CleanTalk's blog

Category: CleanTalk

Bots and Your Website: How Much of Your Traffic is Fake?
Not all your website traffic is genuine. Hidden within your analytics are bots – automated programs that can mimic human behavior. Think of them like little robots that visit your website and pretend to be people. While some bots are harmless (like the ones that help Google find your site), others can cause trouble. They can clog up your contact forms with spam, create fake accounts, and even place phony orders. Those fake traffic bots are like a bunch of party crashers at your online store who aren’t there to buy anything, just to cause a mess!

Just how big is this problem?

Well, studies show that up to 30% of all web traffic might actually be bots! That means almost one in three “visitors” to your site might not be a real person. And when it comes to contact forms, things get even worse. Experts say that up to 40% of all form submissions could be spam generated by bots. That’s a lot of wasted time and effort dealing with junk! Even registrations and orders can be affected, with estimates suggesting that 10% of new accounts and 5% of online orders could be fake.

Why should you care?

These sneaky bots can cause a lot of headaches for businesses. They can:
- Waste your time: Dealing with spam messages and fake accounts takes time and effort away from real customers.
- Mess up your data: Bots can make your website statistics unreliable, making it harder to understand how real people are using your site.
- Hurt your reputation: If your contact form is full of spam, it makes your business look unprofessional.
- Cost you money: Fake orders can lead to financial losses and logistical nightmares.
So, what can you do about it?

Imagine having a super-smart bouncer for your website, someone who can spot fake traffic bots before they even get through the door. That’s what CleanTalk Anti-Spam and Security plugins do! They’re like a 24/7 security team dedicated to keeping your website safe and clean.

Here’s how CleanTalk helps protect your forms and keeps spam away:
- CleanTalk is a pro at protecting all kinds of forms on your website, from contact forms to registration forms and even order forms. It checks every submission to make sure it’s from a real person, not a spam bot trying to cause trouble.
- CleanTalk can even help you get rid of spam that’s already on your website. It can scan your comments and other content to find and remove those spam links that bots leave behind.
CleanTalk is like having a dedicated team of experts protecting your website, making sure your forms are safe, your content is clean, and those pesky bots are kept far, far away
October 30, 2024
Moving On: A Farewell to UNI/UniForce
Hey everyone,

We’ve got some news about our UNI/UniForce product line, and while it might not be the easiest thing to share, we wanted to be upfront and personal with you all about it.

Here’s the deal: we’ve decided to sunset UNI/UniForce. What does that mean exactly?
- November 1st, 2024: This is the day we’re putting a pause on active development.
- November 1st, 2025: This is the official end-of-life date for UNI/UniForce. After this point, we won’t be able to provide technical support for it anymore.
We know this might come as a surprise, and we truly appreciate you sticking with us and using UNI/UniForce. This wasn’t a decision we made lightly. Sometimes, in the tech world, we have to make choices about where to focus our energy to build the best possible future.

What happens next?

We understand that you might be looking for a replacement solution. Great news! CleanTalk offers a robust set of APIs that can be integrated into a wide variety of applications. You can find out more about CleanTalk’s API options and how they can help protect your projects here: https://cleantalk.org/help/api-cleantalk-all

CleanTalk also provides a powerful blacklist checking tool that allows you to instantly verify if an IP address, email address, subnet, or domain is listed on any major blacklists. This can be a valuable resource for maintaining your security and reputation. Give it a try here: https://cleantalk.org/blacklists

If you have any questions about this transition or need help exploring alternatives, please don’t hesitate to reach out to our support team. They’re always happy to help!

Thanks for being awesome!
October 28, 2024
WordCamp US 2024
Let share a few notes from WCUS2024,
1. Disney moved a few dozens of websites to WordPress. They use SEO to measure value of content/posts, looks like the trust algorithms of search engines to confirm valuables of sites. Here are examples,
  - https://disneyconnect.com/
  - https://disneyparksblog.com/
2. There was a such interesting case of rebuilding https://www.recipetineats.com by https://humanmade.com. They’ve boosted site views from 25M/month to 45M/month. Key moments,
  - Hosting, backend and frontend improvements returned up to 20% of boost.
  - Added schemas for recipes.
  - Used X-Ray to track PHP code. I hope this is link is correct https://github.com/aws-observability/aws-otel-php link to home page of the project.
  - Moved the site to enterprise ready plugins. Under ‘enterprise ready’ they mean superfast, secure and maintainable plugins.
  - They used old platform and design during the rebuilding. They had good data to compare results before and after the project was done.
3. Elementor uses Patchstack to validate reports about vulnerabilities. Elementor has its own ecosystem for working with other plugins; according to them, every 30th plugin created on wordpress.org operates within this ecosystem.
4. Gravatar they are working on creating a “network” profile, not just an avatar. In the future, they see themselves as a Single Sign-On provider. It’s interesting why websites do not widely use Facebook/X for the same purpose—I’m referring to the idea of a network profile. An example of a network profile is https://gravatar.com/ronnie.
  - They updated the plugin for the first time in 12 years: https://wordpress.org/plugins/gravatar-enhanced/#description.
  - I would like something similar on our blog and research.
5. I spoke with 6-7 participants, and 3 of them use CleanTalk. Some were even surprised—why aren’t we showcasing our work? 🙂
Bonus

I’ve found a few scenery locations in Portland, OR, here are photos of them as well as me and some of our customers. Thank you guys for a great camp!

Timothy and Zach from BigScoots.

Portland Japanese Garden.

PDX.

NorhtBridge burger in Bdridgetown BBQ. The best burger I ever had!

Jonahtan and co from Kiinsta.

Steel Bridge.
October 24, 2024
PAYG is no longer used in adding extra website

The Pay-As-You-Go payment method will no longer be used when adding extra websites to your Anti-Spam or Security license. When you need to add an extra website and no free slots are left in your current license, your plan will be automatically upgraded.

If you have any questions feel free to ask a question in the comments below or create a private ticket.

October 11, 2024
The Real Person Badge – the Anti-Spam New Feature

Bots are among us all over the internet. They visit websites, gather information, and write comments and reviews. So how do you distinguish such a bot from a real comment or review author? That’s where The Real Person appears.

The Real Person is a benchmark system for WordPress that separates real users from bots. It shows a special badge for the author of a comment or review, that the author passed all Anti-Spam filters and acts as a real person. As well as his email is also confirmed to exist.

Here’s an example of what The Real Person badge looks like on a WordPress website. You can also see the live badge in the comments below the post.

The Real Person is free and is a part of the Anti-Spam protection cloud service.

How to enable the feature

The feature is disabled by default. To enable it follow the short guide.

Don’t forget to check The Real Person badge in the comments below ↓

October 4, 2024
Service outage on September 19th

Dear CleanTalk Clients,

We have experienced a service outage that lasted approximately 12 hours and 15 minutes. Due to a failure with one of our servers, there was no connection from 5:15 PM (GMT0) on September 19th to 5:30 AM (GMT0) on September 20th. As a result, some spam attacks could be missed by our anti-spam plugins and reached backend of sites.

We are pleased to announce that the issue has been resolved and full service has been restored. Our team is now working to address any potential consequences of the outage and implement measures to prevent similar occurrences in the future.

September 20, 2024
Alerts vs Action: Update on the Malware Scanner by CleanTalk

We wanted to give you a heads-up about a small but important change regarding the differences between our Malware Scanner by CleanTalk trial and premium versions. Don’t worry, it’s nothing too big, but it is important. So, straight to business!

Here’s the thing: the trial version of our scanner is like having a super vigilant friend keeping an eye on your website 24/7. You know, that one friend who always spots trouble from a mile away? It’s constantly on the lookout, scouring every nook and cranny of your site for any signs of malware.

But, while our trial version is good at playing detective and searching for potential threats, it stays an alarm system. It will alert you to danger, but won’t chase it away.

Now, this is where our premium plan comes in. Imagine upgrading from that vigilant friend to a cyber-security superhero. Now malware isn’t only bound to be detected — it’s bound to be cured! You’re not just getting alerts — you’re getting instant healing.

So, while our trial version still shows its ability to keep an eye out for potential issues, your next-level problem-solving and peace of mind start with the paid plan.

We appreciate you taking the time to read this, and we want you to know how much we value having you as part of the CleanTalk family. Your online safety is our top priority, and we’re always working on ways to keep your website happy, healthy, and malware-free!

Questions? Concerns? Just a sudden urge to chat about web security? Don’t hesitate to reach out. We’re always here for you — and we love a good tech talk!

Stay awesome!

Update by September 6, 2024

Check this guide to identify a malware on WordPress.

August 28, 2024
How to Detect VPN IPs with CleanTalk BlackLists Database
In today’s digital world, ensuring the security and integrity of your website is paramount. One crucial aspect of this is detecting and managing traffic from VPNs (Virtual Private Networks). VPNs can be used for legitimate purposes, but they are also frequently used by spammers and malicious actors to mask their identities. CleanTalk’s BlackLists Database offers a powerful tool for identifying and managing VPN traffic. This guide will walk you through the process of detecting VPN IPs using CleanTalk BlackLists Database.

Why is it Important to Detect VPN Traffic?

Detecting VPN traffic is essential for several reasons:

Enhanced Security: VPNs can be used by malicious actors to hide their true IP addresses, making it harder to track their activities. By identifying and managing VPN traffic, you can better protect your website from potential threats.
Spam and Hacking Prevention: Spammers often use VPNs to bypass IP-based spam filters. Detecting VPN traffic helps in reducing spam submissions and maintaining the quality of user interactions on your site.
Accurate Analytics: VPNs can skew your website analytics by masking the true geographic locations of visitors. Identifying VPN traffic helps in maintaining more accurate visitor data.
CleanTalk BlackLists Database for VPN and Malicious Traffic Detection
CleanTalk’s BlackLists Database provides a comprehensive resource for identifying VPNs, hosting services, and other potentially harmful network types. The database includes information on the type of network, spam frequency, and whether the IP has been involved in spam or malicious activities.

Here’s an example of a response from the CleanTalk API:
```
{
  "data": {
    "IP_ADDRESS": {
      "domains_count": 0,
      "domains_list": null,
      "in_antispam_previous": 0,
      "spam_frequency_24h": 0,
      "spam_rate": 1,
      "in_security": 1,
      "country": "US",
      "in_antispam": 1,
      "frequency": 33,
      "in_antispam_updated": "2024-07-28 05:40:40",
      "updated": "2024-07-28 16:40:43",
      "appears": 1,
      "network_type": "hosting",
      "submitted": "2022-08-22 00:15:40",
      "sha256": "69b4bf5e24594462df40c591636ed9ad3438e8f2d6284069d0c71e8c0ee8a9ad"
    }
  }
}
```
In this response, the network_type is “hosting,” which often overlaps with VPN. For TOR networks, network_type will be ”tor”. For more accurate detection of traffic from VPN addresses, we recommend using the parameter in our API “network_type”. For networks belonging to VPN services, it will have the value “network_type”: “paid_vpn”. However, we also recommend using the “hosting” network type for more accurate traffic detection.

Some examples of IP types:
https://cleantalk.org/blacklists/85.192.161.161 IP type is not indefined
https://cleantalk.org/blacklists/67.223.118.81 IP is belongs to the hosting network type
https://cleantalk.org/blacklists/109.70.100.1 IP is belongs to the network TOR type
https://cleantalk.org/blacklists/66.249.64.25 IP is belongs to the network type good_bots (this is Google search bot).

Accessing CleanTalk BlackLists Database

You can access the CleanTalk BlackLists DataBase in two ways:
1. API Access: The API provides real-time updates and allows you to query IP addresses on demand. This is ideal for applications requiring the most up-to-date information.
2. Database Files: You can also download database files, which are updated hourly. This method is suitable for offline processing or bulk operations.
For detailed pricing information and access levels, visit CleanTalk’s pricing page.

Integration Capabilities

Example Code for Checking VPN IPs Using CleanTalk API
This example demonstrates how to use the CleanTalk API to check IP addresses and block traffic based on specific conditions.

Logic of the Check:
1. If the network type is neither “hosting” nor “good_bots”, block the IP address if the data was updated within the last 7 days and the spam frequency is greater than 5.
2. Block IP addresses if the network type is “hosting”, “paid_vpn” or “tor”.
3. Allow IP addresses if the network type is “good_bots”.
```
import requests
import datetime

API_KEY = 'your_api_key'
IP_ADDRESS = 'IP_ADDRESS'

response = requests.get(f'https://api.cleantalk.org/?method_name=spam_check&auth_key={API_KEY}&ip={IP_ADDRESS}')
data = response.json()

ip_info = data['data'][IP_ADDRESS]
network_type = ip_info['network_type']
updated_date = datetime.datetime.strptime(ip_info['updated'], '%Y-%m-%d %H:%M:%S')
frequency = ip_info['frequency']

# Check logic
if network_type in ['hosting', 'tor', 'paid_vpn']:
    print("Block this IP address")
elif network_type == 'good_bots':
    print("Allow this IP address")
elif (network_type != 'hosting' and network_type != 'good_bots' and 
      (datetime.datetime.now() - updated_date).days <= 7 and frequency > 5):
    print("Block this IP address")
else:
    print("Allow this IP address")
```
Description of the Logic Fetching Data from CleanTalk API:
1. A request is sent to the CleanTalk API to get information about the IP address.
2. The JSON response is parsed to extract information about the IP address.

Checking Network Type:
1. If network_type is “hosting”, “paid_vpn” or “tor”, the IP address is blocked.
2. If network_type is “good_bots”, the IP address is allowed.

Additional Check:
1. If the network type is neither “hosting” nor “good_bots”, the updated_date and frequency are checked.
2. If the data was updated within the last 7 days and the spam frequency is greater than 5, the IP address is blocked.
3. Otherwise, the IP address is allowed.
This code allows you to configure traffic filtering based on the network type and other parameters provided by the CleanTalk API, ensuring the security of your site and preventing unwanted traffic. You can learn more about using the spam_check API here https://cleantalk.org/help/api-spam-check.

Benefits of Using CleanTalk for VPN Detection

Using CleanTalk for VPN detection offers several advantages:
1. Comprehensive Coverage: CleanTalk’s database covers a wide range of IP addresses, including those used by VPNs, hosting services, and other potentially harmful networks.
2. Real-Time Data: The API provides real-time data, ensuring you always have the most current information.
3. Easy Integration: CleanTalk’s solutions are easy to integrate into your existing systems, offering flexibility and customization based on your specific needs.
4. Enhanced Security: By effectively identifying and managing VPN traffic, you can better protect your website from spam, fraud, and other malicious activities.
For more information about CleanTalk BlackLists Database, visit CleanTalk BlackLists.

Detecting VPN IPs is crucial for maintaining the security and integrity of your website. CleanTalk’s BlackLists Database provides a robust solution for identifying and managing VPN traffic. With real-time API access and comprehensive database files, you can ensure your site remains secure and spam-free. Explore CleanTalk’s pricing options to find the right plan for your needs and start protecting your site today.
August 2, 2024
Payment Issue Alert: Important Information and Our Actions to Resolve It
We’ve found a glitch in our payment system that messed up PayPal payments for about 300 of you who paid between May 1 and July 18. Some debit and credit cards didn’t get charged right. We understand fully that the problem is on our side. The team is working hard to fix things and make it right for everyone affected.

We’ve sent emails to people whose payments were wrong. You can also check your payment history to see if anything’s missing. We’ve marked the payments that didn’t go through.

What We Did
1. We’ve made sure you can continue using your account without interruption.
2. To thank you for your patience, we’re adding 3 extra months of service starting July 29th.
3. We kindly request that you process the payment for the original license period again.
Important Points to Note
- You’ll only be charged once, even if you pay again.
- The extra 3 months are our gift to you.
- You have until October 29, 2024, to finish paying.
Next Steps
1. Please verify your bank or PayPal statement to confirm whether the affected payment was charged.
2. Visit your payment history page to complete the payment. You can select a suitable package.
3. Click the “Renew” button to process the failed payment. This action will maintain your active license and initiate the bonus period.
Need Help?

We understand this may be frustrating. Sorry for the inconvenience it caused. Our support team is here to lend a hand, as always. Don’t hesitate to contact us.
July 30, 2024
Conversion rates, feature of AI and payments. Notes by Stripe Sessions 2024
A few months ago I’ve got a great chance to visit Stripe Sessions 2024 at SF, CA. Here are my notes from this,
1. Stripe uses machine learning to protect merchants against fraud, as data they look through completed transactions. They identify two types of fraud – card testing and card caching. The false positive rate is 0.05%, meaning 5 false transaction per 1,000. Here is our solution against fraud for Stripe’s merchants https://blog.cleantalk.org/preventing-stripe-fraudulent-payments/
2. Stripe offers around one hundred payment methods (besides cards) and recommends enabling these methods either manually with country linkage or conducting payment in the buyer’s local currency. In this case, Stripe automatically shows to buyers their local payment methods. In my opinion, payments in local currency brings losses on conversion to USD, but in return a merchant improves payment conversion rates.
3. Stripe recommends using an embedded payment form on the seller’s website instead of redirecting the user to the Stripe site. This increases conversion by up to 11% due to fewer clicks for the buyer. We are going to implement such feature on our payment page as well, p.cleantalk.org. Here is a draft of the new design.
4. For clients from the US and Europe, it makes sense to offer credit/installment options at checkout. A representative from affirm.com (online credits/installments) mentioned that they work with payments starting at $50, and adding such a payment method can increase conversion by up to 60%, as well as increase the average check (typical buyer behavior when purchasing on credit).
5. Stripe measures the reliability of its infrastructure by the number of seconds of downtime. Currently, their downtime is 26 seconds per month, which they consider a key product feature.
6. There was an interesting session with the CEO of Nvidia, Jensen. He said,
  We are currently experiencing a new industrial revolution, comparable to the time when humans transformed the energy of fire into steam, and then steam into electrons. Now electrons are being transformed into tokens (GPU computational cycles), and the number of these tokens will change the economy and industry. He is driving the AI industry towards solving real human problems, namely building multi-stage processes and using external (to AI) ways of solving problems. For example, AI should independently write an email or call a third party to provide the correct solution to the user who requested it. We use own AI to design new chips. Nvidia employees would never have started doing what AI is currently doing in chip design.
7. There were also several sessions on product design (Figma, Linear) and pricing systems (Adobe, Stripe). I didn’t learn anything new here; we are doing what the experts recommend.
8. Stripe has launched Usage-Based Billing, which is similar to our Pay-as-you-go model (that we have launched in the end of 2023). Interestingly, it features a simple API for interacting with Stripe’s billing system, and it provides real-time tracking of consumed resources and costs. In CleanTalk we considered using Stripe before starting work on our universal page but decided against it because Stripe didn’t support cross-selling. Otherwise, it’s a good solution if you don’t have the desire or capability to develop your own system.
9. At the developer session, about 80% of the audience (approximately 1000 developers) use GitHub Copilot (https://github.com/features/copilot), which is GitHub’s AI language model that assists with coding. From what I quickly gathered, this tool:
  - Writes documentation.
  - Writes unit tests.
  - Provides clear descriptions for pull requests and commits.
  - And, of course, writes code.
  - The head of development at GitHub explained that the system is designed so that the developer must oversee the AI-written code to avoid issues similar to Tesla’s self-driving problems. Overall, we should try it out.
10. Stripe is very focused on code documentation. They have many in-house developments to keep their documentation up to date, which they consider a strong point and a reason why they are widely used (which I think is true, as their documentation was among the best during my time as a developer).
11. To enter the corporate market, besides complying with ISO standards, it would be good to implement Bring Your Own Key (BYOK). This feature allows users to encrypt their cloud data with their own key.
12. Stripe sees a reduction in payment processing costs by offering users the least expensive payment methods for the seller (Surcharge). However, it’s unclear whether Stripe plans to launch this feature for everyone or if they are suggesting users consider this option themselves.
13. In the summer of 2024, Stripe is launching cryptocurrency payment acceptance. They had previously tried accepting such payments but abandoned it in 2018 because the process took up to 30 minutes (due to insufficient computing power on buyers’ devices). Now, thanks to the increased performance of client devices, they have reduced this process to 15 seconds.
14. We should look into Linear, as they have ideas regarding project management and tracking. As well as Mindbody, which provides software (SaaS) around fitness, including financial services for their clients.
Bonus

In San Francisco, self-driving taxis are already fairly common. White cars with sensors are seen in the photos. Subjectively, 2 out of 10 cars are on autopilot. It’s a bit eerie to imagine that such a car will come to pick you up and take you somewhere, it immediately reminds me of Skynet.

Patrick and Jensen

Fidji Simo, Patrick and John

John and Lawrence

Design talks

Payments features

Me, morning of the first day

Driver less taxi
July 24, 2024

CleanTalk

Sign up / Sign in

Solutions

Anti-Spam for websitee

Filter fake emails

Hide contact data

Stop spam emails in Contact form 7 (CF7)

Stop spam in Elementor form builder

Stop spam in WPForms

Website malware scanner

WordPress Security & Firewall Plugin

Documentation

License agreement

Signs of Malware

Contact us

Create a support ticket