Spam protection, AntiSpam, FireWall by CleanTalk - Version 5.28.7

Version Description

2015-10-23 = * Optimized PHP sessions creation algorithm. This fix should increase plugin perfomance on hostings without retenion of PHP sessions files. * Removed autoredirection to plugin settings after plugin activation.

Download this release

Release Info

Developer shagimuratov
Plugin Icon 128x128 Spam protection, AntiSpam, FireWall by CleanTalk
Version 5.28.7
Comparing to
See all releases

Code changes from version 5.28-debug to 5.28.7

cleantalk.php CHANGED
@@ -3,11 +3,11 @@
3
  Plugin Name: Anti-Spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, captcha less, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6
- Version: 5.28.5
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
- $cleantalk_plugin_version='5.28.5';
11
  $cleantalk_executed=false;
12
 
13
  if(defined('CLEANTALK_AJAX_USE_BUFFER'))
3
  Plugin Name: Anti-Spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, captcha less, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6
+ Version: 5.28.7
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
+ $cleantalk_plugin_version='5.28.7';
11
  $cleantalk_executed=false;
12
 
13
  if(defined('CLEANTALK_AJAX_USE_BUFFER'))
inc/cleantalk-common.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
 
3
- $ct_agent_version = 'wordpress-5285';
4
  $ct_plugin_name = 'Anti-spam by CleanTalk';
5
  $ct_checkjs_frm = 'ct_checkjs_frm';
6
  $ct_checkjs_register_form = 'ct_checkjs_register_form';
@@ -143,54 +143,8 @@ function ct_base_call($params = array()) {
143
 
144
  $ct_options=ct_get_options();
145
  $ct_data=ct_get_data();
146
- @header("CtBaseCall: get options & data");
147
 
148
- /*if(defined('CLEANTALK_CHECK_MESSAGES_NUMBER'))
149
- {
150
- $messages_check_number = CLEANTALK_CHECK_MESSAGES_NUMBER;
151
- }
152
- else
153
- {
154
- $messages_check_number = 3;
155
- }
156
-
157
- $is_max_messages = false;
158
- $is_logged_in = false;
159
- $user_id = 0;
160
- $user_cnt = 0;
161
- if(isset($ct_options['check_messages_number']))
162
- {
163
- $value = @intval($ct_options['check_messages_number']);
164
- }
165
- else
166
- {
167
- $value=0;
168
- }
169
-
170
- if($value == 1 && is_user_logged_in())
171
- {
172
- $is_logged_in = true;
173
- $user_id = get_current_user_id();
174
- $user_cnt = get_user_meta( $user_id, 'cleantalk_messages_number', true );
175
- if($user_cnt===false)
176
- {
177
- $user_cnt = 0;
178
- }
179
- if($user_cnt!==false && $user_cnt > $messages_check_number)
180
- {
181
- $is_max_messages = true;
182
- }
183
- }
184
-
185
- if($is_max_messages)
186
- {
187
- $ct_result = new stdClass();
188
- $ct_result->allow = 1;
189
- return array('ct' => null, 'ct_result' => $ct_result);
190
- }*/
191
-
192
  require_once('cleantalk.class.php');
193
- @header("CtBaseCall: include class");
194
 
195
  $submit_time = submit_time_test();
196
 
@@ -201,7 +155,6 @@ function ct_base_call($params = array()) {
201
  $sender_info = json_encode($sender_info);
202
  if ($sender_info === false)
203
  $sender_info = '';
204
- @header("CtBaseCall: get sender info");
205
 
206
  $config = get_option('cleantalk_server');
207
 
@@ -231,10 +184,8 @@ function ct_base_call($params = array()) {
231
  $ct_request->last_error_time=$ct_data['last_error_time'];
232
  $ct_request->last_error_text=$ct_data['last_error_text'];
233
  }
234
- @header("CtBaseCall: fill request");
235
 
236
  $ct_result = $ct->isAllowMessage($ct_request);
237
- @header("CtBaseCall: execute isAllowMessage");
238
  if ($ct->server_change) {
239
  update_option(
240
  'cleantalk_server', array(
@@ -264,7 +215,6 @@ function ct_base_call($params = array()) {
264
  if ($ct_result->allow == 0) {
265
  ct_init_session();
266
 
267
- @header("CtBaseCall: result not allow");
268
  $_SESSION[$ct_formtime_label] = time();
269
  if(!isset($ct_result->errno)||isset($ct_result->errno)&&$ct_result->errno!=0)
270
  {
@@ -273,7 +223,6 @@ function ct_base_call($params = array()) {
273
  }
274
  else
275
  {
276
- @header("CtBaseCall: result allow");
277
  if(!isset($ct_result->errno)||isset($ct_result->errno)&&$ct_result->errno!=0)
278
  {
279
  ct_add_event('yes');
@@ -284,7 +233,6 @@ function ct_base_call($params = array()) {
284
  update_user_meta( $user_id, 'cleantalk_messages_number', $user_cnt);
285
  }*/
286
  }
287
- @header("CtBaseCall: return");
288
  return array('ct' => $ct, 'ct_result' => $ct_result);
289
  }
290
 
1
  <?php
2
 
3
+ $ct_agent_version = 'wordpress-5287';
4
  $ct_plugin_name = 'Anti-spam by CleanTalk';
5
  $ct_checkjs_frm = 'ct_checkjs_frm';
6
  $ct_checkjs_register_form = 'ct_checkjs_register_form';
143
 
144
  $ct_options=ct_get_options();
145
  $ct_data=ct_get_data();
 
146
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
147
  require_once('cleantalk.class.php');
 
148
 
149
  $submit_time = submit_time_test();
150
 
155
  $sender_info = json_encode($sender_info);
156
  if ($sender_info === false)
157
  $sender_info = '';
 
158
 
159
  $config = get_option('cleantalk_server');
160
 
184
  $ct_request->last_error_time=$ct_data['last_error_time'];
185
  $ct_request->last_error_text=$ct_data['last_error_text'];
186
  }
 
187
 
188
  $ct_result = $ct->isAllowMessage($ct_request);
 
189
  if ($ct->server_change) {
190
  update_option(
191
  'cleantalk_server', array(
215
  if ($ct_result->allow == 0) {
216
  ct_init_session();
217
 
 
218
  $_SESSION[$ct_formtime_label] = time();
219
  if(!isset($ct_result->errno)||isset($ct_result->errno)&&$ct_result->errno!=0)
220
  {
223
  }
224
  else
225
  {
 
226
  if(!isset($ct_result->errno)||isset($ct_result->errno)&&$ct_result->errno!=0)
227
  {
228
  ct_add_event('yes');
233
  update_user_meta( $user_id, 'cleantalk_messages_number', $user_cnt);
234
  }*/
235
  }
 
236
  return array('ct' => $ct, 'ct_result' => $ct_result);
237
  }
238
 
inc/cleantalk-public.php CHANGED
@@ -186,9 +186,9 @@ function ct_init() {
186
  * @return mixed[] Array of options
187
  */
188
  function ct_init_after_all() {
189
- global $ct_direct_post;
190
  ct_init_session();
191
-
192
  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
193
  if (is_array($_SESSION) && !array_key_exists($ct_formtime_label, $_SESSION) && session_id() != '') {
194
  $ct_direct_post = 1;
@@ -1705,34 +1705,8 @@ function ct_contact_form_validate () {
1705
  {
1706
  $ct_cnt=0;
1707
  }
1708
- @header("CtExclusions: ".$ct_cnt);
1709
-
1710
- if(strpos($_SERVER['REQUEST_URI'],'about-us/contact-details/inquire')===false)
1711
- {
1712
- if (@sizeof($_POST)>0 ||
1713
- (isset($pagenow) && $pagenow == 'wp-login.php') || // WordPress log in form
1714
- (isset($pagenow) && $pagenow == 'wp-login.php' && isset($_GET['action']) && $_GET['action']=='lostpassword') ||
1715
- strpos($_SERVER['REQUEST_URI'],'/checkout/')!==false ||
1716
- strpos($_SERVER['REQUEST_URI'],'/wp-admin/')!==false ||
1717
- strpos($_SERVER['REQUEST_URI'],'wp-login.php')!==false||
1718
- strpos($_SERVER['REQUEST_URI'],'wp-comments-post.php')!==false ||
1719
- @strpos($_SERVER['HTTP_REFERER'],'/wp-admin/')!==false ||
1720
- strpos($_SERVER['REQUEST_URI'],'/login/')!==false||
1721
- isset($_GET['ptype']) && $_GET['ptype']=='login' ||
1722
- check_url_exclusions() ||
1723
- ct_check_array_keys($_POST) ||
1724
- isset($_POST['ct_checkjs_register_form']) ||
1725
- (isset($_POST['signup_username']) && isset($_POST['signup_password_confirm']) && isset($_POST['signup_submit']) ) ||
1726
- @intval($ct_options['general_contact_forms_test'])==0
1727
- ) {
1728
- return null;
1729
- }
1730
- }
1731
 
1732
- @header("CtConditions: Passed");
1733
-
1734
  $_POST=ct_filter_array($_POST);
1735
- @header("CtFilterArray: Passed");
1736
 
1737
  $checkjs = js_test('ct_checkjs', $_COOKIE, true);
1738
 
@@ -1749,18 +1723,6 @@ function ct_contact_form_validate () {
1749
  $contact_form = true;
1750
 
1751
  @ct_get_fields_any($sender_email, $message, $sender_nickname, $subject, $contact_form, $_POST);
1752
- @header("CtGetFieldsAny: Passed");
1753
- @header("CtSenderEmail: $sender_email");
1754
- if($contact_form)
1755
- {
1756
- @header("CtContactForm: true");
1757
- }
1758
- else
1759
- {
1760
- @header("CtContactForm: false");
1761
- }
1762
-
1763
-
1764
 
1765
  // Skip submission if no data found
1766
  if ($sender_email===''|| !$contact_form) {
@@ -1774,8 +1736,6 @@ function ct_contact_form_validate () {
1774
  unset($_POST['TellAFriend_Link']);
1775
  }
1776
 
1777
- @header("CtBaseCallBefore: 1");
1778
-
1779
  $ct_base_call_result = ct_base_call(array(
1780
  'message' => $subject . "\n\n" . $message,
1781
  'example' => null,
@@ -1785,7 +1745,6 @@ function ct_contact_form_validate () {
1785
  'sender_info' => get_sender_info(),
1786
  'checkjs' => $checkjs
1787
  ));
1788
- @header("CtBaseCall: Executed");
1789
 
1790
  if(isset($_POST['TellAFriend_Link']))
1791
  {
@@ -1796,10 +1755,8 @@ function ct_contact_form_validate () {
1796
  $ct_result = $ct_base_call_result['ct_result'];
1797
 
1798
  if ($ct_result->allow == 0) {
1799
- @header("CtResult: Not Allow");
1800
 
1801
  if (!(defined( 'DOING_AJAX' ) && DOING_AJAX)) {
1802
- @header("AJAX: No");
1803
  global $ct_comment;
1804
  $ct_comment = $ct_result->comment;
1805
  if(isset($_POST['cma-action'])&&$_POST['cma-action']=='add')
@@ -1819,12 +1776,10 @@ function ct_contact_form_validate () {
1819
  ct_die(null, null);
1820
  }
1821
  } else {
1822
- @header("AJAX: Yes");
1823
  echo $ct_result->comment;
1824
  }
1825
  exit;
1826
  }
1827
- @header("CtResult: Allow");
1828
 
1829
  return null;
1830
  }
@@ -1854,29 +1809,6 @@ function ct_contact_form_validate_postdata () {
1854
  {
1855
  $ct_cnt=0;
1856
  }
1857
- @header("CtExclusions: ".$ct_cnt);
1858
-
1859
- if(strpos($_SERVER['REQUEST_URI'],'about-us/contact-details/inquire')===false)
1860
- {
1861
-
1862
- if ($_SERVER['REQUEST_METHOD'] != 'POST' ||
1863
- (isset($_POST['log']) && isset($_POST['pwd']) && isset($pagenow) && $pagenow == 'wp-login.php') || // WordPress log in form
1864
- (isset($pagenow) && $pagenow == 'wp-login.php' && isset($_GET['action']) && $_GET['action']=='lostpassword')||
1865
- ct_check_array_keys($_POST) ||
1866
- (isset($pagenow) && $pagenow == 'wp-cron.php' ||
1867
- strpos($_SERVER['REQUEST_URI'],'/checkout/')!==false) ||
1868
- strpos($_SERVER['REQUEST_URI'],'/wp-admin/')!==false ||
1869
- strpos($_SERVER['REQUEST_URI'],'wp-login.php')!==false ||
1870
- strpos($_SERVER['REQUEST_URI'],'wp-comments-post.php')!==false ||
1871
- @strpos($_SERVER['HTTP_REFERER'],'/wp-admin/')!==false ||
1872
- check_url_exclusions() ||
1873
- strpos($_SERVER['REQUEST_URI'],'/login/')!==false ||
1874
- isset($_POST['ct_checkjs_register_form']) ||
1875
- @intval($ct_options['general_postdata_test'])==0
1876
- ) {
1877
- return null;
1878
- }
1879
- }
1880
 
1881
  $_POST=ct_filter_array($_POST);
1882
 
186
  * @return mixed[] Array of options
187
  */
188
  function ct_init_after_all() {
189
+ global $ct_direct_post, $ct_formtime_label;
190
  ct_init_session();
191
+
192
  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
193
  if (is_array($_SESSION) && !array_key_exists($ct_formtime_label, $_SESSION) && session_id() != '') {
194
  $ct_direct_post = 1;
1705
  {
1706
  $ct_cnt=0;
1707
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1708
 
 
 
1709
  $_POST=ct_filter_array($_POST);
 
1710
 
1711
  $checkjs = js_test('ct_checkjs', $_COOKIE, true);
1712
 
1723
  $contact_form = true;
1724
 
1725
  @ct_get_fields_any($sender_email, $message, $sender_nickname, $subject, $contact_form, $_POST);
 
 
 
 
 
 
 
 
 
 
 
 
1726
 
1727
  // Skip submission if no data found
1728
  if ($sender_email===''|| !$contact_form) {
1736
  unset($_POST['TellAFriend_Link']);
1737
  }
1738
 
 
 
1739
  $ct_base_call_result = ct_base_call(array(
1740
  'message' => $subject . "\n\n" . $message,
1741
  'example' => null,
1745
  'sender_info' => get_sender_info(),
1746
  'checkjs' => $checkjs
1747
  ));
 
1748
 
1749
  if(isset($_POST['TellAFriend_Link']))
1750
  {
1755
  $ct_result = $ct_base_call_result['ct_result'];
1756
 
1757
  if ($ct_result->allow == 0) {
 
1758
 
1759
  if (!(defined( 'DOING_AJAX' ) && DOING_AJAX)) {
 
1760
  global $ct_comment;
1761
  $ct_comment = $ct_result->comment;
1762
  if(isset($_POST['cma-action'])&&$_POST['cma-action']=='add')
1776
  ct_die(null, null);
1777
  }
1778
  } else {
 
1779
  echo $ct_result->comment;
1780
  }
1781
  exit;
1782
  }
 
1783
 
1784
  return null;
1785
  }
1809
  {
1810
  $ct_cnt=0;
1811
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1812
 
1813
  $_POST=ct_filter_array($_POST);
1814
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: znaeff, shagimuratov, vlad-cleantalk
3
  Tags: anti-spam, antispam, bbpress, buddypress, captcha, capcha, captha, catcha, cf7 spam, comments, contact form spam, signup, spam, spammers, spammy, woocommerce, wordpress spam, booking, order, subscription, gravity spam, jetpack, bots, contact form 7, contact form, registrations, ninja, Fast Secure Contact, Gravity forms, formidable, mailchimp, s2member, protection, protect, email, akismet, plugin, contact, recaptcha, google captcha, math, security, login, blacklist, cache, prevent, wordpress, User Frontend, bulk delete, bulk remove, cloudflare, widget, review, auth forms, firewall, ddos, flood, cleantalk, mailpoet
4
  Requires at least: 3.0
5
  Tested up to: 4.3
6
- Stable tag: 5.28
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -78,7 +78,7 @@ Spam FireWall also makes CleanTalk the two-step protection from spam bots. Spam
78
 
79
  All the CleanTalk Spam FireWall activity is being logged in the process of filtering. The logs will be available for viewing in CleanTalk Dashboard since 10/15/2015.
80
 
81
- = Spam FireWall DDos Protection =
82
  Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website. Spam FireWall blocks all requests from bad IP addresses. Your website givies infringer a special page with description of DDoS rejection instead of the website pages. Therefore Spam FireWall can help to reduce of CPU usage on your server.
83
 
84
  = XML-RPC brute force protection =
@@ -181,6 +181,12 @@ Yes, you can. The plugin has option to test all pending comments via database of
181
  Plugin checks all not spam comments against blacklists database and show you senders that have spam activity on other websites.
182
  There is some differencies between blacklists database and API to protect against spam bots registrations/comments online. Blacklists show all history of spam activity, but our API (that used in spam tests) used another parameters, too: last day of activity, number of spam attacks during last days etc. This mechanisms help us to reduce number of false positivitie. So, there is nothing strange, if some emails/IPs will be not found by bulk comments/accounts test.
183
 
 
 
 
 
 
 
184
  = Should I use another anti-spam tools (Captcha, reCaptcha and etc.)? =
185
  CleanTalk stops up to 99.998% of spam bots, so you can disable other anti-spam plugins (especially CAPTCHA like anti-spam plugins). In some cases several anti-spam plugins can conflict, so it will be better use just one plugin.
186
 
@@ -344,6 +350,10 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
344
  1. Setup Android/iOS app to have push notices when new legitiamte comments/registrations or contactcs appears on the website.
345
 
346
  == Changelog ==
 
 
 
 
347
  = 5.28 2015-10-16 =
348
  * Fixed errors in anti-spam checking
349
  * Restored options for spam checking registrations and cpmmon contact forms
@@ -822,6 +832,9 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
822
  * First version
823
 
824
  == Upgrade Notice ==
 
 
 
825
  = 5.28 2015-10-16 =
826
  * Fixed errors in anti-spam checking
827
  * Restored options for spam checking registrations and cpmmon contact forms
3
  Tags: anti-spam, antispam, bbpress, buddypress, captcha, capcha, captha, catcha, cf7 spam, comments, contact form spam, signup, spam, spammers, spammy, woocommerce, wordpress spam, booking, order, subscription, gravity spam, jetpack, bots, contact form 7, contact form, registrations, ninja, Fast Secure Contact, Gravity forms, formidable, mailchimp, s2member, protection, protect, email, akismet, plugin, contact, recaptcha, google captcha, math, security, login, blacklist, cache, prevent, wordpress, User Frontend, bulk delete, bulk remove, cloudflare, widget, review, auth forms, firewall, ddos, flood, cleantalk, mailpoet
4
  Requires at least: 3.0
5
  Tested up to: 4.3
6
+ Stable tag: 5.28.7
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
78
 
79
  All the CleanTalk Spam FireWall activity is being logged in the process of filtering. The logs will be available for viewing in CleanTalk Dashboard since 10/15/2015.
80
 
81
+ = Spam FireWall DDos Protection (Experimentally option) =
82
  Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website. Spam FireWall blocks all requests from bad IP addresses. Your website givies infringer a special page with description of DDoS rejection instead of the website pages. Therefore Spam FireWall can help to reduce of CPU usage on your server.
83
 
84
  = XML-RPC brute force protection =
181
  Plugin checks all not spam comments against blacklists database and show you senders that have spam activity on other websites.
182
  There is some differencies between blacklists database and API to protect against spam bots registrations/comments online. Blacklists show all history of spam activity, but our API (that used in spam tests) used another parameters, too: last day of activity, number of spam attacks during last days etc. This mechanisms help us to reduce number of false positivitie. So, there is nothing strange, if some emails/IPs will be not found by bulk comments/accounts test.
183
 
184
+ To check comments please click this,
185
+ > WordPress console -> Comments -> Find spam comments
186
+
187
+ To check users please click this,
188
+ > WordPress console -> Users -> Find spam users
189
+
190
  = Should I use another anti-spam tools (Captcha, reCaptcha and etc.)? =
191
  CleanTalk stops up to 99.998% of spam bots, so you can disable other anti-spam plugins (especially CAPTCHA like anti-spam plugins). In some cases several anti-spam plugins can conflict, so it will be better use just one plugin.
192
 
350
  1. Setup Android/iOS app to have push notices when new legitiamte comments/registrations or contactcs appears on the website.
351
 
352
  == Changelog ==
353
+ = 5.28.7 2015-10-23 =
354
+ * Optimized PHP sessions creation algorithm. This fix should increase plugin perfomance on hostings without retenion of PHP sessions files.
355
+ * Removed autoredirection to plugin settings after plugin activation.
356
+
357
  = 5.28 2015-10-16 =
358
  * Fixed errors in anti-spam checking
359
  * Restored options for spam checking registrations and cpmmon contact forms
832
  * First version
833
 
834
  == Upgrade Notice ==
835
+ = 5.28.7 2015-10-23 =
836
+ * Major backend peromance fix.
837
+
838
  = 5.28 2015-10-16 =
839
  * Fixed errors in anti-spam checking
840
  * Restored options for spam checking registrations and cpmmon contact forms