CleanTalk's blog

    Sign up

    Category: WordPress

    • CleanTalk Anti-Spam with White Label mode

      Warning! The instruction is out-of-date. The current guide can be found here.

      We have developed the White label mode to make usage of the service for hosting more comfortable and it virtually eliminates the interaction between CleanTalk and hosting clients. This option is available only for WordPress MultiSite.

      It also allows changing logos, links to your own. Your clients don’t need to get an access key, and the anti-spam logs and statistics will be available in the plugin settings, in the admin panel.

      How to enable White label Mode
      You have to edit wp-config.php in WordPress and add this code:
      define(‘APBCT_WHITELABLE’, true);
      define(‘APBCT_HOSTER_API_KEY’, ‘YOUR_HOSTER_API_KEY’);

      Where YOUR_HOSTER_API_KEY is a key from your CleanTalk’s hoster panel.

      So, you can change other details of the plugin in your CleanTalk Dashboard.

      Learn more, how to configure your own hosting service.

      Let us know if you have any questions and we will be happy to help you.
      Leave a comment below or Create a private ticket.

      Thank you!

    • CleanTalk Web Application FireWall for WordPress Security Plugin

      Hello,

      We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

      It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

      So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

      WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

      So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

      In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

      CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

      Learn more, how to set up and test
      https://cleantalk.org/help/security-waf

    • “Feedback System” for analyzing suspicious files for WordPress Security

      Hello,

      We are happy to introduce our “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security Plugin that allows sending suspicious files from WordPress backend to CleanTalk cloud.

      So, CleanTalk WordPress Security Plugin includes a Malware Scanner and there may be situations after scanning when you don’t know, is there a bad code or not, especially if you don’t have a programming experience. Well, you will be able to send some files to CleanTalk and we will check them. After checking we will send you an email notification with results.

      Please, look at our guide How file analyzes works.

    • BlackList by Language

      Spam spreads not only in English. Many spam messages are written in Chinese, Arabic, Japanese or Korean languages.

      If your website isn’t aimed at an international audience, and you don’t expect comments/users from other languages. For example, your website is about fishing in Ireland and you don’t want to have comments from the Chinese language.

      We added a new filter to block comment/messages by languages. That allows you to automatically block comments, messages from languages for which you have set a ban.

      At the moment, the blacklist of languages allows adding for blocking next languages:

      • Chinese
      • Korean
      • Japanese
      • Hindi
      • Arabic

      This option is useful in cases of protection from manual spam and enhances protection.

      CleanTalk informs you about the occurrence of an opportunity to manage personal black/white lists. You can view, add, and delete their items in the Control Panel. You can add languages to the blacklist in dashboard CleanTalk -> Black&White lists or use the link https://cleantalk.org/my/show_private.

    • CleanTalk Malware Scanner — heuristic code analysis

      CleanTalk Malware Scanner — heuristic code analysis

      We have already talked about the launch of security service for WordPress in the previous article. Today we want to talk about the launch of heuristic analysis to detect malicious code.

      The very presence of malicious code can lead to a ban in search results or a warning in the search for that the site is infected, to protect users from potentially dangerous content.

      You can find malicious code on your own, but it’s a lot of work and most WordPress users do not have the necessary skills to find and remove unnecessary lines of code.

      Often, the authors of malicious code disguise it, which makes it difficult to determine by its signatures. The malicious code itself can be located anywhere on the site, for example the obfuscated PHP-code in the logo.png file, and the code itself is called by one inconspicuous line in index.php. Therefore, the use of plugins to search for malicious code is preferable.

      CleanTalk on the first scan scans all WordPress kernel files, plugins and themes. When rescanning, only those files that have changed since the last scan were scanned. This saves resources and increases scanning speed.

      How heuristic analysis works

      One of the main disadvantages of heuristic analysis is that it is quite slow, so we use it only when it is really necessary. First of all, we divide the source code into lexemes (the minimal language construct) and remove all unnecessary:

      1. Space symbols.
      2. Comment of different types.
      3. Not PHP code (outside of tags <?php ?> )

      Next, we recursively simplify the code until there are no “complex constructs”:

      1. Perform concatenation of strings.
      2. Substitution of variables into variables.
      3. and other

      Also, in the process of simplifying the code, we monitor the origin of the variables and many others.

      In the end, we get a clean code that can be analyzed. It is very important that we get the code not in the form of a string, but in the form of lexemes. Thus, we know where the lexeme is a string with the desired text, and where the lexeme function is.

      In the sense of finding “bad constructs” eval for us there is a difference:

      <?php echo 'eval("echo \"some\"")'; ?>

       

      — in this case there will be no lexeme T_EVAL,

      there is a lexeme T_CONSTANT_ENCAPSED_STRING ‘eval (“echo \” eval\”)’

      <?php eval('echo "some"'); ?>

      – and here it is. And this is the version we will find.

      We look for such constructs, we break them down into degrees of criticality:

      Critical:

      • eval
      • include* и require*
        • with bad file extension
        • non-existent files (will be deleted in the next  versions)
        • connecting deleted files

      Dangerous

      • system
      • passthru
      • proc_open
      • exec
      • include* и require*
        • with the error suppression operator (will be deleted in the next versions)
        • with variables depending on POST or GET.

      Suspicious

      • base64_encode
      • str_rot13
      • syslog

      And other.

      We are constantly improving this analysis: adding new constructions to search, reducing the number of false alarm, optimize the simplification of the code.

      In the plans to teach it to detect and decode strings encoded in URL and BASE64 and others.

      The plugin itself is available in the WordPress directory.

    • Anti-Spam Filter for IP Networks

      Dear customers!

      CleanTalk has expanded the functions of personal blacklists.

      We’ve just added a support in your private blacklists to block separate IP networks.

      This will allow you to use the service to block IP networks that use spammers. Very often spammers buy servers from hosting companies or virtual servers and use them to send a spam. So, your website hasn’t to receive a comments/registrations from hosting IPs because a real people never use their IPs. There can be only XML-PRC requests but it is not important because this protocol is using for other attacks such as brute-force and DDoS via XML-RPC pingbacks.

      The instruction of how to add entries to your personal blacklists can be found here:
      https://cleantalk.org/help/I-want-to-block-ip

    • Automating CleanTalk Anti-Spam Updates for WordPress

      Automating CleanTalk Anti-Spam Updates for WordPress

      If you serve a couple of sites, then updating the plugins does not cause any difficulties. Difficulties appear if you serve a few dozen, or even hundreds of sites.

      CleanTalk Anti-spam requires frequent updates (we have to release a new version every 1-2 weeks), there are many reasons for this.

      WordPress, as a designer, has a huge number of plugins, themes, widgets, etc. which are not always designed with WordPress Codex, have different architecture and event handling. Therefore, CleanTalk integration errors can occur with different components, especially rare ones.

      Each complex service that uses a large amount of data, changes backend, changes in logic and a lot of the rest, require changes in the plugin.

      At our update rates for the plugin, the auto-update option is required. If this option is done in the plugin’s settings, then the user will still need to go to each site in the plugin’s settings and install it. But what to do in a situation where the user does not want to include auto-update, but you need to update the plug-in immediately on one hundred sites?

      For the convenience of service management, the auto-update option was implemented in the Service Control Panel.

      Auto-update allows you to update the plugin one time at a single site, a group of sites, or enable auto-update on all sites.

      How it works

      Historically, we are monitoring the client version of the plugin, and when clients are contacted and feedback analysis, we need to know the version of the plugin that is being used. Each anti-spam plugin, with each request, sends its version in the parameters. The version number is compared with the number in the repository, and if the versions are different, then in the Control Panel we show a warning about the need for an update.

      Next, when clicking on a link, a modal window opens with options for updates.

      When the option is selected, the server makes a special request to the plugin on the client’s site.

      The plugin, having received the call, checks the parameters of the call for authenticity and starts work. Auto-update is implemented through a modified class of auto-update plugins WordPress. After the class is finished, the plugin checks the version of the updated files and makes a request to the site (itself). If the HTTP response code is 200, it reports this to the server by displaying it on the “OK” page and makes a special API call, reporting on the new version. If the response code is different from 200, the plugin does a rollback of the files to the previous version and responds north with a string with an error code and technical parameters.

      After a successful update, the status in the Service Control Panel changes to “App has been updated”.

      How to set up an auto-update

      Please, go to your CleanTalk Dashboard.

      • Choose a website that needs to update the plugin.
      • Click on the link Update app.
      • Next step, in pop-up you can choose:
        do a manual update and the plugin will be updated immediately. You can do this action for all websites
        or
        set auto-update, in the next time plugin will be updated automatically.

    • Auto-Update for CleanTalk Anti-Spam Plugin

      Updating plugins and themes on the site can be a problem for website owners. This is especially true for webmasters who support several websites, you have to go to every website and make an update, and it takes your time. We have released an update that will perform this routine task and will update CleanTalk Anti-Spam on all sites at once.

      CleanTalk Dashboard allows you to select several websites and update the plugin at once on all sites one click or you can setup auto-update for all websites or separate websites.
      Note: there is 24 hours delay before auto-update will do. This delay allows needing to avoid any issues. All updates that made through CleanTalk Dashboard manually will do immediately.

      How does it work?

      • Manual update on all or selected websites at once.
      • Auto-update on all or selected websites at once.

      Please, go to your CleanTalk Dashboard.

      • Choose a website that needs to update the plugin.
      • Click on the link Update app.
      • Next step, in pop-up you can choose:
        do a manual update and the plugin will be updated immediately. You can do this action for all websites
        or
        set auto-update, in the next time plugin will be updated automatically.

      In the end, enjoy you saved your time.

      Auto-updating system will work from CleanTalk Anti-Spam version 5.88

    • Spammers attack by using CleanTalk’s email

      Hello,
      We have to inform you that today we have been attacked by spammers who used our email for sending spam comments/registrations/subscriptions. At the moment, a total of about 4,000 websites were affected.
    • Checking Outbound Links with CleanTalk Security

      Checking Outbound Links with CleanTalk Security

      Outbound links have an effect on your SEO and when search crawls your web pages all of the outbound links may be an important thing for page ranking.

      We have added the option “Scan outbound links” in our WordPress Security Plugin.

      This option allows you to let know the number of outgoing links from your website and websites on which they linking to. All websites will be checked by our Database and will show results if they were used as links in spam messages. It allows you to check your website and find hidden links or spam links.

      You should always remember if you have links to other websites which have a bad reputation, it will be able to have an effect your on visitor’s trust and your SEO.

      To launch External Links Check go to your WordPress admin panel -> Settings -> Security by CleanTalk -> General Settings and pick Scan Links option. Next step, go to the tab “Malware Scanner” and press the button “Perform Scan”.

      The first step in the scanning is searching for malware in WordPress files, the second step is searching for links in your whole website including theme files, posts, and comments.

      The result of the scanning will be the list of each link you have. You can look it through and decide what links are unnecessary and delete them.