used for protection from spam signups and spam registrations in mobile applications.

    Protection for API, web applications
    In this case anti-spam checks are being performed for the addresses that call the API and if the address is blacklisted in the Database then it’s a good cause to pay a closer attention to it and take necessary measures.
    The most common ways of using our CleanTalk Blacklists Database of Spam IP and Email Addresses were mentioned in this article to help reinforce the security level of any online business. It’s possible to get access to the CleanTalk Blacklists Database with our APIs or by downloading it in files.

  • 7 tips of communicating with your clients and how to not lose them

    7 tips of communicating with your clients and how to not lose them

    We want to share our experience on how we handle feedback from our clients. Here are some of our rules helping us to get great feedback about the quality of our tech support:

    1. Speed of response to a client request.

      The faster you respond to your client’s question the more satisfaction your client will get from working with you. Even if you use auto-replies when your client creates a ticket and inform that you will reply within 24 hours, it will be a depressing factor as the client is already potentially expected to wait for your reply in 24 hours. You have to reply within 1, maximum 2 hours. At CleanTalk we stick to the rule that 80% of all replies must be given within 1 hour since the creation of a question and since the previous client reply, moreover, we manage to get it done about 20-30 minutes faster. Such speed of replies is very motivating for clients and we get feedback that our support team is one of the fastest they have worked with.

    2. Accessible and clear information.

      Provide your client with a clear and accessible description of how the issue should be resolved. If the client is required to perform some actions from their side then do the following:
      – describe a detailed and step-by-step order of such actions;
      – provide a screenshot, mark the needed area of the interface and what actions are needed to be done;
      – provide your client with a link to the necessary interface or guide, this way your client will not have to search for the necessary pages themselves.
      These steps are needed so the client does not have to ask you again how to do a particular action that you were asking earlier, which ultimately reduce the time it takes to resolve the issue and the number of responses per request. On average, we get 3.33 responses per request.

    3. Deadlines of solving the issues must be met.

      If you can not solve the issue immediately and you require some help from your colleagues such as your programmer, then give a realistic date when you will respond to the client. Do not give unrealistic deadlines to avoid rescheduling. If for objective reasons you will not meet the deadline then inform the client about it and give them a new deadline. You should keep track of the deadlines and not let the issue be continually postponed because of the workload of other employees. Establish smooth cooperation between departments, there should not be any delays on any stage of the problem solving process. In our company in each department (Web Developers, Client-Side Developers, Server-Side Developers) there is an employee who is solving client issues that came from the technical support.

      If the question is complex and requires more time to find a solution/answer and you can not immediately give your answer in an hour, tell the client about it right away. Write how much time you’ll need for troubleshooting the question and prepare your answer. For example, “I’m sorry, it will take longer than usual to investigate your issue and I will be able to give you a detailed answer in 4 hours”.

    4. Provide your support staff with all details they need.

      Your employees should not spend their time searching for information about the client. Analyze how the workflow of your employees is made, note the most frequent and time-consuming activities and try to automate them so that these activities would be performed with a single button.

    5. Offer a bonus for your mistakes.

      If there was a mistake by your fault then offer your client a bonus to compensate their time. It’s a good practice for building loyalty to give some encouraging attention to your clients.

    6. Prepare your reply templates for the same type of questions.

      Analyze your client requests. There will always be similar questions and it takes a lot of time if you have to type your similar replies quite often. It is easier to prepare the standard reply templates that can already be edited depending on the situation. Try not to make such templates look like a machine answer, edit the template in your answer for more human-like communication.

    7. Make sure that the client’s question is resolved.

      If the client reached out to you and you gave them a solution, ask the client at the end of your reply if your instructions helped them and if their question has been resolved. It greatly reduces the time it takes to resolve the issue.

    We hope, our experience that we shared will help your support team and your clients to get the most useful communication with each other. If you have any thoughts to add, please write them down in the comments.

    If you want us to share more of our experience with you – let us know in the comments below and don’t forget to share if you like the post.

  • Account Confirmation for Outlook.com and Hotmail.com

    Hello,


    For the owners of email addresses on outlook.com or hotmail.com, there is a chance that incoming emails might be moved to the junk folder.We ask you to pay attention, if you have not received the email to confirm your CleanTalk account, then you need to check your junk folder. We are working to resolve this issue and we apologize for the inconvenience caused.
    In order to ensure that our emails go straight to your inbox and not to your junk folder, please add this address we*****@*******lk.org to your SAFE SENDERS LIST.


    Outlook and Hotmail Email Account.
    - Log in and click the “Settings” icon at the upper right corner of the page. Choose the “More Mail Settings” option.
    - Under the “Preventing junk email” section, click “Domain to mark as safe”.
    - Click "Safe senders".
    - In the “Sender or domain to mark as safe” field, enter @cleantalk.org and click “Add to list”.

    Thank you for your patience.

  • Changes in the spam_check() API method

    In the current version, the API spam_check provides additional parameters:

    frequency_time_10m - 10 minutes activity
    frequency_time_1h - 1 hour activity
    frequency_time_24h - 24 hours activity

    Learn more about all parameters:
    https://cleantalk.org/help/api-spam-check#response-explanation

    These parameters show the total activity for the scanned entry, both spam and non-spam activity. The practice has shown that these parameters are not effective and are not in demand.

    These parameters will be removed from the method API from October 7, 2021.

    If you have any questions about the API method, you can ask a question in the comments below.

  • Update CleanTalk Uptime Monitoring Service

    Update CleanTalk Uptime Monitoring Service

    We have updated our uptime monitoring service for websites.

    This update allows you to select the monitoring points from which to check the availability and loading time of the site.
    When adding a website URL, monitoring automatically checks the response time from all points and suggests setting the monitoring point that is closest to the website.

    Most sites do not need to receive data on the site’s loading speed from different locations of the world, since they are targeted at local users and when checking the loading time from all points at once, unnecessary requests to the site will be generated.

    For such users, it will be enough to select one or two points from the nearest location to the site.
    Learn more about CleanTalk Uptime Monitoring.
    https://cleantalk.org/help/uptime-monitoring-how-it-works

    If you have any questions, we will be happy to help you.
    You can leave a comment below or create a private ticket here.

  • CleanTalk updated the 2FA (two-factor authentication) option

    CleanTalk updated the 2FA (two-factor authentication) option

    Two-factor authentication is still one of the most effective methods of protecting your account. One of the most common ways to hack WordPress sites is to brute force passwords.
    CleanTalk Security plugin for WordPress already has two-factor authentication by sending an authorization code to the email account.
    We have now expanded the two-factor authentication options and added the Google Authenticator option.
    Now you can choose the most convenient 2FA option for you.
    You can learn more about how to set up two-factor authentication in WordPress here https://cleantalk.org/help/two-factor-auth
    You can further strengthen the protection of accounts and change the URL address of the authorization page. You can read more here https://blog.cleantalk.org/how-to-change-wp-login-url/.


    If you have any questions, we will be happy to help you.
    You can leave a comment below or create a private ticket here.

  • Spam Protection for Woocommerce forms without captcha

    Spam Protection for Woocommerce forms without captcha

    CleanTalk Anti-Spam has native spam protection for Woocommerce. Any web form on the website is subject to spam attacks and you can install CleanTalk Anti-Spam to protect all existing forms on the WordPress site at once and you do not need to integrate protection for each form separately.

    CleanTalk anti-spam processes more than 35,000 orders daily. Below is a list of the top10 countries from which order spam comes in for 1 day.

    Country | Number of spam |

    • | GB | 1460 |
    • | US | 642 |
    • | LT | 635 |
    • | PH | 436 |
    • | CA | 272 |
    • | RU | 218 |
    • | DE | 127 |
    • | NL | 91 |
    • | FR | 82 |
    • | PK | 61 |

    CleanTalk provides a powerful tool for spam, profanity, email validation, personal IPs/Emails lists and more.
    You can read more about all CleanTalk features here https://cleantalk.org/help/introduction.

    Whether you use Woocommerce on your WordPress site, you can use the CleanTalk Anti-Spam to protect any other web forms on WordPress.

    How to install CleanTalk Anti-Spam on WordPress

    To install the anti-spam plugin, go to your WordPress admin panel -> Plugins -> Add New
    enter cleantalk in the search box and click the Install button for “Spam protection, AntiSpam, FireWall by CleanTalk”.
    After installing the plugin, click the “Activate” button and go to the plugin settings and click the “Get Access Key Automatically” button and click the “Save Settings” button.

    Your WordPress site and Woocommerce are now protected from spam.
    Or use our installation instructions.
    https://cleantalk.org/help/install-wordpress

    You can find the options for managing spam protection for Woocommerce in the plugin settings WP Dashboard -> Settings -> Anti-Spam by CleanTalk -> Advanced Settings -> WooCommerce

    WooCommerce checkout form – spam protection for Woocommerce checkout form.

    Spam test for registration during checkout – this option protects against spam registrations that occur during Woocommerce checkout.

    How to test spam protection

    You can test the work of anti-spam protection for any web form by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

    If you have any questions, add a comment and we will be happy to help you.

    Update

    The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.