CleanTalk's blog

    Sign up

    Category: CleanTalk

    • New option. Settings templates

      New option. Settings templates

      Dear customers, we are pleased to present you a new option that simplifies management settings if you have a lot of sites. CleanTalk allows you to create templates for the control panel and plugin settings.

      Templates for the control panel settings

      If you need the same site settings in the control panel, you can select the site whose settings you want to apply to all other sites and create a template based on it. Next, you can apply this template to one, all or several sites and the control panel settings will be applied to the selected sites.

      You can also set a default template and this template will be automatically applied to all new sites that you add to the service control panel.

      You can create several templates and apply the desired template when adding a new site. You can see detailed instructions on how to use control panel templates here https://cleantalk.org/help/dashboard-template

      Templates for Anti-Spam and Security plugins

      A new Import/Export settings option has been added to the plugin. With this option, you can create a plugin settings template and transfer the settings to your other site. When installing the plugin on a new site, you can import settings from an existing template. Import/Export option works only in the WordPress plugin.

      You can add control panel settings and site settings to one template and apply them to multiple sites at the same time, or set a default template.

      You can see detailed instructions on how to use plugin templates here
      https://cleantalk.org/help/plugin-template

      If you have any questions, add a comment and we will be happy to help you.

    • How to change wp-login URL

      How to change wp-login URL

      Hello,

      We have updated the WordPress CleanTalk Security plugin and added a new option that allows you to change the URL of the authorization page wp-login.

      This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.

      How to enable option to change wp-login URL

      The option allows you to easily change the address of the authorization page to any desired one.
      To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
      You can customize the URL of the page to redirect users who visited the page with the default URL of the wp-login page.

      This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.

      Using an authorization page with a non-default address significantly increases the security of your site’s accounts from hacking using brute-force attacks.

      If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.

      Don’t forget to bookmark your new wp-login page URL.

      If you have any questions, add a comment and we will be happy to help you.

    • Download the Blacklist IPs Database

      Download the Blacklist IPs Database

      Hello,

      We are pleased to announce the expansion of the BlackList API capabilities. We have automated the process of gaining access to downloading spam IP/Email addresses that are on the CleanTalk blacklists.

      We have supplemented the BlackList API packages and added the ability to download the blacklist database, and when purchasing the BlackList API package, you are given access to the SFTP server. You can see the price list here https://cleantalk.org/price-database-api.

      The server uploads spam data to active IP/Email addresses that currently have the BlackListed status. You can select the required level of spam activity for download addresses. The data is provided in CSV and IPSet formats and is updated once an hour.

      Offline BlackList Database is included in the BlackList API package and you can use both the spam_check API and download files with spam active addresses for use in your applications or firewall.

      See our instruction, How to connect CleanTalk IPSet spam IP Database to IPtables.

      If you have any questions, add a comment and we will be happy to help you.

    • Country Blocking. How to block access to your site from certain countries.

      If you are the owner of a web site, then by default it is available for the entire planet. Many websites are simply not relevant to people in other countries. Thus, you should not expect significant traffic from them for granted.

      If you notice that there are requests to your site from a particular country for which your content is insignificant or you just want to deny access to your website from one or more countries, you can easily use the CleanTalk services.

      Most of the visits to the site are various bots, brute-force attempts, vulnerability scanners and content, products and prices, why not block access to my site from China if it is targeted at users from the USA? Sometimes the danger is greater than the occasional visitor from Pakistan, Iran or Côte d’Ivoire.

      3 types of blocking by country

      CleanTalk provides 3 different types of blocking users by country:

      • Anti-Spam
      • SpamFireWall
      • Security FireWall(Only WordPress)

      Anti-Spam

      Blocking by country using Anti-Spam service allows you to block only comments/registrations and any POST requests on the site from users from certain countries. The site will be available for visitors and they can view it, but will not be able to leave a comment. It will be useful to block spam sent manually and some types of online threats (SQL injections) from these IP addresses. How to use Black/White lists for Anti-Spam service.

      SpamFireWall

      Blocking traffic by country using Spam FireWall allows you to partially block access to the site for the IP addresses of specific countries. All visitors from the blocked country will be given a special page, while ordinary users will be able to go through it and be able to view the site, comment and register, but bots will not be able to go through this page. This option is useful because it can significantly reduce the load on the site, since all POST/GET requests will be blocked and the site will not execute scripts for these requests, the blocking page almost does not consume any server resources. It can be used to block brute force attacks, vulnerability scanners, various bots, as well as to temporarily block traffic in some types of DoS attacks, when attackers send thousands of HTTP requests to the site, reduce the likelihood of hacking the site. How to use the Spam FireWall BlackList.

      If you need to block comments and registrations for this country too, then use country blocking for Anti-Spam service.

      WordPress Security FireWall

      WordPress Security FireWall – tightly blocks access to the site for blocked countries. At the same time, all requests to the site will be blocked and visitors from these countries will not be able to go to the site pages. A blocking page will be displayed to visitors. This type of blocking will be useful to prevent all types of attacks on the web site via HTTP / HTTPS. How to use WordPress Security FireWall.

      For all types of blocks requests are logged and available in the Dashboard for further analysis. All types of blocking allow to reduce the load on the site/server and block attacks on the site.

      For most websites, we recommend blocking only problematic countries that have a large number of spam, brute force attacks, generate a large number of 404 errors on the website, or pose other security threats to your website. We also recommend that you review your block lists regularly.

      For search bots Google, Bing, Yahoo, Baidu, MSN, Yandex and etc. we have made exceptions and they will not be blocked. Also, if you enter the IP address or network in the white list, this entry will have priority and requests will be skipped.

      In addition to blocking by country, each type can use your personal lists to block individual IP addresses or IP networks.

      How to identify the countries with the most spam activity on your site?

      It is enough to go to the CleanTalk dashboard and to see the block with the spam attack map and Top Spam Requests statistics.

      You can also view general statistics on spam attacks https://cleantalk.org/spam-stats

      You can see data on website visitors by country in Google Analytics statistics.

      We will be happy to answer your questions. Leave a comment below or create a private ticket.

      Thank you!

    • Update to block messages by language

      We have added Cyrillic languages to the blacklist. So, if you don’t expect a comment on your website from Cyrillic languages you will be able to block all messages that contain Cyrillic symbols.

      At the moment, the blacklist of languages allows adding for blocking the next languages:

      • Chinese
      • Korean
      • Japanese
      • Hindi
      • Arabic
      • Cyrillic

      CleanTalk informs you about the occurrence of an opportunity to manage personal black/white lists. You can view, add, and delete their items in the Control Panel. You can add languages to the blacklist in dashboard CleanTalk -> Black&White lists or use the link https://cleantalk.org/my/show_private.

      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • Two-Factor Authentication for WordPress

      CleanTalk has launched Two-Factor Authentication for WordPress admin accounts that will improve your website security and make it safer, if not impossible, for hackers to breach your WordPress account.


      Two-Factor Authentication works via e-mail. It makes the Two-Factor Authentication more reliable. The reason is that if an intruder knows your password they also need to know your e-mail address that is being used to get an authorization code and the password to your e-mail.

      This method almost eliminates the possibility for strangers to get access to your account.


      It requires a bit of your time but Two-Factor Authentication immediately gives a much higher level of protection.


      With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your authorization code. The plugin will remember your browser for 30 days.


      To activate Two-Factor Authentication go to the settings of the CleanTalk Security plugin and enable the option  “General Settings” -> “Miscellaneous” -> “Two-Factor Authentication”. The letter with your authorization code will be sent to your e-mail that you put into the general settings of your WordPress website.


      You will be notified by e-mail each time the Two-Factor Authentication was successfully passed.


      By spending a few minutes to set up Two-Factor Authentication you save your time and other resources by not having to deal with the consequences of the hacked website.


      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • Real-Time Email Address Existence Validation

      Real-Time Email Address Existence Validation

      Today we launched a new and important parameter to evaluate spambots. According to our statistics, almost 30% of all spam requests are made with fake email addresses, i.e. such addresses do not exist.

      Previously, we could only check the existence of emails after the fact and use these data in the future; now we have started checking emails in real-time.

      This new feature of CleanTalk grants the ability to check email addresses for existence in real-time.

      Non-existing email addresses also entail several other problems for website owners:
      • You can never contact them by email,
      • The client will never receive any notifications from you (account activation letter, password recovery, email distribution, notifications, etc.),
      • If you use email marketing for your clients, then a large number of nonexistent emails in the mailing list may result in your IP address being added to various blacklists of email servers.

      The anti-spam service will block all requests with not real email addresses.
      You can control such requests in the anti-spam dashboard, non-existent emails will have the “Fake email” status.

      Checking emails for existence is available for all anti-spam plugins and is included in the standard package.

      Update 05/23/2022

      Encrypted SMTP support has been added,

      Spam filtering service improved

      You can leave a comment below or create a private ticket here.
      We will be happy to answer your questions.
      How to install CleanTalk Anti-Spam on your website.
      Create an account or log in.
      Thank you!

    • CleanTalk Anti-Spam with White Label mode

      Warning! The instruction is out-of-date. The current guide can be found here.

      We have developed the White label mode to make usage of the service for hosting more comfortable and it virtually eliminates the interaction between CleanTalk and hosting clients. This option is available only for WordPress MultiSite.

      It also allows changing logos, links to your own. Your clients don’t need to get an access key, and the anti-spam logs and statistics will be available in the plugin settings, in the admin panel.

      How to enable White label Mode
      You have to edit wp-config.php in WordPress and add this code:
      define(‘APBCT_WHITELABLE’, true);
      define(‘APBCT_HOSTER_API_KEY’, ‘YOUR_HOSTER_API_KEY’);

      Where YOUR_HOSTER_API_KEY is a key from your CleanTalk’s hoster panel.

      So, you can change other details of the plugin in your CleanTalk Dashboard.

      Learn more, how to configure your own hosting service.

      Let us know if you have any questions and we will be happy to help you.
      Leave a comment below or Create a private ticket.

      Thank you!

    • How to Stop Profanity and Obscene Words on Your Website

      CleanTalk makes possible to prevent comments and messages with obscene words to appear on your website. Stop-Words Option allows blocking comments which contain words and phrases from your stop-word list. Such comments will be held for moderation. Stop-Words Option could be enabled for comments and forum posts.

      How Stop-Words Work

      If you activated Stop-Words the CleanTalk service will check texts for having words you have put in your list of forbidden words, if any of the words or phrases are detected then the comment will be sent for moderation. Checking for stop-words is available for comments and nicknames.

      Using Stop-Words to Enhance Anti-Spam Protection

      You can prevent manual spam by adding words and phrases that are being used in spam mailing. In case of manual spam there are no spambots but real human beings who visit websites and post spam comments. To know what words you should block it’s enough to look at spam mailing texts or spam comments, most likely you will see some patterns or repeatable text parts.

      How to Add Stop-Words

      The option could be enabled on your Personal Lists page. Please, follow this guide:
      https://cleantalk.org/help/stop-word

      The Stop-Words Option is included in the Extra Package. Go to your CleanTalk Control Panel to see more details.
      https://cleantalk.org/my/bill/recharge

      Please feel free to contact us anytime, we will gladly answer your questions.

      Leave a comment here or Create a private ticket.

      Thank you!

      P.S.
      We have prepared our list of stop words and you can use it completely or edit it when adding it.
      Here is a list of stop words that we have prepared to stop some of the manual spam comments.

    • CleanTalk Web Application FireWall for WordPress Security Plugin

      Hello,

      We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

      It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

      So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

      WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

      So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

      In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

      CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

      Learn more, how to set up and test
      https://cleantalk.org/help/security-waf