Spam protection, AntiSpam, FireWall by CleanTalk - Version 5.42

Version Description

2016-06-15 = * Added anti-spam protection for UserPro. * Improved protection for Formidable forms + Varnish. * Improved bulk search for spam accounts. * Fixed spam protection for pages that contain multiple Formidable forms with same HTML ID. * Optimized PHP code to be compatible with PHP 5.4 and above. The patch has been applied to Formidable forms spam protection. * Minor fixes in plugin backend.

Download this release

Release Info

Developer shagimuratov
Plugin Icon 128x128 Spam protection, AntiSpam, FireWall by CleanTalk
Version 5.42
Comparing to
See all releases

Code changes from version 5.41 to 5.42

Files changed (9) hide show
  1. cleantalk.php +3 -3
  2. inc/cleantalk-admin.php +13 -18
  3. inc/cleantalk-ajax.php +11 -24
  4. inc/cleantalk-common.php +92 -1
  5. inc/cleantalk-public.php +77 -44
  6. inc/cleantalk-stats.js +0 -20
  7. inc/cleantalk-users-checkspam.js +35 -8
  8. inc/cleantalk-users.php +107 -71
  9. readme.txt +72 -55
cleantalk.php CHANGED
@@ -3,12 +3,12 @@
3
  Plugin Name: Spam Protection by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, captcha less, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms. Formerly Anti-Spam by CleanTalk.
6
- Version: 5.41
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
- $cleantalk_plugin_version='5.41';
11
- $ct_agent_version = 'wordpress-541';
12
  $cleantalk_executed=false;
13
  $ct_sfw_updated = false;
14
 
3
  Plugin Name: Spam Protection by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, captcha less, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms. Formerly Anti-Spam by CleanTalk.
6
+ Version: 5.42
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
+ $cleantalk_plugin_version='5.42';
11
+ $ct_agent_version = 'wordpress-542';
12
  $cleantalk_executed=false;
13
  $ct_sfw_updated = false;
14
 
inc/cleantalk-admin.php CHANGED
@@ -35,22 +35,6 @@ function cleantalk_custom_glance_items( )
35
  $ct_server_timeout = 10;
36
 
37
 
38
- /**
39
- * Admin action 'admin_print_footer_scripts' - Enqueue admin script for checking if timezone offset is saved in settings
40
- */
41
- if(isset($ct_options['show_adminbar']) && @intval($ct_options['show_adminbar']) == 1)
42
- {
43
- add_action( 'admin_print_footer_scripts', 'ct_add_stats_js' );
44
- }
45
-
46
- function ct_add_stats_js()
47
- {
48
- echo "<script src='".plugins_url( 'cleantalk-stats.js', __FILE__ )."'></script>\n";
49
- }
50
-
51
-
52
-
53
-
54
  /**
55
  * Admin action 'wp_ajax_ajax_get_timezone' - Ajax method for getting timezone offset
56
  */
@@ -441,9 +425,20 @@ function ct_add_admin_menu( $wp_admin_bar ) {
441
  if ( current_user_can('activate_plugins')&&$value==1 )
442
  {
443
  //$ct_data=ct_get_data();
 
 
 
 
 
 
 
 
 
 
 
444
  $args = array(
445
  'id' => 'ct_parent_node',
446
- 'title' => '<img src="' . plugin_dir_url(__FILE__) . 'images/logo_small1.png" alt="" height="" style="margin-top:9px;" /><a href="#" class="ab-item alignright" title="allowed / blocked" alt="allowed / blocked"><span class="ab-label" id="ct_stats"><span>0</span> / <span>0</span></span></a>'
447
  );
448
  $wp_admin_bar->add_node( $args );
449
 
@@ -734,7 +729,7 @@ function ct_input_show_adminbar() {
734
  echo "<input type='radio' id='cleantalk_show_adminbar1' name='cleantalk_settings[show_adminbar]' value='1' " . ($value == '1' ? 'checked' : '') . " /><label for='cleantalk_show_adminbar1'> " . __('Yes') . "</label>";
735
  echo '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
736
  echo "<input type='radio' id='cleantalk_show_adminbar0' name='cleantalk_settings[show_adminbar]' value='0' " . ($value == '0' ? 'checked' : '') . " /><label for='cleantalk_show_adminbar0'> " . __('No') . "</label>";
737
- admin_addDescriptionsFields(sprintf(__('Show/hide CleanTalk icon in top level menu in WordPress backend.', 'cleantalk'), $ct_options['show_adminbar']));
738
  }
739
 
740
  /**
35
  $ct_server_timeout = 10;
36
 
37
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
38
  /**
39
  * Admin action 'wp_ajax_ajax_get_timezone' - Ajax method for getting timezone offset
40
  */
425
  if ( current_user_can('activate_plugins')&&$value==1 )
426
  {
427
  //$ct_data=ct_get_data();
428
+ $ct_data=ct_get_data();
429
+
430
+ if(!isset($ct_data['array_accepted']))
431
+ {
432
+ $ct_data['array_accepted']=Array();
433
+ $ct_data['array_blocked']=Array();
434
+ $ct_data['current_hour']=0;
435
+ update_option('cleantalk_data', $ct_data);
436
+ }
437
+
438
+ $ret=Array('stat_accepted'=>@array_sum($ct_data['array_accepted']), 'stat_blocked'=>@array_sum($ct_data['array_blocked']), 'stat_all'=>@array_sum($ct_data['array_accepted']) + @array_sum($ct_data['array_blocked']));
439
  $args = array(
440
  'id' => 'ct_parent_node',
441
+ 'title' => '<img src="' . plugin_dir_url(__FILE__) . 'images/logo_small1.png" alt="" height="" style="margin-top:9px;" /><a href="#" class="ab-item alignright" title="Allowed/Blocked submissions. The number of submissions is being counted for past 24 hours." alt="allowed / blocked"><span class="ab-label" id="ct_stats"><span>' . $ret['stat_accepted'] . '</span> / <span>' . $ret['stat_blocked'] . '</span></span></a>'
442
  );
443
  $wp_admin_bar->add_node( $args );
444
 
729
  echo "<input type='radio' id='cleantalk_show_adminbar1' name='cleantalk_settings[show_adminbar]' value='1' " . ($value == '1' ? 'checked' : '') . " /><label for='cleantalk_show_adminbar1'> " . __('Yes') . "</label>";
730
  echo '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
731
  echo "<input type='radio' id='cleantalk_show_adminbar0' name='cleantalk_settings[show_adminbar]' value='0' " . ($value == '0' ? 'checked' : '') . " /><label for='cleantalk_show_adminbar0'> " . __('No') . "</label>";
732
+ admin_addDescriptionsFields(sprintf(__('Show/hide CleanTalk icon in top level menu in WordPress backend. The number of submissions is being counted for past 24 hours.', 'cleantalk'), $ct_options['show_adminbar']));
733
  }
734
 
735
  /**
inc/cleantalk-ajax.php CHANGED
@@ -66,11 +66,6 @@ add_action( 'wp_ajax_nopriv_cscf-submitform', 'ct_ajax_hook',1 );
66
  add_action( 'wp_ajax_cscf-submitform', 'ct_ajax_hook',1 );
67
  $cleantalk_hooked_actions[]='cscf-submitform';
68
 
69
- /*hooks for stats */
70
- add_action( 'wp_ajax_nopriv_ajax_get_stats', 'ct_get_stats',1 );
71
- add_action( 'wp_ajax_ajax_get_stats', 'ct_get_stats',1 );
72
- $cleantalk_hooked_actions[]='ajax_get_stats';
73
-
74
  /*hooks for visual form builder */
75
  //add_action( 'wp_ajax_nopriv_vfb_submit', 'ct_vfb_submit',1 );
76
  //add_action( 'wp_ajax_vfb_submit', 'ct_vfb_submit',1 );
@@ -111,25 +106,6 @@ add_action( 'wp_ajax_nopriv_ninja_forms_ajax_submit', 'ct_ajax_hook',1 );
111
  add_action( 'wp_ajax_ninja_forms_ajax_submit', 'ct_ajax_hook',1 );
112
  $cleantalk_hooked_actions[]='ninja_forms_ajax_submit';
113
 
114
- function ct_get_stats()
115
- {
116
- check_ajax_referer( 'ct_secret_nonce', 'security' );
117
- global $ct_data;
118
- $ct_data=ct_get_data();
119
-
120
- if(!isset($ct_data['array_accepted']))
121
- {
122
- $ct_data['array_accepted']=Array();
123
- $ct_data['array_blocked']=Array();
124
- $ct_data['current_hour']=0;
125
- update_option('cleantalk_data', $ct_data);
126
- }
127
-
128
- $ret=Array('stat_accepted'=>@array_sum($ct_data['array_accepted']), 'stat_blocked'=>@array_sum($ct_data['array_blocked']), 'stat_all'=>@array_sum($ct_data['array_accepted']) + @array_sum($ct_data['array_blocked']));
129
- print json_encode($ret);
130
- die();
131
- }
132
-
133
  function ct_validate_email_ajaxlogin($email=null, $is_ajax=true)
134
  {
135
  require_once(CLEANTALK_PLUGIN_DIR . 'cleantalk-public.php');
@@ -502,6 +478,17 @@ function ct_ajax_hook()
502
  print json_encode($result);
503
  die();
504
  }
 
 
 
 
 
 
 
 
 
 
 
505
  else
506
  {
507
  print $ct_result->comment;
66
  add_action( 'wp_ajax_cscf-submitform', 'ct_ajax_hook',1 );
67
  $cleantalk_hooked_actions[]='cscf-submitform';
68
 
 
 
 
 
 
69
  /*hooks for visual form builder */
70
  //add_action( 'wp_ajax_nopriv_vfb_submit', 'ct_vfb_submit',1 );
71
  //add_action( 'wp_ajax_vfb_submit', 'ct_vfb_submit',1 );
106
  add_action( 'wp_ajax_ninja_forms_ajax_submit', 'ct_ajax_hook',1 );
107
  $cleantalk_hooked_actions[]='ninja_forms_ajax_submit';
108
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
109
  function ct_validate_email_ajaxlogin($email=null, $is_ajax=true)
110
  {
111
  require_once(CLEANTALK_PLUGIN_DIR . 'cleantalk-public.php');
478
  print json_encode($result);
479
  die();
480
  }
481
+ //UserPro
482
+ else if($_POST['action']=='userpro_process_form' && $_POST['template']=='register')
483
+ {
484
+ foreach($_POST as $key => $value){
485
+ $output[$key]=$value;
486
+ }unset($key, $value);
487
+ $output['template'] = $ct_result->comment;
488
+ $output=json_encode($output);
489
+ print_r($output);
490
+ die;
491
+ }
492
  else
493
  {
494
  print $ct_result->comment;
inc/cleantalk-common.php CHANGED
@@ -606,7 +606,6 @@ function delete_spam_comments() {
606
  /*
607
  * Get data from submit recursively
608
  */
609
-
610
  function ct_get_fields_any(&$email,&$message,&$nickname,&$subject, &$contact,$arr)
611
  {
612
  $skip_params = array(
@@ -680,6 +679,98 @@ function ct_get_fields_any(&$email,&$message,&$nickname,&$subject, &$contact,$ar
680
  }
681
  }
682
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
683
  /**
684
  * Masks a value with asterisks (*)
685
  * @return string
606
  /*
607
  * Get data from submit recursively
608
  */
 
609
  function ct_get_fields_any(&$email,&$message,&$nickname,&$subject, &$contact,$arr)
610
  {
611
  $skip_params = array(
679
  }
680
  }
681
 
682
+ /*
683
+ * Get data from an ARRAY recursively
684
+ * @return array
685
+ */
686
+ function ct_get_fields_any2($arr, $message=array(), $email=NULL, $nickname=NULL, $subject=NULL, $contact=true) {
687
+ $skip_params = array(
688
+ 'ipn_track_id', // PayPal IPN #
689
+ 'txn_type', // PayPal transaction type
690
+ 'payment_status', // PayPal payment status
691
+ 'ccbill_ipn' //CCBill IPN
692
+ );
693
+ $obfuscate_params = array(
694
+ 'password',
695
+ 'password0',
696
+ 'password1',
697
+ 'password2',
698
+ 'pass',
699
+ 'pwd',
700
+ 'user_pass'
701
+ );
702
+ foreach($skip_params as $key=>$value)
703
+ {
704
+ if(@array_key_exists($value,$_GET)||@array_key_exists($value,$_POST))
705
+ {
706
+ $contact = false;
707
+ }
708
+ }
709
+ foreach($arr as $key=>$value)
710
+ {
711
+ if(!is_array($value)&&!is_object($value)&&@get_class($value)!='WP_User')
712
+ {
713
+ if (in_array($key, $skip_params) && $key!=0 && $key!='' || preg_match("/^ct_checkjs/", $key)) {
714
+ $contact = false;
715
+ }
716
+ if (!$email && @preg_match("/^\S+@\S+\.\S+$/", $value))
717
+ {
718
+ $email = $value;
719
+ }
720
+ else if ($nickname === '' && ct_get_data_from_submit($key, 'name'))
721
+ {
722
+ $nickname = $value;
723
+ }
724
+ else if ($subject === '' && ct_get_data_from_submit($key, 'subject'))
725
+ {
726
+ $subject = $value;
727
+ }
728
+ else
729
+ {
730
+ //
731
+ // Obfuscate private data
732
+ //
733
+ if (in_array($key, $obfuscate_params)) {
734
+ $value = ct_obfuscate_param($value);
735
+ }
736
+ $message[$key] = $value;
737
+ }
738
+ }
739
+ else if(!is_object($value)&&@get_class($value)!='WP_User')
740
+ {
741
+ $temp = ct_get_fields_any2($value, $message, $email, $nickname, $subject, $contact);
742
+
743
+ $email = ($temp['email'] ? $temp['email'] : '');
744
+ $nickname = ($temp['nickname'] ? $temp['nickname'] : '');
745
+ $subject = ($temp['subject'] ? $temp['subject'] : '');
746
+ $contact = ($temp['contact'] ? $temp['contact'] : '');
747
+ $message = (count($temp['message']) == 0 ? $message : array_merge($message, $temp['message']));
748
+ }
749
+ }
750
+ //
751
+ // Reset $message if we have a sign-up data
752
+ //
753
+ $skip_message_post = array(
754
+ 'edd_action', // Easy Digital Downloads
755
+ );
756
+ foreach ($skip_message_post as $v) {
757
+ if (isset($_POST[$v])) {
758
+ $message = null;
759
+ break;
760
+ }
761
+ }
762
+
763
+ $return_param = array(
764
+ 'email' => $email,
765
+ 'nickname' => $nickname,
766
+ 'subject' => $subject,
767
+ 'contact' => $contact,
768
+ 'message' => $message
769
+ );
770
+
771
+ return $return_param;
772
+ }
773
+
774
  /**
775
  * Masks a value with asterisks (*)
776
  * @return string
inc/cleantalk-public.php CHANGED
@@ -121,7 +121,7 @@ function ct_init() {
121
 
122
  // Formidable
123
  if(class_exists('FrmSettings')){
124
- add_action('frm_validate_entry', 'ct_frm_validate_entry', 20, 2);
125
  add_action('frm_entries_footer_scripts', 'ct_frm_entries_footer_scripts', 20, 2);
126
  }
127
 
@@ -167,6 +167,7 @@ function ct_init() {
167
  // Gravity forms
168
  //
169
  if (defined('GF_MIN_WP_VERSION')) {
 
170
  add_filter('gform_entry_is_spam', 'ct_gforms_spam_test', 1, 3);
171
  }
172
 
@@ -258,16 +259,7 @@ function ct_footer_add_cookie() {
258
  function ct_add_hidden_fields($random_key = false, $field_name = 'ct_checkjs', $return_string = false, $cookie_check = false) {
259
  global $ct_checkjs_def, $ct_plugin_name, $ct_options, $ct_data;
260
  $ct_options = ct_get_options();
261
- $ct_data = ct_get_data();
262
- if(isset($ct_options['use_ajax']))
263
- {
264
- $use_ajax = @intval($ct_options['use_ajax']);
265
- }
266
- else
267
- {
268
- $use_ajax=1;
269
- }
270
-
271
  $ct_checkjs_key = ct_get_checkjs_value($random_key);
272
  $field_id_hash = md5(rand(0, 1000));
273
 
@@ -288,17 +280,16 @@ ctSetCookie("%s", "%s", "%s");
288
  $html = '
289
  <input type="hidden" id="%s" name="%s" value="%s" />
290
  <script type="text/javascript">
291
- setTimeout(function(){var ct_input_name = \'%s\';var ct_input_value = document.getElementById(ct_input_name).value;document.getElementById(ct_input_name).value = document.getElementById(ct_input_name).value.replace(ct_input_value, %s); }, 1000);
 
 
 
 
 
 
292
  </script>
293
  ';
294
  $html = sprintf($html, $field_id, $field_name, $ct_checkjs_def, $field_id, $ct_input_challenge);
295
- /*!!! IT'S A TEMPORARILY CODE FOR DEBUGGING CF7 !!!*/
296
- if($use_ajax==1)
297
- {
298
- $html='<input type="hidden" id="%s" name="%s" value="%s" />';
299
- $html = sprintf($html, $field_id, $field_name, $ct_checkjs_def);
300
- }
301
- /*!!! IT'S A TEMPORARILY CODE FOR DEBUGGING CF7 !!!*/
302
  };
303
 
304
  // Simplify JS code
@@ -338,17 +329,34 @@ function ct_is_user_enable() {
338
  * return null;
339
  */
340
  function ct_frm_entries_footer_scripts($fields, $form) {
341
- global $ct_options;
342
 
343
  if ($ct_options['contact_forms_test'] == 0) {
344
  return false;
345
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
346
  $js_code = ct_add_hidden_fields(true, 'ct_checkjs', true, true);
 
 
347
  ?>
348
  <?php echo $js_code; ?>
349
  <?php
350
-
351
- return null;
352
  }
353
 
354
  /**
@@ -366,25 +374,30 @@ function ct_frm_validate_entry ($errors, $values) {
366
  }
367
 
368
  $checkjs = js_test('ct_checkjs', $_COOKIE, true);
 
 
 
369
 
370
  $post_info['comment_type'] = 'feedback';
371
  $post_info = json_encode($post_info);
372
  if ($post_info === false)
373
  $post_info = '';
374
 
375
- $sender_email = null;
376
- $message = '';
377
- $subject = '';
378
- $nickname = '';
379
- $contact_form = true;
380
- @ct_get_fields_any($sender_email, $message, $subject, $nickname, $contact_form, $values['item_meta']);
 
 
381
  $message = json_encode($message);
382
 
383
  $ct_base_call_result = ct_base_call(array(
384
  'message' => $message,
385
  'example' => null,
386
  'sender_email' => $sender_email,
387
- 'sender_nickname' => null,
388
  'post_info' => $post_info,
389
  'checkjs' => $checkjs
390
  ));
@@ -1584,6 +1597,25 @@ function ct_check_wplp(){
1584
  ct_die_extended($cleantalk_comment);
1585
  }
1586
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1587
  /**
1588
  * Gravity forms anti-spam test.
1589
  * @return boolean
@@ -1606,12 +1638,15 @@ function ct_gforms_spam_test ($is_spam, $form, $entry) {
1606
  if ($cleantalk_executed) {
1607
  return $is_spam;
1608
  }
1609
-
1610
  $sender_info='';
1611
 
1612
  $checkjs = js_test('ct_checkjs', $_COOKIE, true);
1613
-
1614
- $post_info['comment_type'] = 'feedback';
 
 
 
1615
  $post_info = json_encode($post_info);
1616
  if ($post_info === false)
1617
  $post_info = '';
@@ -1620,16 +1655,13 @@ function ct_gforms_spam_test ($is_spam, $form, $entry) {
1620
  $sender_nickname = null;
1621
  $subject = '';
1622
  $message = '';
1623
- foreach ($_POST as $k => $v) {
1624
- if(is_array($v)) {
1625
- continue;
1626
- }
1627
- if ($sender_email === null && preg_match("/^\S+@\S+\.\S+$/", $v)) {
1628
- $sender_email = $v;
1629
- continue;
1630
- }
1631
- $message.= $v."\n";
1632
  }
 
1633
 
1634
  $ct_base_call_result = ct_base_call(array(
1635
  'message' => $message,
@@ -1739,7 +1771,7 @@ function ct_s2member_registration_test() {
1739
  * General test for any contact form
1740
  */
1741
  function ct_contact_form_validate () {
1742
- global $pagenow,$cleantalk_executed, $cleantalk_url_exclusions,$ct_options, $ct_data;
1743
 
1744
  $ct_options = ct_get_options();
1745
  $ct_data = ct_get_data();
@@ -1758,7 +1790,7 @@ function ct_contact_form_validate () {
1758
  }
1759
  //@header("CtExclusions: ".$ct_cnt);
1760
  cleantalk_debug("CtExclusions", $ct_cnt);
1761
-
1762
  if (@sizeof($_POST)==0 ||
1763
  (isset($_POST['signup_username']) && isset($_POST['signup_email']) && isset($_POST['signup_password'])) ||
1764
  (isset($pagenow) && $pagenow == 'wp-login.php') || // WordPress log in form
@@ -1780,7 +1812,8 @@ function ct_contact_form_validate () {
1780
  isset($_COOKIE[LOGGED_IN_COOKIE]) ||
1781
  isset($_POST['fscf_submitted']) ||
1782
  strpos($_SERVER['REQUEST_URI'],'/wc-api/')!==false ||
1783
- isset($_POST['log']) && isset($_POST['pwd']) && isset($_POST['wp-submit'])
 
1784
  ) {
1785
  return null;
1786
  }
121
 
122
  // Formidable
123
  if(class_exists('FrmSettings')){
124
+ add_action('frm_validate_entry', 'ct_frm_validate_entry', 1, 2);
125
  add_action('frm_entries_footer_scripts', 'ct_frm_entries_footer_scripts', 20, 2);
126
  }
127
 
167
  // Gravity forms
168
  //
169
  if (defined('GF_MIN_WP_VERSION')) {
170
+ add_filter('gform_get_form_filter', 'ct_gforms_hidden_field', 10, 2);
171
  add_filter('gform_entry_is_spam', 'ct_gforms_spam_test', 1, 3);
172
  }
173
 
259
  function ct_add_hidden_fields($random_key = false, $field_name = 'ct_checkjs', $return_string = false, $cookie_check = false) {
260
  global $ct_checkjs_def, $ct_plugin_name, $ct_options, $ct_data;
261
  $ct_options = ct_get_options();
262
+
 
 
 
 
 
 
 
 
 
263
  $ct_checkjs_key = ct_get_checkjs_value($random_key);
264
  $field_id_hash = md5(rand(0, 1000));
265
 
280
  $html = '
281
  <input type="hidden" id="%s" name="%s" value="%s" />
282
  <script type="text/javascript">
283
+ setTimeout(function(){
284
+ var ct_input_name = \'%s\';
285
+ if (document.getElementById(ct_input_name) !== null) {
286
+ var ct_input_value = document.getElementById(ct_input_name).value;
287
+ document.getElementById(ct_input_name).value = document.getElementById(ct_input_name).value.replace(ct_input_value, %s);
288
+ }
289
+ }, 1000);
290
  </script>
291
  ';
292
  $html = sprintf($html, $field_id, $field_name, $ct_checkjs_def, $field_id, $ct_input_challenge);
 
 
 
 
 
 
 
293
  };
294
 
295
  // Simplify JS code
329
  * return null;
330
  */
331
  function ct_frm_entries_footer_scripts($fields, $form) {
332
+ global $ct_options, $ct_checkjs_frm;
333
 
334
  if ($ct_options['contact_forms_test'] == 0) {
335
  return false;
336
  }
337
+
338
+ $ct_checkjs_key = ct_get_checkjs_value();
339
+ $ct_frm_base_name = 'form_';
340
+ $ct_frm_name = $ct_frm_base_name . $form->form_key;
341
+
342
+ ?>
343
+ var input = document.createElement("input");
344
+ input.setAttribute("type", "hidden");
345
+ input.setAttribute("name", "<?php echo $ct_checkjs_frm; ?>");
346
+ input.setAttribute("value", "<?php echo $ct_checkjs_key; ?>");
347
+
348
+ for (i = 0; i < document.forms.length; i++) {
349
+ if (document.forms[i].id && document.forms[i].id.search("<?php echo $ct_frm_name; ?>") != -1) {
350
+ document.forms[i].appendChild(input);
351
+ }
352
+ }
353
+ <?php
354
  $js_code = ct_add_hidden_fields(true, 'ct_checkjs', true, true);
355
+ $js_code = strip_tags($js_code); // Removing <script> tag
356
+
357
  ?>
358
  <?php echo $js_code; ?>
359
  <?php
 
 
360
  }
361
 
362
  /**
374
  }
375
 
376
  $checkjs = js_test('ct_checkjs', $_COOKIE, true);
377
+ if($checkjs != 1){
378
+ $checkjs = js_test($ct_checkjs_frm, $_POST, true);
379
+ }
380
 
381
  $post_info['comment_type'] = 'feedback';
382
  $post_info = json_encode($post_info);
383
  if ($post_info === false)
384
  $post_info = '';
385
 
386
+ $temp = ct_get_fields_any2($values['item_meta']);
387
+
388
+ $sender_email = ($temp['email'] ? $temp['email'] : '');
389
+ $sender_nickname = ($temp['nickname'] ? $temp['nickname'] : '');
390
+ $subject = ($temp['subject'] ? $temp['subject'] : '');
391
+ $contact_form = ($temp['contact'] ? $temp['contact'] : true);
392
+ $message = ($temp['message'] ? $temp['message'] : array());
393
+
394
  $message = json_encode($message);
395
 
396
  $ct_base_call_result = ct_base_call(array(
397
  'message' => $message,
398
  'example' => null,
399
  'sender_email' => $sender_email,
400
+ 'sender_nickname' => $sender_nickname,
401
  'post_info' => $post_info,
402
  'checkjs' => $checkjs
403
  ));
1597
  ct_die_extended($cleantalk_comment);
1598
  }
1599
 
1600
+ /**
1601
+ * Places a hidding field to Gravity.
1602
+ * @return string
1603
+ */
1604
+ function ct_gforms_hidden_field ( $form_string, $form ) {
1605
+ $ct_hidden_field = 'ct_checkjs';
1606
+
1607
+ // Do not add a hidden field twice.
1608
+ if (preg_match("/$ct_hidden_field/", $form_string)) {
1609
+ return $form_string;
1610
+ }
1611
+
1612
+ $search = "</form>";
1613
+ $js_code = ct_add_hidden_fields(true, $ct_hidden_field, true, false);
1614
+ $form_string = str_replace($search, $js_code . $search, $form_string);
1615
+
1616
+ return $form_string;
1617
+ }
1618
+
1619
  /**
1620
  * Gravity forms anti-spam test.
1621
  * @return boolean
1638
  if ($cleantalk_executed) {
1639
  return $is_spam;
1640
  }
1641
+
1642
  $sender_info='';
1643
 
1644
  $checkjs = js_test('ct_checkjs', $_COOKIE, true);
1645
+ if (!$checkjs) {
1646
+ $checkjs = js_test('ct_checkjs', $_POST, true);
1647
+ }
1648
+
1649
+ $post_info['comment_type'] = 'feedback_gravity';
1650
  $post_info = json_encode($post_info);
1651
  if ($post_info === false)
1652
  $post_info = '';
1655
  $sender_nickname = null;
1656
  $subject = '';
1657
  $message = '';
1658
+
1659
+ @ct_get_fields_any($sender_email, $message, $sender_nickname, $subject, $contact_form, $_POST);
1660
+
1661
+ if ($subject != '') {
1662
+ $message = array_merge(array('subject' => $subject), $message);
 
 
 
 
1663
  }
1664
+ $message = json_encode($message);
1665
 
1666
  $ct_base_call_result = ct_base_call(array(
1667
  'message' => $message,
1771
  * General test for any contact form
1772
  */
1773
  function ct_contact_form_validate () {
1774
+ global $pagenow,$cleantalk_executed, $cleantalk_url_exclusions,$ct_options, $ct_data, $ct_checkjs_frm;
1775
 
1776
  $ct_options = ct_get_options();
1777
  $ct_data = ct_get_data();
1790
  }
1791
  //@header("CtExclusions: ".$ct_cnt);
1792
  cleantalk_debug("CtExclusions", $ct_cnt);
1793
+
1794
  if (@sizeof($_POST)==0 ||
1795
  (isset($_POST['signup_username']) && isset($_POST['signup_email']) && isset($_POST['signup_password'])) ||
1796
  (isset($pagenow) && $pagenow == 'wp-login.php') || // WordPress log in form
1812
  isset($_COOKIE[LOGGED_IN_COOKIE]) ||
1813
  isset($_POST['fscf_submitted']) ||
1814
  strpos($_SERVER['REQUEST_URI'],'/wc-api/')!==false ||
1815
+ isset($_POST['log']) && isset($_POST['pwd']) && isset($_POST['wp-submit']) ||
1816
+ isset($_POST[$ct_checkjs_frm]) && (@intval($ct_options['contact_forms_test']) == 1) // Formidable forms
1817
  ) {
1818
  return null;
1819
  }
inc/cleantalk-stats.js DELETED
@@ -1,20 +0,0 @@
1
- function ct_update_stats()
2
- {
3
- var data = {
4
- 'action': 'ajax_get_stats',
5
- 'security': ajax_nonce
6
- };
7
- jQuery.ajax({
8
- type: "POST",
9
- url: ajaxurl,
10
- data: data,
11
- dataType: 'json',
12
- success: function(msg){
13
- jQuery('#ct_stats').html('<span>' + msg.stat_accepted + '</span> / <span>' + msg.stat_blocked + '</span>');
14
- setTimeout(ct_update_stats,60000);
15
- }
16
- });
17
- }
18
- jQuery(document).ready(function(){
19
- ct_update_stats();
20
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
inc/cleantalk-users-checkspam.js CHANGED
@@ -114,10 +114,7 @@ function ct_insert_users()
114
  url: ajaxurl,
115
  data: data,
116
  success: function(msg){
117
- if(msg=='ok')
118
- {
119
- alert('Added 500 users');
120
- }
121
  }
122
  });
123
  }
@@ -136,13 +133,20 @@ function ct_delete_all_users()
136
  if(msg>0)
137
  {
138
  jQuery('#cleantalk_users_left').html(msg);
139
- ct_delete_all();
140
  }
141
  else
142
  {
143
  location.href='users.php?page=ct_check_users';
144
  }
145
- }
 
 
 
 
 
 
 
146
  });
147
  }
148
  function ct_delete_checked_users()
@@ -192,7 +196,8 @@ jQuery(".cleantalk_delete_user_button").click(function(){
192
  jQuery("#comment-"+id).hide();
193
  jQuery("#comment-"+id).remove();
194
  close_animate=true;
195
- }
 
196
  });
197
  });
198
  jQuery(".cleantalk_delete_user_button").click(function(){
@@ -208,7 +213,8 @@ jQuery("#ct_check_users_button").click(function(){
208
  ct_clear_users();
209
  });
210
  jQuery("#ct_check_users_button").click(function(){
211
- jQuery('#ct_checking_users_status').html('');
 
212
  jQuery('#ct_check_users_table').hide();
213
  jQuery('#ct_delete_all_users').hide();
214
  jQuery('#ct_delete_checked_users').hide();
@@ -219,13 +225,34 @@ jQuery("#ct_check_users_button").click(function(){
219
  jQuery("#ct_insert_users").click(function(){
220
  ct_insert_users();
221
  });
 
 
 
 
222
  jQuery("#ct_delete_all_users").click(function(){
 
 
 
 
 
 
 
 
 
223
  jQuery('#ct_check_users_table').hide();
 
 
224
  jQuery('#ct_deleting_message').show();
 
 
225
  jQuery("html, body").animate({ scrollTop: 0 }, "slow");
226
  ct_delete_all_users();
227
  });
228
  jQuery("#ct_delete_checked_users").click(function(){
 
 
 
 
229
  ct_delete_checked_users();
230
  });
231
  jQuery(".cleantalk_user").mouseover(function(){
114
  url: ajaxurl,
115
  data: data,
116
  success: function(msg){
117
+ alert('Inserted ' + msg + ' users.');
 
 
 
118
  }
119
  });
120
  }
133
  if(msg>0)
134
  {
135
  jQuery('#cleantalk_users_left').html(msg);
136
+ ct_delete_all_users();
137
  }
138
  else
139
  {
140
  location.href='users.php?page=ct_check_users';
141
  }
142
+ },
143
+ error: function(jqXHR, textStatus, errorThrown) {
144
+ if(textStatus === 'timeout') {
145
+ alert('Failed from timeout. Going to run a new attempt to delete spam users.');
146
+ ct_delete_all_users();
147
+ }
148
+ },
149
+ timeout: 160000
150
  });
151
  }
152
  function ct_delete_checked_users()
196
  jQuery("#comment-"+id).hide();
197
  jQuery("#comment-"+id).remove();
198
  close_animate=true;
199
+ },
200
+ timeout: 15000
201
  });
202
  });
203
  jQuery(".cleantalk_delete_user_button").click(function(){
213
  ct_clear_users();
214
  });
215
  jQuery("#ct_check_users_button").click(function(){
216
+
217
+ // jQuery('#ct_checking_users_status').html('');
218
  jQuery('#ct_check_users_table').hide();
219
  jQuery('#ct_delete_all_users').hide();
220
  jQuery('#ct_delete_checked_users').hide();
225
  jQuery("#ct_insert_users").click(function(){
226
  ct_insert_users();
227
  });
228
+
229
+ jQuery("#ct_stop_deletion").click(function(){
230
+ window.location.reload();
231
+ });
232
  jQuery("#ct_delete_all_users").click(function(){
233
+ if (!confirm('Delete all spam users?')) {
234
+ return false;
235
+ }
236
+
237
+ jQuery('#ct_checking_users_status').hide();
238
+ jQuery('#ct_check_users_table').hide();
239
+ jQuery('#ct_tools_buttons').hide();
240
+ jQuery('#ct_info_message').hide();
241
+ jQuery('#ct_ajax_info_users').hide();
242
  jQuery('#ct_check_users_table').hide();
243
+ jQuery('#ct_check_users_button').hide();
244
+ jQuery('#ct_search_info').hide();
245
  jQuery('#ct_deleting_message').show();
246
+ jQuery('#ct_preloader').show();
247
+ jQuery('#ct_stop_deletion').show();
248
  jQuery("html, body").animate({ scrollTop: 0 }, "slow");
249
  ct_delete_all_users();
250
  });
251
  jQuery("#ct_delete_checked_users").click(function(){
252
+ if (!confirm('Delete selected users?')) {
253
+ return false;
254
+ }
255
+
256
  ct_delete_checked_users();
257
  });
258
  jQuery(".cleantalk_user").mouseover(function(){
inc/cleantalk-users.php CHANGED
@@ -34,11 +34,10 @@ function ct_show_users_page()
34
  $r=$wpdb->get_results("select distinct count($wpdb->users.ID) as cnt from $wpdb->users inner join $wpdb->usermeta on $wpdb->users.ID=$wpdb->usermeta.user_id where $wpdb->usermeta.meta_key='ct_marked_as_spam';", ARRAY_A);
35
  $cnt_spam1=$r[0]['cnt'];
36
  ?>
37
- <div id="ct_working_message" style="margin:auto;padding:3px;width:70%;border:2px dotted gray;display:none;background:#ffff99;">
38
- <?php _e("Please wait for a while. CleanTalk is checking all users via blacklist database at cleantalk.org. You will have option to delete found spam users after plugin finish.", 'cleantalk'); ?>
39
- </div>
40
  <div id="ct_deleting_message" style="display:none">
41
- <?php _e("Please wait for a while. CleanTalk is deleting spam users. Users left: ", 'cleantalk'); ?> <span id="cleantalk_users_left"></span>
 
 
42
  </div>
43
  <div id="ct_done_message" <?php if($cnt_unchecked>0) print 'style="display:none"'; ?>>
44
  <?php //_e("Done. All comments tested via blacklists database, please see result bellow.", 'cleantalk');
@@ -46,6 +45,9 @@ $cnt_spam1=$r[0]['cnt'];
46
  </div>
47
  <h3 id="ct_checking_users_status" style="text-align:center;width:90%;"></h3>
48
  <div style="text-align:center;width:100%;display:none;" id="ct_preloader"><img border=0 src="<?php print plugin_dir_url(__FILE__); ?>images/preloader.gif" /></div>
 
 
 
49
  <?php
50
  $page=1;
51
  if(isset($_GET['spam_page']))
@@ -167,31 +169,49 @@ $cnt_spam1=$r[0]['cnt'];
167
  ?>
168
  </tbody>
169
  </table>
 
170
  <button class="button" id="ct_delete_all_users"><?php _e('Delete all users from list'); ?></button>
171
  <button class="button" id="ct_delete_checked_users"><?php _e('Delete selected', 'cleantalk'); ?></button>
172
  <?php
173
  }
174
  if($_SERVER['REMOTE_ADDR']=='127.0.0.1')print '<button class="button" id="ct_insert_users">Insert accounts</button><br />';
175
  ?>
 
176
  <br /><br />
177
- <div id="ct_info_message"><?php _e("Anti-spam by CleanTalk will check all users against blacklists database and show you senders that have spam activity on other websites. Just click 'Find spam users' to start.", 'cleantalk'); ?>
 
 
 
 
 
 
 
 
 
178
  <?php
179
  if($cnt_spam1>0)
180
  {
181
- print "<br />
182
- There is some differencies between blacklists database and our API mechanisms. Blacklists shows all history of spam activity, but our API (that used in spam checking) used another parameters, too: last day of activity, number of spam attacks during last days etc. This mechanisms help us to reduce number of false positivitie. So, there is nothing strange, if some emails/IPs will be not found by this checking.<br /><br />";
 
 
 
183
  }
184
  ?>
185
- <button class="button" id="ct_check_users_button"><?php _e("Check for spam again", 'cleantalk'); ?></button><br /><br />
186
 
187
  </div>
188
- <br /><a href="options-general.php?page=cleantalk">&laquo;<?php print __('Back to CleanTalk settings', 'cleantalk'); ?></a>
 
 
 
189
  <?php
190
  }
191
 
192
  add_action('admin_print_footer_scripts','ct_add_users_button');
193
  function ct_add_users_button()
194
  {
 
 
195
  $screen = get_current_screen();
196
  $ajax_nonce = wp_create_nonce( "ct_secret_nonce" );
197
  ?>
@@ -202,13 +222,13 @@ function ct_add_users_button()
202
  <?php
203
  if( $screen->id == 'users' ){
204
  ?>
205
- <script src="<?php print plugins_url( 'cleantalk-users-editscreen.js', __FILE__ ); ?>"></script>
206
  <?php
207
  }
208
  if($screen->id == 'users_page_ct_check_users')
209
  {
210
  ?>
211
- <script src="<?php print plugins_url( 'cleantalk-users-checkspam.js', __FILE__ ); ?>"></script>
212
  <?php
213
  }
214
  }
@@ -218,9 +238,15 @@ add_action( 'wp_ajax_ajax_check_users', 'ct_ajax_check_users' );
218
 
219
  function ct_ajax_check_users()
220
  {
221
- check_ajax_referer('ct_secret_nonce', 'security');
222
  global $ct_options;
 
 
 
223
  $ct_options = ct_get_options();
 
 
 
 
224
 
225
  $args_unchecked = array(
226
  'meta_query' => array(
@@ -230,11 +256,11 @@ function ct_ajax_check_users()
230
  'compare' => 'NOT EXISTS'
231
  ),
232
  ),
233
- 'number'=>500
234
  );
235
 
236
  $u=get_users($args_unchecked);
237
-
238
  if(sizeof($u)>0)
239
  {
240
  $data=Array();
@@ -245,14 +271,13 @@ function ct_ajax_check_users()
245
  {
246
  $user_meta=array_values($user_meta);
247
  }
248
- if(@isset($user_meta[0]['ip']))
249
  {
250
  $data[]=$user_meta[0]['ip'];
251
- }
252
- else
253
- {
254
- $data[]='8.8.8.8';
255
- }
256
  $data[]=$u[$i]->data->user_email;
257
  }
258
  $data=implode(',',$data);
@@ -272,6 +297,7 @@ function ct_ajax_check_users()
272
  $ct_options['apikey']
273
  );
274
  $result = file_get_contents($url, 0, $context);
 
275
  $result=json_decode($result);
276
  if(isset($result->error_message))
277
  {
@@ -282,22 +308,25 @@ function ct_ajax_check_users()
282
  for($i=0;$i<sizeof($u);$i++)
283
  {
284
  update_user_meta($u[$i]->ID,'ct_checked',date("Y-m-d H:m:s"),true);
285
- $user_meta=get_user_meta($u[$i]->ID, 'session_tokens', true);
286
-
287
- if(is_array($user_meta))
288
- {
289
- $user_meta=array_values($user_meta);
290
- }
291
- $uip = null;
292
- if(@isset($user_meta[0]['ip']))
293
- {
294
- $uip=$user_meta[0]['ip'];
295
- }
296
-
297
- $uim=$u[$i]->data->user_email;
298
-
299
- //print "uip: $uip, uim: $uim\n";
300
- if(isset($result->data->$uip) && $result->data->$uip->appears==1 || isset($result->data->$uim) && $result->data->$uim->appears==1)
 
 
 
301
  {
302
  update_user_meta($u[$i]->ID,'ct_marked_as_spam','1',true);
303
  }
@@ -317,7 +346,7 @@ add_action( 'wp_ajax_ajax_info_users', 'ct_ajax_info_users' );
317
  function ct_ajax_info_users()
318
  {
319
  check_ajax_referer( 'ct_secret_nonce', 'security' );
320
- global $wpdb;
321
  $r=$wpdb->get_results("select distinct count($wpdb->users.ID) as cnt from $wpdb->users inner join $wpdb->usermeta on $wpdb->users.ID=$wpdb->usermeta.user_id where $wpdb->usermeta.meta_key='ct_checked' or $wpdb->usermeta.meta_key='ct_hash';");
322
  $cnt_checked=$r[0]->cnt;
323
  $r=$wpdb->get_results("select count(ID) as cnt from $wpdb->users;");
@@ -328,7 +357,13 @@ global $wpdb;
328
  $r=$wpdb->get_results("select distinct count($wpdb->users.ID) as cnt from $wpdb->users inner join $wpdb->usermeta on $wpdb->users.ID=$wpdb->usermeta.user_id where $wpdb->usermeta.meta_key='ct_marked_as_spam';", ARRAY_A);
329
  $cnt_spam1=$r[0]['cnt'];
330
 
331
- printf (__("Total users %s, checked %s, found %s spam users.", 'cleantalk'), $cnt, $cnt_checked, $cnt_spam1);
 
 
 
 
 
 
332
  die();
333
  }
334
 
@@ -336,28 +371,30 @@ add_action( 'wp_ajax_ajax_insert_users', 'ct_ajax_insert_users' );
336
  function ct_ajax_insert_users()
337
  {
338
  check_ajax_referer( 'ct_secret_nonce', 'security' );
339
- $time = current_time('mysql');
340
-
341
- for($i=0;$i<500;$i++)
 
342
  {
343
- $rnd=mt_rand(1,10000);
344
- if($rnd<2000)
345
- {
346
- }
347
- else
348
- {
349
- $email="stop_email_$rnd@example.com";
350
- }
351
- $email="stop_email@example.com";
352
- $data = array(
353
- 'user_login'=>"user_$rnd",
354
- 'user_email'=>$email,
355
- 'user_pass'=>'123456',
356
- );
357
-
358
- wp_insert_user($data);
359
  }
360
- print "ok";
 
361
  die();
362
  }
363
 
@@ -377,7 +414,7 @@ function ct_ajax_delete_all_users()
377
  {
378
  check_ajax_referer( 'ct_secret_nonce', 'security' );
379
  $args_spam = array(
380
- 'number'=>100,
381
  'meta_query' => array(
382
  Array(
383
  'key' => 'ct_marked_as_spam',
@@ -389,20 +426,19 @@ function ct_ajax_delete_all_users()
389
  $c_spam=get_users($args_spam);
390
  $cnt=sizeof($c_spam);
391
 
392
- $args_spam = array(
393
- 'meta_query' => array(
394
- Array(
395
- 'key' => 'ct_marked_as_spam',
396
- 'value' => '1',
397
- 'compare' => 'NUMERIC'
398
- )
399
- )
400
- );
401
- $cnt_all=sizeof(get_users($args_spam));
402
- for($i=0;$i<sizeof($c_spam);$i++)
403
  {
404
  wp_delete_user($c_spam[$i]->ID);
405
- usleep(10000);
406
  }
407
  print $cnt_all;
408
  die();
34
  $r=$wpdb->get_results("select distinct count($wpdb->users.ID) as cnt from $wpdb->users inner join $wpdb->usermeta on $wpdb->users.ID=$wpdb->usermeta.user_id where $wpdb->usermeta.meta_key='ct_marked_as_spam';", ARRAY_A);
35
  $cnt_spam1=$r[0]['cnt'];
36
  ?>
 
 
 
37
  <div id="ct_deleting_message" style="display:none">
38
+ <?php _e("Please wait for a while. CleanTalk is deleting spam users. Users left: ", 'cleantalk'); ?> <span id="cleantalk_users_left">
39
+ <?php echo $cnt_spam1;?>
40
+ </span>
41
  </div>
42
  <div id="ct_done_message" <?php if($cnt_unchecked>0) print 'style="display:none"'; ?>>
43
  <?php //_e("Done. All comments tested via blacklists database, please see result bellow.", 'cleantalk');
45
  </div>
46
  <h3 id="ct_checking_users_status" style="text-align:center;width:90%;"></h3>
47
  <div style="text-align:center;width:100%;display:none;" id="ct_preloader"><img border=0 src="<?php print plugin_dir_url(__FILE__); ?>images/preloader.gif" /></div>
48
+ <div id="ct_working_message" style="margin:auto;padding:3px;width:70%;border:2px dotted gray;display:none;background:#ffff99;margin-top: 1em;">
49
+ <?php _e("Please wait for a while. CleanTalk is checking all users via blacklist database at cleantalk.org. You will have option to delete found spam users after plugin finish.", 'cleantalk'); ?>
50
+ </div>
51
  <?php
52
  $page=1;
53
  if(isset($_GET['spam_page']))
169
  ?>
170
  </tbody>
171
  </table>
172
+ <div id="ct_tools_buttons">
173
  <button class="button" id="ct_delete_all_users"><?php _e('Delete all users from list'); ?></button>
174
  <button class="button" id="ct_delete_checked_users"><?php _e('Delete selected', 'cleantalk'); ?></button>
175
  <?php
176
  }
177
  if($_SERVER['REMOTE_ADDR']=='127.0.0.1')print '<button class="button" id="ct_insert_users">Insert accounts</button><br />';
178
  ?>
179
+ </div>
180
  <br /><br />
181
+ <table>
182
+ <tr>
183
+ <td>
184
+ <button class="button" id="ct_check_users_button"><?php _e("Check for spam again", 'cleantalk'); ?></button>
185
+ </td>
186
+ <td style="padding-left: 2em;">
187
+ <div id="ct_info_message" class="wrap"><?php _e("The plugin will check all users against blacklists database and show you senders that have spam activity on other websites. Just click 'Find spam users' to start.", 'cleantalk'); ?>
188
+ </td>
189
+ </tr>
190
+ </table>
191
  <?php
192
  if($cnt_spam1>0)
193
  {
194
+ print "
195
+ <div id=\"ct_search_info\">
196
+ <br />
197
+ There is some differencies between blacklists database and our API mechanisms. Blacklists shows all history of spam activity, but our API (that used in spam checking) used another parameters, too: last day of activity, number of spam attacks during last days etc. This mechanisms help us to reduce number of false positivitie. So, there is nothing strange, if some emails/IPs will be not found by this checking.
198
+ </div>";
199
  }
200
  ?>
 
201
 
202
  </div>
203
+
204
+ <div>
205
+ <button class="button" id="ct_stop_deletion" style="display:none;"><?php _e("Stop deletion", 'cleantalk'); ?></button>
206
+ </div>
207
  <?php
208
  }
209
 
210
  add_action('admin_print_footer_scripts','ct_add_users_button');
211
  function ct_add_users_button()
212
  {
213
+ global $cleantalk_plugin_version;
214
+
215
  $screen = get_current_screen();
216
  $ajax_nonce = wp_create_nonce( "ct_secret_nonce" );
217
  ?>
222
  <?php
223
  if( $screen->id == 'users' ){
224
  ?>
225
+ <script src="<?php print plugins_url( 'cleantalk-users-editscreen.js?v=' . $cleantalk_plugin_version, __FILE__ ); ?>"></script>
226
  <?php
227
  }
228
  if($screen->id == 'users_page_ct_check_users')
229
  {
230
  ?>
231
+ <script src="<?php print plugins_url( 'cleantalk-users-checkspam.js?v=' . $cleantalk_plugin_version, __FILE__ ); ?>"></script>
232
  <?php
233
  }
234
  }
238
 
239
  function ct_ajax_check_users()
240
  {
 
241
  global $ct_options;
242
+
243
+ check_ajax_referer('ct_secret_nonce', 'security');
244
+
245
  $ct_options = ct_get_options();
246
+
247
+ $skip_roles = array(
248
+ 'administrator'
249
+ );
250
 
251
  $args_unchecked = array(
252
  'meta_query' => array(
256
  'compare' => 'NOT EXISTS'
257
  ),
258
  ),
259
+ 'number' => 100
260
  );
261
 
262
  $u=get_users($args_unchecked);
263
+
264
  if(sizeof($u)>0)
265
  {
266
  $data=Array();
271
  {
272
  $user_meta=array_values($user_meta);
273
  }
274
+ if(isset($user_meta[0]['ip']))
275
  {
276
  $data[]=$user_meta[0]['ip'];
277
+ $u[$i]->data->user_ip = $user_meta[0]['ip'];
278
+ } else {
279
+ $u[$i]->data->user_ip = null;
280
+ }
 
281
  $data[]=$u[$i]->data->user_email;
282
  }
283
  $data=implode(',',$data);
297
  $ct_options['apikey']
298
  );
299
  $result = file_get_contents($url, 0, $context);
300
+
301
  $result=json_decode($result);
302
  if(isset($result->error_message))
303
  {
308
  for($i=0;$i<sizeof($u);$i++)
309
  {
310
  update_user_meta($u[$i]->ID,'ct_checked',date("Y-m-d H:m:s"),true);
311
+ //
312
+ // Do not display forbidden roles.
313
+ //
314
+ $skip_user = false;
315
+ foreach ($skip_roles as $role) {
316
+ if (!$skip_user && in_array($role, $u[$i]->roles)) {
317
+ delete_user_meta($u[$i]->ID, 'ct_marked_as_spam');
318
+ $skip_user = true;
319
+ continue;
320
+ }
321
+ }
322
+ if ($skip_user) {
323
+ continue;
324
+ }
325
+
326
+ $uip = $u[$i]->data->user_ip;
327
+ $uim = $u[$i]->data->user_email;
328
+
329
+ if((isset($result->data->$uip) && $result->data->$uip->appears==1) || (isset($result->data->$uim) && $result->data->$uim->appears==1))
330
  {
331
  update_user_meta($u[$i]->ID,'ct_marked_as_spam','1',true);
332
  }
346
  function ct_ajax_info_users()
347
  {
348
  check_ajax_referer( 'ct_secret_nonce', 'security' );
349
+ global $wpdb;
350
  $r=$wpdb->get_results("select distinct count($wpdb->users.ID) as cnt from $wpdb->users inner join $wpdb->usermeta on $wpdb->users.ID=$wpdb->usermeta.user_id where $wpdb->usermeta.meta_key='ct_checked' or $wpdb->usermeta.meta_key='ct_hash';");
351
  $cnt_checked=$r[0]->cnt;
352
  $r=$wpdb->get_results("select count(ID) as cnt from $wpdb->users;");
357
  $r=$wpdb->get_results("select distinct count($wpdb->users.ID) as cnt from $wpdb->users inner join $wpdb->usermeta on $wpdb->users.ID=$wpdb->usermeta.user_id where $wpdb->usermeta.meta_key='ct_marked_as_spam';", ARRAY_A);
358
  $cnt_spam1=$r[0]['cnt'];
359
 
360
+ printf (__("Total users %s, checked %s, found %s spam users", 'cleantalk'), $cnt, $cnt_checked, $cnt_spam1);
361
+ $backup_notice = '&nbsp;';
362
+ if ($cnt_spam1 > 0) {
363
+ $backup_notice = __("Please do backup of WordPress database before delete any accounts!", 'cleantalk');
364
+ }
365
+ print "<p>$backup_notice</p>";
366
+
367
  die();
368
  }
369
 
371
  function ct_ajax_insert_users()
372
  {
373
  check_ajax_referer( 'ct_secret_nonce', 'security' );
374
+
375
+ $inserted = 0;
376
+ $use_id = 0;
377
+ for($i=0; $i<5000 ;$i++)
378
  {
379
+ $rnd=mt_rand(1,10000000);
380
+
381
+ $user_name = "user_$rnd";
382
+ $email="stop_email_$rnd@example.com";
383
+
384
+ $user_id = wp_create_user(
385
+ $user_name,
386
+ $email,
387
+ rand()
388
+ );
389
+
390
+ if (is_int($user_id)) {
391
+ $inserted++;
392
+ } else {
393
+ error_log(print_r($user_id, true));
394
+ }
395
  }
396
+
397
+ print "$inserted";
398
  die();
399
  }
400
 
414
  {
415
  check_ajax_referer( 'ct_secret_nonce', 'security' );
416
  $args_spam = array(
417
+ 'number' => 100,
418
  'meta_query' => array(
419
  Array(
420
  'key' => 'ct_marked_as_spam',
426
  $c_spam=get_users($args_spam);
427
  $cnt=sizeof($c_spam);
428
 
429
+ $args = array(
430
+ 'meta_key' => 'ct_marked_as_spam',
431
+ 'meta_value' => '1',
432
+ 'meta_comparecompare' => 'NUMERIC'
433
+ );
434
+
435
+ $user_query = new WP_User_Query( $args );
436
+ $cnt_all = $user_query->get_total();
437
+
438
+ for($i=0;$i<sizeof($c_spam);$i++)
 
439
  {
440
  wp_delete_user($c_spam[$i]->ID);
441
+ usleep(5000);
442
  }
443
  print $cnt_all;
444
  die();
readme.txt CHANGED
@@ -1,18 +1,18 @@
1
  === Spam Protection by CleanTalk ===
2
- Contributors: znaeff, shagimuratov
3
- Tags: spam, anti-spam, antispam, anti spam, bbpress, buddypress, captcha, capcha, captha, catcha, cf7 spam, comments, contact form spam, signup, spammers, spammy, woocommerce, wordpress spam, booking, order, subscription, gravity spam, jetpack, bots, contact form 7, contact form, registrations, ninja, Fast Secure Contact, Gravity forms, formidable, mailchimp, s2member, protection, protect, email, akismet, plugin, contact, recaptcha, google captcha, google recaptcha, math, security, login, blacklist, prevent spam comments, wordpress, User Frontend, bulk delete, bulk remove, cloudflare, widget, review, auth forms, firewall, ddos, cleantalk, mailpoet, profile builder, comment spam, registration spam, spam comments, comment moderation, spam bots, block spam, signup spam, spam blocker, spam filter, user registration spam,pingback,trackback, anti-spam plugin, varnish, amp, spam free
4
  Requires at least: 3.0
5
  Tested up to: 4.5.2
6
- Stable tag: 5.41
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
10
- Max power spam protection, all-in-one, premium anti-spam. No comments spam & registrations spam, no email spam, protects any forms. Forget spam.
11
 
12
  == Description ==
13
  No CAPTCHA, no questions, no animal counting, no puzzles, no math and no spam bots. Formerly 'Anti-Spam by CleanTalk'.
14
 
15
- = AntiSpam features =
16
  1. Stops spam comments.
17
  1. Stops spam registrations.
18
  1. Stops spam contact emails.
@@ -20,62 +20,62 @@ No CAPTCHA, no questions, no animal counting, no puzzles, no math and no spam bo
20
  1. Stops spam bookings.
21
  1. Stops spam subscriptions.
22
  1. Stops spam in widgets.
23
- 1. Check existing comments for spam.
24
 
25
  = Public reviews =
26
  > Using CleanTalk on WPLift was a great test as we receive huge amounts of spam.
27
  > *Oliver Dale, <a href="http://wplift.com/wordpress-anti-spam-plugin" target="_blank">WPLift.com</a>.*
28
 
29
- = Comments spam protection =
30
- Supports native WordPress, JetPack comments and any other comments plugins. Plugin moves spam comments to SPAM folder or you can set options to silently ban spam comments. You can enable options in the plugin settings to auto delete comments from SPAM folder.
31
 
32
- = Spam bots registrations filter =
33
- Filters spam bots on registration forms WordPress, BuddyPress, bbPress, S2Member, WooCommerce, Profile builder and any other registrations plugins.
34
 
35
- = Protection against contact form spam =
36
- Plugin is tested and ready to protect against spam emails via Formidable forms, Contact form 7, JetPack Contact form, Fast Secure Contact form, Ninja forms, Landing pages, Gravity forms and any themes/custom contact forms.
37
 
38
  = WooCommerce spam filter =
39
- Anti-spam by CleanTalk filters spam registrations and spam reviews for WooCommerce. Plugin is fully compatible with WooCommerce 2.1 and higher.
40
 
41
  = Newsletters filter =
42
- Anti-spam by CleanTalk filters spam subscriptions for MailPoet, MailChimp, PopupAlly and many other newsletters plugins.
43
 
44
- = Spam filter for themes contact forms =
45
- Plugin blocks spam emails via any themes (built-in) contact forms. With AJAX forms plugin silently (without any error notices on WordPress frontend) filters spam emails.
46
 
47
  = bbPress spam filter =
48
  Protects everything about bbPress: registrations, topics, replies.
49
 
50
  = Other spam filters =
51
  * WordPress Landing Pages.
52
- * WP User Frontend.
53
- * Any WordPress form (options for 'Custom contact forms').
54
- * Any submission to site (options for 'Check all POST data')
55
 
56
  = Compatible with WordPress cache plugins =
57
  * W3 Total Cache, Quick Cache, WP Fastest Cache, Hyper Cache, WP Super cache and any other cache plugins.
58
 
59
- = Check existing comments for spam. Bulk comment removal =
60
- With the help of anti-spam by CleanTalk you can check existing comments to find and quickly delete spam comments at once. To use this function, go to WP Console->Comments->Find spam comments.
61
 
62
- = Check existing users for spam. Bulk account removal =
63
- With the help of anti-spam by CleanTalk you can check existing accounts to find and quickly delete spam users at once. For use this function, go to WP Console->Users->Check for spam.
64
 
65
  = Blocking users by country =
66
- Automatically block comments and registration from the countries for which you have set a ban. This option is useful in cases of protection from manual spam and gains protection. If your site is not aimed at an international audience and you do not expect comments/users from other countries.
67
 
68
  = Blocking comments by "stop words" =
69
- You can block comments containing "stop words" to enhance spam filtering and blocking messages containing obscene words. You can add a certain words or phrases.
70
 
71
- = Private Black Lists for Anti-Spam service =
72
- Automatically block comments and registrations from your private black IP/email address list. This option helps to strengthen the protection of a manual spam or block unwanted comments from users.
73
 
74
- = Private Black List for Spam FireWall =
75
- It allows you to add individual IP addresses and subnets to Spam FireWall. It blocks attacks from IP addresses are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that are made through the HTTP/HTTPS.
76
 
77
  = Low false/positive rate =
78
- This plugin uses multiple anti-spam tests to filter spam bots with as lower false/positive rate as possible. Multiple anti-spam tests avoid false/positive blocks for real website visitors even if one of the tests fail.
79
 
80
  = How CleanTalk improves SEO for your website? =
81
  So, you already know that the speed of the site has a direct impact on SEO.
@@ -110,45 +110,45 @@ CleanTalk Anti-Spam is the second step and checks all other requests on the webs
110
 
111
  = How SpamFireWall works? =
112
  * The visitor enters to your web site.
113
- * HTTP request data is checked against the nearly 5.8 million identified IP spam bots.
114
- * If it is an active spam bot, the bot gets a blank page, if it is a visitor then they receive the site page. This is completely transparent to the visitors.
115
 
116
  All the CleanTalk SpamFireWall activity is being logged in the process of filtering.
117
 
118
- = SpamFireWall DDoS Protection (Experimentally option) =
119
- SpamFireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, SpamFireWall blocks all requests from bad IP addresses. Your website gives the intruder a special page with description of DDoS rejection instead of the website pages. Therefore SpamFireWall can help to reduce CPU usage on your server.
120
 
121
  = XML-RPC brute force protection =
122
  SpamFireWall can mitigate XML-RPC brute force attacks. It blocks XML-RPC attacks from bad IP addresses. This helps to prevent bruteforce attacks by a Remote Procedure Call.
123
 
124
- = No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-less anti-spam for WordPress =
125
- Spam is one of the most irritating elements. Rates for spam increases every year and conventional anti-spam can no longer handle all the spam bots. CleanTalk prevents and automatically blocks spam. You'll be surprised how effective CleanTalk is in protecting against spam.
126
 
127
  = AntiSpam plugin info =
128
- CleanTalk is an all-in-one anti-spam solution for WordPress that protects login, comments, contact and WooCommerce forms at once. You don't need to install separate anti-spam plugins for each form. This allows your blog to work faster and save resources. After installation you will forget about spam; your CleanTalk plugin will do all the work. You won't have to deal with spam as CleanTalk does this for you automatically.
129
 
130
- CleanTalk is a transparent anti-spam tool, we provide detailed statistics of all entering comments and logins. You can always be sure that **there are no errors**. We have developed a mobile app for you to see anti-spam statistics wherever.
131
 
132
- We have developed anti-spam for WordPress that provides maximum protection from spam bots, allowing you to provide your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and puzzles. CleanTalk detects spam in multistage tests allowing us to block up to 99.998% of spam bots.
133
 
134
- The anti-spam method offered by CleanTalk avoids methods that inconvenience the communication (CAPTCHA, question-answer etc.), and offers your site visitors a more convenient one.
135
 
136
- CleanTalk is a premium anti-spam service for WordPress and the plugin works with our cloud anti-spam CleanTalk Service. CleanTalk offers a free trial and you can look at the <a href="https://cleantalk.org/price">pricing</a> here. We provide anti-spam services at the highest level. To maintain this level we cannot afford to offer a free version of our service, as this will immediately affect the quality of providing anti-spam protection. Paying for a year of anti-spam service, you save a lot more and receive:
137
 
138
- * Up to 99.998% protection against spam bots.
139
  * Time and resources saving.
140
  * More registrations/comments/visitors.
141
- * Protect several websites at once at different CMS.
142
- * Easy to install and use.
143
- * Traffic acquisition and user loyalty.
144
  * 24/7 technical support.
145
  * Clear statistics.
146
  * No captcha (reCaptcha), puzzles, etc.
147
- * Free mobile app to control anti-spam function at your website.
148
 
149
  = Additional features =
150
- * Online, daily and weekly anti-spam reports traffic VS spam.
151
- * Apps for iPhone, Android to control anti-spam service, comments, signups, contacts, with traffic and spam statistics for last 7 days.
152
  * AntiSpam apps for most popular CMS on cleantalk.org.
153
 
154
  = How to protect sites from spam bots without CAPTCHA? =
@@ -164,19 +164,19 @@ You do not have to work in IT to know what spam is. Besides piles of unwanted em
164
  Spammers want to get backlinks from your site to improve their site's PageRank or redirect your visitors to malicious sites.This level of spam can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of comments every week. However, by using a CleanTalk plugin, spam can be easily handled by your WordPress website.
165
 
166
  = CleanTalk's features =
167
- CleanTalk is one of the fastest plugins that allows you to lower the server load. One of the important parameters for each web master is the speed of the site, so we make sure that our plugin consumes as little as possible of server resources. Cloud service provides the advantage that all the checks take place in the cloud.
168
 
169
- CleanTalk has developed unique algorithms to assess visitor behavior. CleanTalk analyzes user behavior and parameters of completed forms. Our anti-spam module, installed on your website, sends the behavior parameters of either a visitor or spam bot. These parameters are estimated, and the CleanTalk service makes a decision – to post a message or to define it as spam and reject. On the basis of such checks, the service forms its own list of email addresses used by spam bots.
170
 
171
- The registrations of visitors are checked in a similar manner. The service adds not only email addresses to the blacklist, but also IP addresses and domains of websites that are promoted through spam mailout. All of this happens automatically and requires no action from the administration of the website. At 2.5 million queries the service makes a mistake in 40-45 cases, i.e. CleanTalk detects spam with 99.9982% accuracy. We constantly monitor these errors and make adjustments to our algorithms, Even with this exceptional accuracy our team is aiming to improve figures over time.
172
 
173
- All-in-one. CleanTalk immediately protects all forms comments, registration, feedback, contacts. No need to install additional plugins for each form. You save resources and increase performance of your website.
174
 
175
- Spam attacks log. Service CleanTalk records all filtered comments, registration and other spam attacks in the “Log of spam attacks” and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and experience no false/positive filtering.
176
 
177
- With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. Checking existing comments and users is made against a database of the nearly 2 million certain spam bots. Detailed statistic allows CleanTalk customers to control the whole process.
178
 
179
- CleanTalk has an advanced option “SpamFireWall”. This option allows you to block the most active spam bots before they get access to your website. It prevents website pages loading when attempted by by spam bots, so your web server doesn’t perform unnecessary scripts on these pages. Also it prevents scanning of website pages by spam bots. Subsequently SpamFireWall significantly reduces the load on your web server. SpamFireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, SpamFireWall will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. SpamFireWall can help to reduce of CPU usage on your server for this reason.
180
 
181
  “CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.
182
 
@@ -185,6 +185,7 @@ Audience engagement plugin <a href="http://wordpress.org/plugins/feedweb/">Feedw
185
 
186
  > Max power, all-in-one, premium anti-spam WordPress plugin. No comments & registrations spam, no contact spam, protects any forms. Just install and forget spam.
187
 
 
188
  == Installation ==
189
  = Spam protection plugin setup =
190
  1. Download, install and activate Anti-spam by CleanTalk.
@@ -466,6 +467,14 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
466
  1. CleanTalk works faster than most of other anti-spam plugins.
467
 
468
  == Changelog ==
 
 
 
 
 
 
 
 
469
  = 5.41 2016-05-31 =
470
  * Added HTTP response in plugin response if an network issue was happend.
471
  * Optimized JavaScript anti-spam test for Formidable forms.
@@ -1058,6 +1067,14 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
1058
  * First version
1059
 
1060
  == Upgrade Notice ==
 
 
 
 
 
 
 
 
1061
  = 5.41 2016-05-31 =
1062
  * Added HTTP response in plugin response if an network issue was happend.
1063
  * Optimized JavaScript anti-spam test for Formidable forms.
1
  === Spam Protection by CleanTalk ===
2
+ Contributors: znaeff, shagimuratov, serge00
3
+ Tags: spam, anti-spam, antispam, anti spam, bbpress, buddypress, captcha, capcha, captha, catcha, cf7 spam, comments, contact form spam, signup, spammers, spammy, woocommerce, wordpress spam, booking, order, subscription, gravity spam, jetpack, bots, contact form 7, contact form, registrations, ninja, Fast Secure Contact, Gravity forms, formidable, mailchimp, s2member, protection, protect, email, akismet, plugin, contact, recaptcha, google captcha, google recaptcha, math, security, login, blacklist, prevent spam comments, wordpress, User Frontend, bulk delete, bulk remove, cloudflare, widget, review, auth forms, firewall, ddos, cleantalk, mailpoet, profile builder, comment spam, registration spam, spam comments, comment moderation, spam bots, block spam, signup spam, spam blocker, spam filter, user registration spam,pingback,trackback, anti-spam plugin, varnish, amp, spam free, userpro
4
  Requires at least: 3.0
5
  Tested up to: 4.5.2
6
+ Stable tag: 5.42
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
10
+ Spam protection plug-in, all-in-one, premium anti-spam. No comments spam & registrations spam, no email spam, protects any forms. Forget spam.
11
 
12
  == Description ==
13
  No CAPTCHA, no questions, no animal counting, no puzzles, no math and no spam bots. Formerly 'Anti-Spam by CleanTalk'.
14
 
15
+ = Anti-Spam features =
16
  1. Stops spam comments.
17
  1. Stops spam registrations.
18
  1. Stops spam contact emails.
20
  1. Stops spam bookings.
21
  1. Stops spam subscriptions.
22
  1. Stops spam in widgets.
23
+ 1. Checks the existing comments for spam.
24
 
25
  = Public reviews =
26
  > Using CleanTalk on WPLift was a great test as we receive huge amounts of spam.
27
  > *Oliver Dale, <a href="http://wplift.com/wordpress-anti-spam-plugin" target="_blank">WPLift.com</a>.*
28
 
29
+ = Anti-Spam protection for comments =
30
+ Supports native WordPress, JetPack comments and any other comment plugins. The plugin moves spam comments to SPAM folder or you can set the option to ban spam comments silently. You can also enable the option in the plugin settings to auto-delete comments from SPAM folder.
31
 
32
+ = Spam bot registrations filter =
33
+ Filters spam bots on registration forms of WordPress, BuddyPress, bbPress, S2Member, WooCommerce, Profile builder and any other registration plugins.
34
 
35
+ = Protection from contact form spam =
36
+ The plugin is tested and ready to protect from spam emails via Formidable forms, Contact form 7, JetPack Contact form, Fast Secure Contact form, Ninja forms, Landing pages, Gravity forms and any other themes/custom contact forms.
37
 
38
  = WooCommerce spam filter =
39
+ Anti-spam by CleanTalk filters spam registrations and spam reviews for WooCommerce. The plugin is fully compatible with WooCommerce 2.1 and higher.
40
 
41
  = Newsletters filter =
42
+ Anti-spam by CleanTalk filters spam subscriptions for MailPoet, MailChimp, PopupAlly and many other newsletter plugins.
43
 
44
+ = Spam filter for theme contact forms =
45
+ The plugin blocks spam emails via any theme (built-in ones included) contact forms. The plugin filters spam emails silently (without any error notices on WordPress frontend) in AJAX forms as well.
46
 
47
  = bbPress spam filter =
48
  Protects everything about bbPress: registrations, topics, replies.
49
 
50
  = Other spam filters =
51
  * WordPress Landing Pages.
52
+ * WP User Frontend, UserPro.
53
+ * Any WordPress form (checkbox 'Custom contact forms'). 
54
+ * Any submission to the site (checkbox 'Check all POST data')
55
 
56
  = Compatible with WordPress cache plugins =
57
  * W3 Total Cache, Quick Cache, WP Fastest Cache, Hyper Cache, WP Super cache and any other cache plugins.
58
 
59
+ = Check existing comments for spam. Bulk comments removal =
60
+ With the help of anti-spam by CleanTalk you can inspect through existing comments to find and quickly delete spam comments at once. To use this function, go to WP Console —> Comments —> Find spam comments.
61
 
62
+ = Check existing users for spam. Bulk accounts removal =
63
+ With the help of anti-spam by CleanTalk you can inspect through existing accounts to find and quickly delete spam users at once. For use this function, go to WP Console —> Users —> Check for spam.
64
 
65
  = Blocking users by country =
66
+ Automatically block comments and registrations from the countries you have set a ban for. This option is useful in cases of manual spam protection and for protection enhancement. If your site is not intended for international audience and you do not expect comments/users from other countries.
67
 
68
  = Blocking comments by "stop words" =
69
+ You can block comments which contain "stop words" to enhance spam filtering and messages with obscene words blocking. You can add particular words or phrases.
70
 
71
+ = Private black lists for anti-spam service =
72
+ Automatically block comments and registrations from your private black IP/email address list. This option helps to strengthen the protection from a manual spam or block unwanted comments from users.
73
 
74
+ = Private black list for SpamFireWall =
75
+ It allows you to add individual IP addresses and subnets to SpamFireWall. It blocks the attacks from IP addresses which are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that made it through the HTTP/HTTPS.
76
 
77
  = Low false/positive rate =
78
+ This plugin uses multiple anti-spam tests to filter spam bots having as low false/positive rate as possible. Multiple anti-spam tests help to avoid false/positive blocks of the real website visitors even if one of the tests failed.
79
 
80
  = How CleanTalk improves SEO for your website? =
81
  So, you already know that the speed of the site has a direct impact on SEO.
110
 
111
  = How SpamFireWall works? =
112
  * The visitor enters to your web site.
113
+ * HTTP request data are being checked in the nearly 5.8 million of the identified spam bot IPs.
114
+ * If it is an active spam bot, the bot gets a blank page, if it is a visitor then he receives a normal page. This process is completely transparent for the visitors.
115
 
116
  All the CleanTalk SpamFireWall activity is being logged in the process of filtering.
117
 
118
+ = SpamFireWall DDoS Protection =
119
+ SpamFireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, SpamFireWall blocks all requests from bad IP addresses. Your website gives the intruder a special page with the description of DDoS rejection instead of the website pages. Therefore SpamFireWall helps to reduce CPU usage of your server.
120
 
121
  = XML-RPC brute force protection =
122
  SpamFireWall can mitigate XML-RPC brute force attacks. It blocks XML-RPC attacks from bad IP addresses. This helps to prevent bruteforce attacks by a Remote Procedure Call.
123
 
124
+ = No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-free anti-spam for WordPress =
125
+ Spam is one of the most irritating things. Spam rates are increasing every year and conventional anti-spam can no longer handle all spam bots. CleanTalk prevents and automatically blocks spam. You'll be surprised how effective CleanTalk is in protecting from spam.
126
 
127
  = AntiSpam plugin info =
128
+ CleanTalk is an all-in-one anti-spam solution for WordPress that protects login, comment, contact and WooCommerce forms at once. You don't need to install separate anti-spam plugins for each form. It allows your blog to work faster and save resources. After installation you will forget about spam; your CleanTalk plugin will do all the work. You won't have to deal with spam as CleanTalk does this for you automatically.
129
 
130
+ CleanTalk is a transparent anti-spam tool, we provide detailed statistics of all incoming comments and logins. You can always be sure that **there are no errors**. We have developed a mobile app for you to see anti-spam statistics wherever you want.
131
 
132
+ We have developed the anti-spam for WordPress that protects you from spam bots at the maximum level allowing you to provide your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and puzzles. CleanTalk detects spam in multistage tests allowing us to block up to 99.998% of spam bots.
133
 
134
+ The anti-spam method offered by CleanTalk avoids inconvenient for communication methods (CAPTCHA, question-answer etc.), and offers to your site visitors a more comfortable one.
135
 
136
+ CleanTalk is a premium anti-spam service for WordPress, the plugin works with our own CleanTalk Cloud Service. CleanTalk offers a free trial, you can look at the <a href="https://cleantalk.org/price">pricing</a> here. We provide anti-spam services at the highest level. To maintain this level we cannot afford to offer a free version of our service, as this will immediately affect the quality of the providing anti-spam protection. Paying for a year of anti-spam service, you save a lot more and receive:
137
 
138
+ * Up to 99.998% protection from spam bots.
139
  * Time and resources saving.
140
  * More registrations/comments/visitors.
141
+ * Protection of the several websites at once in different CMS.
142
+ * Ease in installation and using.
143
+ * Traffic increase and loyalty to the users.
144
  * 24/7 technical support.
145
  * Clear statistics.
146
  * No captcha (reCaptcha), puzzles, etc.
147
+ * Free mobile app to control anti-spam function on your website.
148
 
149
  = Additional features =
150
+ * Daily and weekly detailed anti-spam reports: traffic VS spam.
151
+ * Apps for iPhone, Android to control anti-spam service, comments, signups, contacts, traffic and spam statistics for the last 7 days.
152
  * AntiSpam apps for most popular CMS on cleantalk.org.
153
 
154
  = How to protect sites from spam bots without CAPTCHA? =
164
  Spammers want to get backlinks from your site to improve their site's PageRank or redirect your visitors to malicious sites.This level of spam can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of comments every week. However, by using a CleanTalk plugin, spam can be easily handled by your WordPress website.
165
 
166
  = CleanTalk's features =
167
+ CleanTalk is one of the fastest plugins that allows you to lower the server load. One of the important parameters for each webmaster is the speed of the site, so we make sure that our plugin consumes as few server resources as possible. The Cloud Service provides the advantage: all data processing takes place in the Cloud.
168
 
169
+ CleanTalk team has developed unique algorithms to assess visitors' behavior. CleanTalk analyzes user behavior and the parameters of the filled forms. Our anti-spam module, being installed in your website, sends the behavior parameters of either a visitor or a spam bot. When these parameters are estimated, the CleanTalk service makes a decision – to post a message or to define it as spam and reject it. Based on these checks, the service forms its own list of email addresses used by spam bots.
170
 
171
+ The registrations of visitors are being checked in a similar manner. The service adds to the blacklist not just email addresses, but also IP addresses and domains of websites that promote themselves through spam mailing. All of this happens automatically and requires no action from the administration of the website. In 2.5 million queries the service makes a mistake in 40-45 cases, i.e. CleanTalk detects spam with 99.9982% accuracy. We constantly monitor these errors and make adjustments to our algorithms. Even with this exceptional accuracy our team is aiming to improve the figures over time.
172
 
173
+ All-in-one. CleanTalk protects all forms instantaneously comments, registrations, feedback, contacts. No need to install additional plugins for each form. You save resources and increase performance of your website.
174
 
175
+ Spam attacks log. The service CleanTalk records all filtered comments, registrations and other spam attacks in the “Log of spam attacks” and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and experience no false/positive filtering.
176
 
177
+ With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. The existing comments and users checking process is performed in a database of the nearly 2 million identified spam bots. Detailed statistics allows CleanTalk customers to fully control it.
178
 
179
+ CleanTalk has an advanced option “SpamFireWall”. This option allows you to block the most active spam bots before they get access to your website. It unloads you website pages when an attempt attack was made, so your web server won't run unnecessary scripts on these pages. Also it prevents any scanning of website pages by spam bots. Subsequently SpamFireWall significantly reduces your webserver load. SpamFireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, SpamFireWall will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. SpamFireWall can help to reduce the CPU usage of your server because of this reason.
180
 
181
  “CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.
182
 
185
 
186
  > Max power, all-in-one, premium anti-spam WordPress plugin. No comments & registrations spam, no contact spam, protects any forms. Just install and forget spam.
187
 
188
+
189
  == Installation ==
190
  = Spam protection plugin setup =
191
  1. Download, install and activate Anti-spam by CleanTalk.
467
  1. CleanTalk works faster than most of other anti-spam plugins.
468
 
469
  == Changelog ==
470
+ = 5.42 2016-06-15 =
471
+ * Added anti-spam protection for UserPro.
472
+ * Improved protection for Formidable forms + Varnish.
473
+ * Improved bulk search for spam accounts.
474
+ * Fixed spam protection for pages that contain multiple Formidable forms with same HTML ID.
475
+ * Optimized PHP code to be compatible with PHP 5.4 and above. The patch has been applied to Formidable forms spam protection.
476
+ * Minor fixes in plugin backend.
477
+
478
  = 5.41 2016-05-31 =
479
  * Added HTTP response in plugin response if an network issue was happend.
480
  * Optimized JavaScript anti-spam test for Formidable forms.
1067
  * First version
1068
 
1069
  == Upgrade Notice ==
1070
+ = 5.42 2016-06-15 =
1071
+ * Added anti-spam protection for UserPro.
1072
+ * Improved protection for Formidable forms + Varnish.
1073
+ * Improved bulk search for spam accounts.
1074
+ * Fixed spam protection for pages that contain multiple Formidable forms with same HTML ID.
1075
+ * Optimized PHP code to be compatible with PHP 5.4 and above. The patch has been applied to Formidable forms spam protection.
1076
+ * Minor fixes in plugin backend.
1077
+
1078
  = 5.41 2016-05-31 =
1079
  * Added HTTP response in plugin response if an network issue was happend.
1080
  * Optimized JavaScript anti-spam test for Formidable forms.