CleanTalk's blog

    Sign up

    Author: Alexander

    • ARIN Wins Important Legal Case and Precedent Against Fraud

      About 735,000 IP addresses were returned to the registry. This is the first time that IP addresses have been taken from fraudsters after a trial.

      On May 14, South Carolina U.S. Attorney Sherri Lydon filed criminal wire fraud charges against Amir Golestan, alleging he and his Charleston, S.C. based company Micfo LLC orchestrated an elaborate network of phony companies and aliases to secure more than 735,000 IPs from the American Registry for Internet Numbers (ARIN), a nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

      “Fraud will not be tolerated. The vast majority of organizations obtain their address space from ARIN in good faith according to the policies set out by the community. However, ARIN detected fraud as a result of internal due diligence processes, and took action to respond in this particularly egregious case,” said John Curran, ARIN President and CEO. “We are stepping up our efforts to actively investigate suspected cases of fraud against ARIN and will revoke resources and report unlawful activity to law enforcement whenever appropriate.”
      https://www.prnewswire.com/news-releases/arin-wins-important-legal-case-and-precedent-against-fraud-300849070.html

      According to a press release by ARIN, “Micfo obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN’s waiting list process.”

      This case is also interesting due to the fact that according to some sources the IP addresses were resold to spammers.
      This data Spamhaus The Powerhouse Network / IP.Gold

      Statistics of CleanTalk Anti-Spam service about spam activity AS53889 Micfo, LLC.

      Data provided on May 23, 2019.
      https://cleantalk.org/blacklists/as53889

      As we see, the IP addresses from AS53889 were used not only for sending email spam but for sending spam to web sites.

      Since May 2018, spam network activity was small, an average of about 400 IP addresses were added to the blacklist. But in March 2019 spam activity increased dramatically and there were already almost 21,000 IP addresses in the blacklists.

      Unfortunately, this case is not based on spamming, but only on obtaining IP addresses fraudulently. We hope that in the future, registrars will be able to conduct investigations and with the massive use of addresses to send spam and other malicious activity.

      In spam statistics CleanTalk AS53889 is not the most spam active network.

      We offer you a review of the top 10 most spam active networks. Data collected on May 23, 2019.

      Top 10 Spam  IP Networks

      1. IP Network 27.152.0.0/13
        This network belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 29,737 IP addresses in blacklists.
        Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK
         
      2. IP Network 79.184.0.0/13 This network belongs to AS5617 Orange Polska Spolka Akcyjna and has 524,286 IP addresses and currently 16,579 IP addresses in blacklists. Spam statistics for AS5617 Orange Polska Spolka Akcyjna

      3. IP Network 49.64.0.0/11
        This network also belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 15,779 IP addresses in blacklists.
        Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK

      4. IP Network 14.160.0.0/11
        This network belongs to AS45899 VNPT Corp Vietnam and has 2,097,150 IP addresses and currently 12,382 IP addresses in blacklists.
        Spam statistics for AS45899 VNPT Corp Vietnam

      5. IP Network 36.248.0.0/14
        This network belongs to AS4837 CHINA UNICOM China169 Backbone and has 262,142 IP addresses and currently 11,963 IP addresses in blacklists.
        Spam statistics for AS4837 CHINA UNICOM China169 Backbone

      6. IP Network 117.24.0.0/13
        This network belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 11,255 IP addresses in blacklists.
        Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK

      7. IP Network 155.94.128.0/17
        This network belongs to AS8100 QuadraNet, Inc. and has 32,766 IP addresses and currently 10,249 IP addresses in blacklists.
        Spam statistics for AS8100 QuadraNet, Inc

      8. IP Network 107.173.128.0/17
        This network belongs to AS36352 ColoCrossing and has 32,766 IP addresses and currently 9,785 IP addresses in blacklists.
        Spam statistics for AS36352 ColoCrossing

      9. IP Network 95.79.0.0/16
        This network belongs to AS42682 JSC ER-Telecom Holding Russia and has 65,534 IP addresses and currently 9,567 IP addresses in blacklists.
        Spam statistics for AS42682 JSC ER-Telecom Holding Russia

      10. IP Network 120.32.0.0/13
        This network belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 15,779 IP addresses in blacklists.
        Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK


      Full statistics on the spam activity of all autonomous systems you can see here https://cleantalk.org/blacklists/asn

      The article used materials
      https://krebsonsecurity.com/2019/05/a-tough-week-for-ip-address-scammers/

    • Updating the API method “spam_check”

      CleanTalk has updated the API method “spam_check” that allows checking spam activity of IP and email addresses via the CleanTalk database.

      What’s new:

      1. Displays the code of the country where the IP address belongs.
        This will help you know the geo-location of each IP address. The country code is displayed in a two-letter format in accordance with “ISO 3166-1 alpha-2”.
      2. Added checking email addresses for existence. You can find out more about checking email addresses for existence here: Real-Time Email Address Existence Validation.

        Be careful, email is checked for existence only if you send only one email address in an API request. See API instructions.
      3. Check email address for one-time use. Temporary email addresses for registration/comments and messages is one of the attributes of spam. What is wrong with using temporary email addresses? You can never contact this client and your marketing will not work. If this user forgets to log in/out, he will never be able to recover them.

      Please, look at our API “spam_check” guide.

    • How to Set Up Notification for New Comments in WordPress

      As everyone knows, WordPress sends a notification about a new comment to an article only to the author of the article. This is often inconvenient, as the site can be administered by a group of people and important messages may be lost, you need to enter the admin panel of the site to view them and etc.

      CleanTalk Anti-Spam allows you to add user groups to receive notification of new comments. So, when a new comment to an article appears, the notification will be received not only by the author of the article but also by all users in the groups that you added.

      See the instruction on how to add WordPress user groups to receive notifications for new comments.

    • Country Blocking. How to block access to your site from certain countries.

      If you are the owner of a web site, then by default it is available for the entire planet. Many websites are simply not relevant to people in other countries. Thus, you should not expect significant traffic from them for granted.

      If you notice that there are requests to your site from a particular country for which your content is insignificant or you just want to deny access to your website from one or more countries, you can easily use the CleanTalk services.

      Most of the visits to the site are various bots, brute-force attempts, vulnerability scanners and content, products and prices, why not block access to my site from China if it is targeted at users from the USA? Sometimes the danger is greater than the occasional visitor from Pakistan, Iran or Côte d’Ivoire.

      3 types of blocking by country

      CleanTalk provides 3 different types of blocking users by country:

      • Anti-Spam
      • SpamFireWall
      • Security FireWall(Only WordPress)

      Anti-Spam

      Blocking by country using Anti-Spam service allows you to block only comments/registrations and any POST requests on the site from users from certain countries. The site will be available for visitors and they can view it, but will not be able to leave a comment. It will be useful to block spam sent manually and some types of online threats (SQL injections) from these IP addresses. How to use Black/White lists for Anti-Spam service.

      SpamFireWall

      Blocking traffic by country using Spam FireWall allows you to partially block access to the site for the IP addresses of specific countries. All visitors from the blocked country will be given a special page, while ordinary users will be able to go through it and be able to view the site, comment and register, but bots will not be able to go through this page. This option is useful because it can significantly reduce the load on the site, since all POST/GET requests will be blocked and the site will not execute scripts for these requests, the blocking page almost does not consume any server resources. It can be used to block brute force attacks, vulnerability scanners, various bots, as well as to temporarily block traffic in some types of DoS attacks, when attackers send thousands of HTTP requests to the site, reduce the likelihood of hacking the site. How to use the Spam FireWall BlackList.

      If you need to block comments and registrations for this country too, then use country blocking for Anti-Spam service.

      WordPress Security FireWall

      WordPress Security FireWall – tightly blocks access to the site for blocked countries. At the same time, all requests to the site will be blocked and visitors from these countries will not be able to go to the site pages. A blocking page will be displayed to visitors. This type of blocking will be useful to prevent all types of attacks on the web site via HTTP / HTTPS. How to use WordPress Security FireWall.

      For all types of blocks requests are logged and available in the Dashboard for further analysis. All types of blocking allow to reduce the load on the site/server and block attacks on the site.

      For most websites, we recommend blocking only problematic countries that have a large number of spam, brute force attacks, generate a large number of 404 errors on the website, or pose other security threats to your website. We also recommend that you review your block lists regularly.

      For search bots Google, Bing, Yahoo, Baidu, MSN, Yandex and etc. we have made exceptions and they will not be blocked. Also, if you enter the IP address or network in the white list, this entry will have priority and requests will be skipped.

      In addition to blocking by country, each type can use your personal lists to block individual IP addresses or IP networks.

      How to identify the countries with the most spam activity on your site?

      It is enough to go to the CleanTalk dashboard and to see the block with the spam attack map and Top Spam Requests statistics.

      You can also view general statistics on spam attacks https://cleantalk.org/spam-stats

      You can see data on website visitors by country in Google Analytics statistics.

      We will be happy to answer your questions. Leave a comment below or create a private ticket.

      Thank you!

    • Update to block messages by language

      We have added Cyrillic languages to the blacklist. So, if you don’t expect a comment on your website from Cyrillic languages you will be able to block all messages that contain Cyrillic symbols.

      At the moment, the blacklist of languages allows adding for blocking the next languages:

      • Chinese
      • Korean
      • Japanese
      • Hindi
      • Arabic
      • Cyrillic

      CleanTalk informs you about the occurrence of an opportunity to manage personal black/white lists. You can view, add, and delete their items in the Control Panel. You can add languages to the blacklist in dashboard CleanTalk -> Black&White lists or use the link https://cleantalk.org/my/show_private.

      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • List of Visited URLs of Your Visitors

      We’ve launched the option to store the visited links of your visitors before they posted something on your website. It also includes the source where they came from to your website. (For the WordPress Plugin Only)

      To enable or disable the option go to settings of the CleanTalk Anti-Spam Plugin. Go to your WP Dashboard —> Settings —> Anti-Spam by CleanTalk —> Advanced settings —> “Store visited URLs”
      https://cleantalk.org/help/anti-spam-log#stored_URLs

      “Store visited URLs” — the plugin stores the last 10 visited URLs (HTTP REFERRERS) and URL sources before your visitor submits data with your website form. You can see the stored URLs for each visitor in your CleanTalk Anti-Spam Log.

      Help with website analytics — stored URLs could be used to your website analytics or to detect click fraud.

      Additional Control
      Spammers can fake or actually visit any webpages to pass through anti-spam protection. Take into account other factors such as if there are links, contacts, spam activity on other websites. You can check spam activity with the CleanTalk Database or with your Anti-Spam Log, you’ll see the number of spam attacks performed from IP address or email.

      Enable this option to improve anti-spam protection.


      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • Additional email address to receive Weekly Anti-Spam Reports

      We have launched the option to add additional email addresses to get Weekly Anti-Spam Reports.

      This is necessary for customers who care about receiving notifications for other site administrators or webmasters.

      Use the option “Grant” to add additional email addresses.
      Email notifications — allows adding other email addresses to receive Weekly Anti-Spam Report. 

      If you want the report to come not only to you but also to your other employees, use this option to add email addresses.

      Learn more, how to grant the rights.

    • PHP Error Logging in the WordPress Backend

      CleanTalk has added a new function in their WordPress Security Plugin. With CleanTalk Security you will always know about any PHP errors on your website.

      Are you sure that your website doesn’t have PHP errors?
      Not all hosting companies enable PHP Log by default and you need some time to enable it and sometimes it looks difficult if you don’t have enough experience.

      Why is it important?

      Any PHP errors tell you that some of your website functionality doesn’t work correctly, furthermore hackers may use these errors to get access to your website.

      So, CleanTalk WordPress Security Plugin collects PHP errors and sends them to your CleanTalk Dashboard.

      PHP Log contains data/time and the type of error:
      NOTICE
      WARNING
      FATAL_ERROR
      UNKNOWN

      Each type has a short comment, what does it mean and our recommendations for how to resolve it. You can view your log in CleanTalk Dashboard.

      CleanTalk provides a simple and easy way to control all PHP errors and to prevent problems for your customers. You can enable this option on the settings page of CleanTalk WordPress Security plugin. Go to your WordPress Dashboard->Settings->Security by CleanTalk->General Settings->Miscellaneous and pick the option “Collect and send PHP logs”.

      If you have any questions, we will be happy to help you.
      Leave your comment below.

    • Two-Factor Authentication for WordPress

      CleanTalk has launched Two-Factor Authentication for WordPress admin accounts that will improve your website security and make it safer, if not impossible, for hackers to breach your WordPress account.


      Two-Factor Authentication works via e-mail. It makes the Two-Factor Authentication more reliable. The reason is that if an intruder knows your password they also need to know your e-mail address that is being used to get an authorization code and the password to your e-mail.

      This method almost eliminates the possibility for strangers to get access to your account.


      It requires a bit of your time but Two-Factor Authentication immediately gives a much higher level of protection.


      With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your authorization code. The plugin will remember your browser for 30 days.


      To activate Two-Factor Authentication go to the settings of the CleanTalk Security plugin and enable the option  “General Settings” -> “Miscellaneous” -> “Two-Factor Authentication”. The letter with your authorization code will be sent to your e-mail that you put into the general settings of your WordPress website.


      You will be notified by e-mail each time the Two-Factor Authentication was successfully passed.


      By spending a few minutes to set up Two-Factor Authentication you save your time and other resources by not having to deal with the consequences of the hacked website.


      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • Security issue in the Drupal plugin

      Hello!

      We want to notify a security issue in the Drupal plugin. https://www.drupal.org/sa-contrib-2019-010

      We are working on this and after a couple of hours, a new release will be ready.

      Update

      The issue depends on the option “SpamFireWall”. We have fixed that and send the new version to the Drupal Team for approval.

      While they are approving it, you can disable the option: Drupal Admin Page —> Modules —> OTHER category —> Anti-Spam by CleanTalk (Configure) —> disable “SpamFireWall”

      The latest update on Feb 02 2019


      We received the last answer and we hope that this
      Monday new release will be approved. https://twitter.com/DamienMcKenna/status/1091507312056037377

      At the moment we still haven’t received a response and the fixed version is still on validation.
      Feb 06 2019.

      Latest news.
      We are pleased to inform you that the fixed version of our Drupal Plugin has been approved. https://www.drupal.org/project/cleantalk

      Please, update your plugin. 

      Thank you!

    CleanTalk

    About

    Dashboard

    Pricing

    Sign up / Sign in

    Solutions

    Anti-Spam for websitee

    Blacklists

    Filter fake emails

    Gantt charts

    Hide contact data

    Stop spam emails in Contact form 7 (CF7)

    Stop spam in Elementor form builder

    Stop spam in WPForms

    Website malware scanner

    WordPress Security & Firewall Plugin

    Documentation

    API

    Help

    License agreement

    Privacy Policy

    Refund Policy

    Signs of Malware

    Contact us

    Create a support ticket

    Telegram

    Contact us