CleanTalk's blog

Category: WordPress

Country Blocking. How to block access to your site from certain countries.
If you are the owner of a web site, then by default it is available for the entire planet. Many websites are simply not relevant to people in other countries. Thus, you should not expect significant traffic from them for granted.

If you notice that there are requests to your site from a particular country for which your content is insignificant or you just want to deny access to your website from one or more countries, you can easily use the CleanTalk services.

Most of the visits to the site are various bots, brute-force attempts, vulnerability scanners and content, products and prices, why not block access to my site from China if it is targeted at users from the USA? Sometimes the danger is greater than the occasional visitor from Pakistan, Iran or Côte d’Ivoire.

3 types of blocking by country

CleanTalk provides 3 different types of blocking users by country:
- Anti-Spam
- SpamFireWall
- Security FireWall(Only WordPress)
Anti-Spam

Blocking by country using Anti-Spam service allows you to block only comments/registrations and any POST requests on the site from users from certain countries. The site will be available for visitors and they can view it, but will not be able to leave a comment. It will be useful to block spam sent manually and some types of online threats (SQL injections) from these IP addresses. How to use Black/White lists for Anti-Spam service.

SpamFireWall

Blocking traffic by country using Spam FireWall allows you to partially block access to the site for the IP addresses of specific countries. All visitors from the blocked country will be given a special page, while ordinary users will be able to go through it and be able to view the site, comment and register, but bots will not be able to go through this page. This option is useful because it can significantly reduce the load on the site, since all POST/GET requests will be blocked and the site will not execute scripts for these requests, the blocking page almost does not consume any server resources. It can be used to block brute force attacks, vulnerability scanners, various bots, as well as to temporarily block traffic in some types of DoS attacks, when attackers send thousands of HTTP requests to the site, reduce the likelihood of hacking the site. How to use the Spam FireWall BlackList.

If you need to block comments and registrations for this country too, then use country blocking for Anti-Spam service.

WordPress Security FireWall

WordPress Security FireWall – tightly blocks access to the site for blocked countries. At the same time, all requests to the site will be blocked and visitors from these countries will not be able to go to the site pages. A blocking page will be displayed to visitors. This type of blocking will be useful to prevent all types of attacks on the web site via HTTP / HTTPS. How to use WordPress Security FireWall.

For all types of blocks requests are logged and available in the Dashboard for further analysis. All types of blocking allow to reduce the load on the site/server and block attacks on the site.

For most websites, we recommend blocking only problematic countries that have a large number of spam, brute force attacks, generate a large number of 404 errors on the website, or pose other security threats to your website. We also recommend that you review your block lists regularly.

For search bots Google, Bing, Yahoo, Baidu, MSN, Yandex and etc. we have made exceptions and they will not be blocked. Also, if you enter the IP address or network in the white list, this entry will have priority and requests will be skipped.

In addition to blocking by country, each type can use your personal lists to block individual IP addresses or IP networks.

How to identify the countries with the most spam activity on your site?

It is enough to go to the CleanTalk dashboard and to see the block with the spam attack map and Top Spam Requests statistics.

You can also view general statistics on spam attacks https://cleantalk.org/spam-stats

You can see data on website visitors by country in Google Analytics statistics.

We will be happy to answer your questions. Leave a comment below or create a private ticket.

Thank you!
April 4, 2019
Two-Factor Authentication for WordPress

CleanTalk has launched Two-Factor Authentication for WordPress admin accounts that will improve your website security and make it safer, if not impossible, for hackers to breach your WordPress account.

Two-Factor Authentication works via e-mail. It makes the Two-Factor Authentication more reliable. The reason is that if an intruder knows your password they also need to know your e-mail address that is being used to get an authorization code and the password to your e-mail.

This method almost eliminates the possibility for strangers to get access to your account.

It requires a bit of your time but Two-Factor Authentication immediately gives a much higher level of protection.

With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your authorization code. The plugin will remember your browser for 30 days.

To activate Two-Factor Authentication go to the settings of the CleanTalk Security plugin and enable the option “General Settings” -> “Miscellaneous” -> “Two-Factor Authentication”. The letter with your authorization code will be sent to your e-mail that you put into the general settings of your WordPress website.

You will be notified by e-mail each time the Two-Factor Authentication was successfully passed.

By spending a few minutes to set up Two-Factor Authentication you save your time and other resources by not having to deal with the consequences of the hacked website.

If you have any questions, we will be happy to help you.
You can leave a comment below or create a private ticket here.

January 29, 2019
Real-Time Email Address Existence Validation

Today we launched a new and important parameter to evaluate spambots. According to our statistics, almost 30% of all spam requests are made with fake email addresses, i.e. such addresses do not exist.

Previously, we could only check the existence of emails after the fact and use these data in the future; now we have started checking emails in real-time.

This new feature of CleanTalk grants the ability to check email addresses for existence in real-time.

Non-existing email addresses also entail several other problems for website owners:
• You can never contact them by email,
• The client will never receive any notifications from you (account activation letter, password recovery, email distribution, notifications, etc.),
• If you use email marketing for your clients, then a large number of nonexistent emails in the mailing list may result in your IP address being added to various blacklists of email servers.

The anti-spam service will block all requests with not real email addresses.
You can control such requests in the anti-spam dashboard, non-existent emails will have the “Fake email” status.

Checking emails for existence is available for all anti-spam plugins and is included in the standard package.

Update 05/23/2022

Encrypted SMTP support has been added,

Spam filtering service improved

You can leave a comment below or create a private ticket here.
We will be happy to answer your questions.
How to install CleanTalk Anti-Spam on your website.
Create an account or log in.
Thank you!

November 20, 2018
CleanTalk Anti-Spam with White Label mode

Warning! The instruction is out-of-date. The current guide can be found here.

We have developed the White label mode to make usage of the service for hosting more comfortable and it virtually eliminates the interaction between CleanTalk and hosting clients. This option is available only for WordPress MultiSite.

It also allows changing logos, links to your own. Your clients don’t need to get an access key, and the anti-spam logs and statistics will be available in the plugin settings, in the admin panel.

How to enable White label Mode
You have to edit wp-config.php in WordPress and add this code:
define(‘APBCT_WHITELABLE’, true);
define(‘APBCT_HOSTER_API_KEY’, ‘YOUR_HOSTER_API_KEY’);

Where YOUR_HOSTER_API_KEY is a key from your CleanTalk’s hoster panel.

So, you can change other details of the plugin in your CleanTalk Dashboard.

Learn more, how to configure your own hosting service.

Let us know if you have any questions and we will be happy to help you.
Leave a comment below or Create a private ticket.

Thank you!

November 20, 2018
CleanTalk Web Application FireWall for WordPress Security Plugin

Hello,

We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

Learn more, how to set up and test
https://cleantalk.org/help/security-waf

August 1, 2018
“Feedback System” for analyzing suspicious files for WordPress Security

Hello,

We are happy to introduce our “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security Plugin that allows sending suspicious files from WordPress backend to CleanTalk cloud.

So, CleanTalk WordPress Security Plugin includes a Malware Scanner and there may be situations after scanning when you don’t know, is there a bad code or not, especially if you don’t have a programming experience. Well, you will be able to send some files to CleanTalk and we will check them. After checking we will send you an email notification with results.

Please, look at our guide How file analyzes works.

July 24, 2018
BlackList by Language
Spam spreads not only in English. Many spam messages are written in Chinese, Arabic, Japanese or Korean languages.

If your website isn’t aimed at an international audience, and you don’t expect comments/users from other languages. For example, your website is about fishing in Ireland and you don’t want to have comments from the Chinese language.

We added a new filter to block comment/messages by languages. That allows you to automatically block comments, messages from languages for which you have set a ban.

At the moment, the blacklist of languages allows adding for blocking next languages:
- Chinese
- Korean
- Japanese
- Hindi
- Arabic
This option is useful in cases of protection from manual spam and enhances protection.

CleanTalk informs you about the occurrence of an opportunity to manage personal black/white lists. You can view, add, and delete their items in the Control Panel. You can add languages to the blacklist in dashboard CleanTalk -> Black&White lists or use the link https://cleantalk.org/my/show_private.
June 4, 2018
CleanTalk Malware Scanner — heuristic code analysis
We have already talked about the launch of security service for WordPress in the previous article. Today we want to talk about the launch of heuristic analysis to detect malicious code.

The very presence of malicious code can lead to a ban in search results or a warning in the search for that the site is infected, to protect users from potentially dangerous content.

You can find malicious code on your own, but it’s a lot of work and most WordPress users do not have the necessary skills to find and remove unnecessary lines of code.

Often, the authors of malicious code disguise it, which makes it difficult to determine by its signatures. The malicious code itself can be located anywhere on the site, for example the obfuscated PHP-code in the logo.png file, and the code itself is called by one inconspicuous line in index.php. Therefore, the use of plugins to search for malicious code is preferable.

CleanTalk on the first scan scans all WordPress kernel files, plugins and themes. When rescanning, only those files that have changed since the last scan were scanned. This saves resources and increases scanning speed.

How heuristic analysis works

One of the main disadvantages of heuristic analysis is that it is quite slow, so we use it only when it is really necessary. First of all, we divide the source code into lexemes (the minimal language construct) and remove all unnecessary:
1. Space symbols.
2. Comment of different types.
3. Not PHP code (outside of tags <?php ?> )
Next, we recursively simplify the code until there are no “complex constructs”:
1. Perform concatenation of strings.
2. Substitution of variables into variables.
3. and other
Also, in the process of simplifying the code, we monitor the origin of the variables and many others.

In the end, we get a clean code that can be analyzed. It is very important that we get the code not in the form of a string, but in the form of lexemes. Thus, we know where the lexeme is a string with the desired text, and where the lexeme function is.

In the sense of finding “bad constructs” eval for us there is a difference:
```
<?php echo 'eval("echo \"some\"")'; ?>
```
— in this case there will be no lexeme T_EVAL,

there is a lexeme T_CONSTANT_ENCAPSED_STRING ‘eval (“echo \” eval\”)’
```
<?php eval('echo "some"'); ?>
```
– and here it is. And this is the version we will find.

We look for such constructs, we break them down into degrees of criticality:

Critical:
- eval
- include* и require*
- - with bad file extension
  - non-existent files (will be deleted in the next versions)
  - connecting deleted files
Dangerous
- system
- passthru
- proc_open
- exec
- include* и require*
  - with the error suppression operator (will be deleted in the next versions)
  - with variables depending on POST or GET.
Suspicious
- base64_encode
- str_rot13
- syslog
And other.

We are constantly improving this analysis: adding new constructions to search, reducing the number of false alarm, optimize the simplification of the code.

In the plans to teach it to detect and decode strings encoded in URL and BASE64 and others.

The plugin itself is available in the WordPress directory.
April 23, 2018
Anti-Spam Filter for IP Networks

Dear customers!

CleanTalk has expanded the functions of personal blacklists.

We’ve just added a support in your private blacklists to block separate IP networks.

This will allow you to use the service to block IP networks that use spammers. Very often spammers buy servers from hosting companies or virtual servers and use them to send a spam. So, your website hasn’t to receive a comments/registrations from hosting IPs because a real people never use their IPs. There can be only XML-PRC requests but it is not important because this protocol is using for other attacks such as brute-force and DDoS via XML-RPC pingbacks.

The instruction of how to add entries to your personal blacklists can be found here:
https://cleantalk.org/help/I-want-to-block-ip

April 10, 2018
Automating CleanTalk Anti-Spam Updates for WordPress
If you serve a couple of sites, then updating the plugins does not cause any difficulties. Difficulties appear if you serve a few dozen, or even hundreds of sites.

CleanTalk Anti-spam requires frequent updates (we have to release a new version every 1-2 weeks), there are many reasons for this.

WordPress, as a designer, has a huge number of plugins, themes, widgets, etc. which are not always designed with WordPress Codex, have different architecture and event handling. Therefore, CleanTalk integration errors can occur with different components, especially rare ones.

Each complex service that uses a large amount of data, changes backend, changes in logic and a lot of the rest, require changes in the plugin.

At our update rates for the plugin, the auto-update option is required. If this option is done in the plugin’s settings, then the user will still need to go to each site in the plugin’s settings and install it. But what to do in a situation where the user does not want to include auto-update, but you need to update the plug-in immediately on one hundred sites?

For the convenience of service management, the auto-update option was implemented in the Service Control Panel.

Auto-update allows you to update the plugin one time at a single site, a group of sites, or enable auto-update on all sites.

How it works

Historically, we are monitoring the client version of the plugin, and when clients are contacted and feedback analysis, we need to know the version of the plugin that is being used. Each anti-spam plugin, with each request, sends its version in the parameters. The version number is compared with the number in the repository, and if the versions are different, then in the Control Panel we show a warning about the need for an update.

Next, when clicking on a link, a modal window opens with options for updates.

When the option is selected, the server makes a special request to the plugin on the client’s site.

The plugin, having received the call, checks the parameters of the call for authenticity and starts work. Auto-update is implemented through a modified class of auto-update plugins WordPress. After the class is finished, the plugin checks the version of the updated files and makes a request to the site (itself). If the HTTP response code is 200, it reports this to the server by displaying it on the “OK” page and makes a special API call, reporting on the new version. If the response code is different from 200, the plugin does a rollback of the files to the previous version and responds north with a string with an error code and technical parameters.

After a successful update, the status in the Service Control Panel changes to “App has been updated”.

How to set up an auto-update

Please, go to your CleanTalk Dashboard.
- Choose a website that needs to update the plugin.
- Click on the link Update app.
- Next step, in pop-up you can choose:
  do a manual update and the plugin will be updated immediately. You can do this action for all websites
  or
  set auto-update, in the next time plugin will be updated automatically.
March 26, 2018

CleanTalk

Sign up / Sign in

Solutions

Anti-Spam for websitee

Filter fake emails

Hide contact data

Stop spam emails in Contact form 7 (CF7)

Stop spam in Elementor form builder

Stop spam in WPForms

Website malware scanner

WordPress Security & Firewall Plugin

Documentation

License agreement

Signs of Malware

Contact us

Create a support ticket