Spam protection, AntiSpam, FireWall by CleanTalk

Version Description

April 23 2018 = * Mod: Async load option for JS. * Mod: JS scripts loading is conditional. * Fix: IP detection. * Fix: IP detection. * Fix: Javascript error.

Download this release

Release Info

Developer	shagimuratov
Plugin	Spam protection, AntiSpam, FireWall by CleanTalk
Version	5.94
Comparing to
See all releases

Code changes from version 5.93.1 to 5.94

Files changed (9) hide show

cleantalk.php +7 -4
inc/cleantalk-admin.php +30 -3
inc/cleantalk-common.php +6 -5
inc/cleantalk-public.php +32 -5
js/apbct-public.js +0 -6
js/cleantalk-admin-settings-page.js +3 -0
lib/CleantalkHelper.php +24 -12
lib/CleantalkSFW.php +2 -2
readme.txt +76 -62

cleantalk.php CHANGED Viewed

	@@ -3,15 +3,15 @@
3	Plugin Name: Anti-Spam by CleanTalk
4	Plugin URI: http://cleantalk.org
5	Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6	- Version: 5.~~93.1~~
7	Author: СleanTalk <welcome@cleantalk.org>
8	Author URI: http://cleantalk.org
9	*/
10
11	$cleantalk_executed = false;
12
13	- define('APBCT_VERSION', '5.~~93.1~~');
14	- define('APBCT_AGENT', 'wordpress-~~5931~~');
15
16	define('CLEANTALK_REMOTE_CALL_SLEEP', 10); // Minimum time between remote call
17	define('APBCT_CASERT_PATH', file_exists(ABSPATH . WPINC . '/certificates/ca-bundle.crt')
	@@ -80,7 +80,7 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
80	if(isset($_GET['spbc_remote_call_token'], $_GET['spbc_remote_call_action'], $_GET['plugin_name']) && in_array($_GET['plugin_name'], array('antispam','anti-spam'))){
81
82	// Comparing with cleantalk's IP
83	- $spbc_remote_ip = CleantalkHelper::ip_get(array('real'));
84
85	if(!empty($spbc_remote_ip)){
86
	@@ -218,6 +218,9 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
218	register_activation_hook( __FILE__, 'apbct_activation' );
219	register_deactivation_hook( __FILE__, 'apbct_deactivation' );
220



221	// Redirect admin to plugin settings.
222	if(!defined('WP_ALLOW_MULTISITE') \|\| defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE == false)
223	add_action('admin_init', 'apbct_plugin_redirect');


3	Plugin Name: Anti-Spam by CleanTalk
4	Plugin URI: http://cleantalk.org
5	Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6	+ Version: 5.94
7	Author: СleanTalk <welcome@cleantalk.org>
8	Author URI: http://cleantalk.org
9	*/
10
11	$cleantalk_executed = false;
12
13	+ define('APBCT_VERSION', '5.94');
14	+ define('APBCT_AGENT', 'wordpress-594');
15
16	define('CLEANTALK_REMOTE_CALL_SLEEP', 10); // Minimum time between remote call
17	define('APBCT_CASERT_PATH', file_exists(ABSPATH . WPINC . '/certificates/ca-bundle.crt')

80	if(isset($_GET['spbc_remote_call_token'], $_GET['spbc_remote_call_action'], $_GET['plugin_name']) && in_array($_GET['plugin_name'], array('antispam','anti-spam'))){
81
82	// Comparing with cleantalk's IP
83	+ $spbc_remote_ip = CleantalkHelper::ip_get(array('real'), false);
84
85	if(!empty($spbc_remote_ip)){
86

218	register_activation_hook( __FILE__, 'apbct_activation' );
219	register_deactivation_hook( __FILE__, 'apbct_deactivation' );
220
221	+ // Async loading for JavaScript
222	+ add_filter('script_loader_tag', 'apbct_add_async_attribute', 10, 3);
223	+
224	// Redirect admin to plugin settings.
225	if(!defined('WP_ALLOW_MULTISITE') \|\| defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE == false)
226	add_action('admin_init', 'apbct_plugin_redirect');

inc/cleantalk-admin.php CHANGED Viewed

	@@ -174,6 +174,9 @@ function apbct_enqueue_scripts($hook) {
174
175	global $ct_data, $ct_options;
176



177	// Scripts to all admin pages
178	wp_enqueue_script('ct_admin_js_notices', plugins_url('/cleantalk-spam-protect/js/cleantalk-admin.js'), array(), APBCT_VERSION);
179	wp_enqueue_style ('ct_admin_css', plugins_url('/cleantalk-spam-protect/css/cleantalk-admin.css'), array(), APBCT_VERSION, 'all');
	@@ -196,7 +199,8 @@ function apbct_enqueue_scripts($hook) {
196
197	$ajax_nonce = wp_create_nonce( "ct_secret_nonce" );
198	wp_localize_script( 'jquery', 'ctSettingsPage', array(
199	- 'ct_ajax_nonce' => $ajax_nonce

200	));
201	}
202
	@@ -530,6 +534,7 @@ function apbct_admin_init(){
530
531	add_settings_field('cleantalk_collect_details', __('Collect details about browsers', 'cleantalk'), 'ct_input_collect_details', 'cleantalk', 'cleantalk_settings_anti_spam');
532	add_settings_field('cleantalk_connection_reports', __('Send connection reports', 'cleantalk'), 'ct_send_connection_reports', 'cleantalk', 'cleantalk_settings_anti_spam');

533	add_settings_field('cleantalk_show_link', __('Tell others about CleanTalk', 'cleantalk'), 'ct_input_show_link', 'cleantalk', 'cleantalk_settings_banner');
534	add_settings_field('cleantalk_spam_firewall', __('SpamFireWall', 'cleantalk'), 'ct_input_spam_firewall', 'cleantalk', 'cleantalk_settings_banner');
535	}
	@@ -643,6 +648,7 @@ function ct_input_sfw_counter() {
643	echo "<input type='radio' class='ct-depends-of-show-adminbar' id='cleantalk_sfw_counter0' name='cleantalk_settings[sfw_counter]' value='0' ".($value=='0'?'checked':'').($value2=='0'?' disabled':'')." /><label for='cleantalk_sfw_counter0'> ".__('No')."</label>";
644	ct_add_descriptions_to_fields(__('Display all-time requests counter in the admin bar. Counter displays number of requests since plugin installation.', 'cleantalk'));
645	}

646	function ct_send_connection_reports() {
647	global $ct_options, $ct_data;
648
	@@ -660,7 +666,26 @@ function ct_send_connection_reports() {
660	jQuery('#cleantalk_anchor3').parent().attr('colspan', '2');
661	});
662	</script>";

663


















664	}
665
666	function ct_input_get_premium($print = true){
	@@ -1036,8 +1061,10 @@ function ct_input_apikey() {
1036	if (function_exists('curl_init') && function_exists('json_decode')){
1037	echo '<br /><br />';
1038	echo "<a target='__blank' style='' href='https://cleantalk.org/register?platform=wordpress&email=".urlencode(ct_get_admin_email())."&website=".urlencode(parse_url(get_option('siteurl'),PHP_URL_HOST))."'><input type='button' class='cleantalk_auto_link' value='".__('Get access key manually', 'cleantalk')."' /></a>";
1039	- ~~echo~~ ~~" " . __~~(~~"or")~~ . ~~" ";~~
1040	- echo ~~'<input name=~~"~~get_apikey_auto~~" ~~type="submit" class="cleantalk_manual_link" value="'~~ . __(~~'Get access key automatically', 'cleantalk'~~) . '" ~~/>'~~;


1041	echo '<input id="ct_admin_timezone" name="ct_admin_timezone" type="hidden" value="null" />';
1042	echo "<br />";
1043	echo "<br />";


174
175	global $ct_data, $ct_options;
176
177	+ $ct_options = ct_get_options();
178	+ $ct_data = ct_get_data();
179	+
180	// Scripts to all admin pages
181	wp_enqueue_script('ct_admin_js_notices', plugins_url('/cleantalk-spam-protect/js/cleantalk-admin.js'), array(), APBCT_VERSION);
182	wp_enqueue_style ('ct_admin_css', plugins_url('/cleantalk-spam-protect/css/cleantalk-admin.css'), array(), APBCT_VERSION, 'all');

199
200	$ajax_nonce = wp_create_nonce( "ct_secret_nonce" );
201	wp_localize_script( 'jquery', 'ctSettingsPage', array(
202	+ 'ct_ajax_nonce' => $ajax_nonce,
203	+ // 'ct_subtitle' => $ct_data['ip_license'] != 'all' ? __('Hosting AntiSpam', 'cleantalk') : '',
204	));
205	}
206

534
535	add_settings_field('cleantalk_collect_details', __('Collect details about browsers', 'cleantalk'), 'ct_input_collect_details', 'cleantalk', 'cleantalk_settings_anti_spam');
536	add_settings_field('cleantalk_connection_reports', __('Send connection reports', 'cleantalk'), 'ct_send_connection_reports', 'cleantalk', 'cleantalk_settings_anti_spam');
537	+ add_settings_field('cleantalk_async_js', __('Async JavaScript loading', 'cleantalk'), 'ct_async_js', 'cleantalk', 'cleantalk_settings_anti_spam');
538	add_settings_field('cleantalk_show_link', __('Tell others about CleanTalk', 'cleantalk'), 'ct_input_show_link', 'cleantalk', 'cleantalk_settings_banner');
539	add_settings_field('cleantalk_spam_firewall', __('SpamFireWall', 'cleantalk'), 'ct_input_spam_firewall', 'cleantalk', 'cleantalk_settings_banner');
540	}

648	echo "<input type='radio' class='ct-depends-of-show-adminbar' id='cleantalk_sfw_counter0' name='cleantalk_settings[sfw_counter]' value='0' ".($value=='0'?'checked':'').($value2=='0'?' disabled':'')." /><label for='cleantalk_sfw_counter0'> ".__('No')."</label>";
649	ct_add_descriptions_to_fields(__('Display all-time requests counter in the admin bar. Counter displays number of requests since plugin installation.', 'cleantalk'));
650	}
651	+
652	function ct_send_connection_reports() {
653	global $ct_options, $ct_data;
654

666	jQuery('#cleantalk_anchor3').parent().attr('colspan', '2');
667	});
668	</script>";
669	+ }
670
671	+ function ct_async_js() {
672	+
673	+ global $ct_options, $ct_data;
674	+
675	+ $ct_options = ct_get_options();
676	+ $ct_data = ct_get_data();
677	+
678	+ $value = $value=(isset($ct_options['async_js']) ? @intval($ct_options['async_js']) : 0);
679	+ echo "<div id='cleantalk_anchor4' style='display:none'></div>";
680	+ echo "<input type='checkbox' id='connection_reports1' name='cleantalk_settings[async_js]' value='1' " . ($value == '1' ? 'checked' : '') . " /><label for='connection_reports1'> " . __('Async script loading', 'cleantalk') . "</label>";
681	+ ct_add_descriptions_to_fields(sprintf(__('Use async loading for CleanTalk\'s scripts. Warning: This could reduce filtration quality.', 'cleantalk'), $ct_options['spam_firewall']));
682	+ echo "<script>
683	+ jQuery(document).ready(function(){
684	+ jQuery('#cleantalk_anchor4').parent().parent().children().first().hide();
685	+ jQuery('#cleantalk_anchor4').parent().css('padding-left','0px');
686	+ jQuery('#cleantalk_anchor4').parent().attr('colspan', '2');
687	+ });
688	+ </script>";
689	}
690
691	function ct_input_get_premium($print = true){

1061	if (function_exists('curl_init') && function_exists('json_decode')){
1062	echo '<br /><br />';
1063	echo "<a target='__blank' style='' href='https://cleantalk.org/register?platform=wordpress&email=".urlencode(ct_get_admin_email())."&website=".urlencode(parse_url(get_option('siteurl'),PHP_URL_HOST))."'><input type='button' class='cleantalk_auto_link' value='".__('Get access key manually', 'cleantalk')."' /></a>";
1064	+ // if($ct_data['ip_license'] != 'all'){
1065	+ echo " " . __("or") . " ";
1066	+ echo '<input name="get_apikey_auto" type="submit" class="cleantalk_manual_link" value="' . __('Get access key automatically', 'cleantalk') . '" />';
1067	+ // }
1068	echo '<input id="ct_admin_timezone" name="ct_admin_timezone" type="hidden" value="null" />';
1069	echo "<br />";
1070	echo "<br />";

inc/cleantalk-common.php CHANGED Viewed

	@@ -129,9 +129,9 @@ function apbct_base_call($params = array(), $reg_flag = false){
129	$ct_request = new CleantalkRequest();
130
131	// IPs
132	- $ct_request->sender_ip = defined('CT_TEST_IP') ? CT_TEST_IP : (isset($params['sender_ip']) ? $params['sender_ip'] : CleantalkHelper::ip_get(array('real')));
133	- $ct_request->x_forwarded_for = CleantalkHelper::ip_get(array('x_forwarded_for'));
134	- $ct_request->x_real_ip = CleantalkHelper::ip_get(array('x_real_ip'));
135
136	// Misc
137	$ct_request->auth_key = $ct_options['apikey'];
	@@ -217,7 +217,7 @@ function apbct_get_sender_info() {
217	: null;
218
219	return array(
220	- 'remote_addr' => CleantalkHelper::ip_get(array('remote_addr')),
221	'REFFERRER' => isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : null,
222	'USER_AGENT' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT']) : null,
223	'page_url' => isset($_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI']) ? htmlspecialchars($_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']) : null,
	@@ -445,7 +445,8 @@ function ct_def_options() {
445	'user_token'=>'', //user token for auto login into spam statistics
446	'collect_details' => 0, // Collect details about browser of the visitor.
447	'send_connection_reports' => 0, //Send connection reports to Cleantalk servers
448	- 'show_link' => 0

449	);
450	}
451


129	$ct_request = new CleantalkRequest();
130
131	// IPs
132	+ $ct_request->sender_ip = defined('CT_TEST_IP') ? CT_TEST_IP : (isset($params['sender_ip']) ? $params['sender_ip'] : CleantalkHelper::ip_get(array('real'), false));
133	+ $ct_request->x_forwarded_for = CleantalkHelper::ip_get(array('x_forwarded_for'), false);
134	+ $ct_request->x_real_ip = CleantalkHelper::ip_get(array('x_real_ip'), false);
135
136	// Misc
137	$ct_request->auth_key = $ct_options['apikey'];

217	: null;
218
219	return array(
220	+ 'remote_addr' => CleantalkHelper::ip_get(array('remote_addr'), false),
221	'REFFERRER' => isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : null,
222	'USER_AGENT' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT']) : null,
223	'page_url' => isset($_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI']) ? htmlspecialchars($_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']) : null,

445	'user_token'=>'', //user token for auto login into spam statistics
446	'collect_details' => 0, // Collect details about browser of the visitor.
447	'send_connection_reports' => 0, //Send connection reports to Cleantalk servers
448	+ 'show_link' => 0,
449	+ 'async_js' => 0,
450	);
451	}
452

inc/cleantalk-public.php CHANGED Viewed

@@ -2330,7 +2330,11 @@ function ct_enqueue_scripts_public($hook){
             	global $current_user, $ct_data, $ct_options;
-            -
            	wp_enqueue_script('ct_public',  plugins_url('/cleantalk-spam-protect/js/apbct-public.js'),                        array(),          APBCT_VERSION, 'in_footer');
             	if(!defined('CLEANTALK_AJAX_USE_FOOTER_HEADER') || (defined('CLEANTALK_AJAX_USE_FOOTER_HEADER') && CLEANTALK_AJAX_USE_FOOTER_HEADER)){
             		if(!empty($ct_options['use_ajax']) && stripos($_SERVER['REQUEST_URI'],'.xml') === false && stripos($_SERVER['REQUEST_URI'],'.xsl') === false){
@@ -2352,10 +2356,6 @@ function ct_enqueue_scripts_public($hook){
             					'blog_home'                => get_home_url().'/',
             				));
-            -
            				wp_localize_script('ct_public', 'apbctDebug', array(
-            -
            					'reload'                  => false,
-            -
            					'reload_time'             => 10000,
-            -
            				));
+            			}
+            		}
+            	}
@@ -2383,9 +2383,36 @@ function ct_enqueue_scripts_public($hook){
             	if(!empty($ct_options['debug_ajax'])){
             		wp_enqueue_script('ct_debug_js',  plugins_url('/cleantalk-spam-protect/js/cleantalk-debug-ajax.js'), array('jquery'), APBCT_VERSION, true);
+            	}
+            }
             /**
              * Reassign callbackback function for the bootom of comment output.
              */


2330
2331	global $current_user, $ct_data, $ct_options;
2332
2333	+ $ct_options = ct_get_options();
2334	+ $ct_data = ct_get_data();
2335	+
2336	+ if(!empty($ct_options['registrations_test']) \|\| !empty($ct_options['comments_test']) \|\| !empty($ct_options['contact_forms_test']) \|\| !empty($ct_options['general_contact_forms_test']) \|\| !empty($ct_options['wc_checkout_test']) \|\| !empty($ct_options['check_external']) \|\| !empty($ct_options['check_internal']) \|\| !empty($ct_options['bp_private_messages']) \|\| !empty($ct_options['general_postdata_test']))
2337	+ wp_enqueue_script('ct_public', plugins_url('/cleantalk-spam-protect/js/apbct-public.js'), array(), APBCT_VERSION, 'in_footer');
2338
2339	if(!defined('CLEANTALK_AJAX_USE_FOOTER_HEADER') \|\| (defined('CLEANTALK_AJAX_USE_FOOTER_HEADER') && CLEANTALK_AJAX_USE_FOOTER_HEADER)){
2340	if(!empty($ct_options['use_ajax']) && stripos($_SERVER['REQUEST_URI'],'.xml') === false && stripos($_SERVER['REQUEST_URI'],'.xsl') === false){

2356	'blog_home' => get_home_url().'/',
2357	));
2358




2359	}
2360	}
2361	}

2383
2384	if(!empty($ct_options['debug_ajax'])){
2385	wp_enqueue_script('ct_debug_js', plugins_url('/cleantalk-spam-protect/js/cleantalk-debug-ajax.js'), array('jquery'), APBCT_VERSION, true);
2386	+
2387	+ wp_localize_script('ct_debug_js', 'apbctDebug', array(
2388	+ 'reload' => false,
2389	+ 'reload_time' => 10000,
2390	+ ));
2391	}
2392	}
2393
2394	+ function apbct_add_async_attribute($tag, $handle, $src) {
2395	+
2396	+ global $ct_options;
2397	+
2398	+ $ct_options = ct_get_options();
2399	+
2400	+ if(
2401	+ !empty($ct_options['async_js']) &&
2402	+ (
2403	+ $handle === 'ct_public'
2404	+ \|\| $handle === 'ct_debug_js'
2405	+ \|\| $handle === 'ct_public_admin_js'
2406	+ \|\| $handle === 'ct_internal'
2407	+ \|\| $handle === 'ct_external'
2408	+ \|\| $handle === 'ct_nocache'
2409	+ )
2410	+ )
2411	+ return str_replace( ' src', ' async="async" src', $tag );
2412	+ else
2413	+ return $tag;
2414	+ }
2415	+
2416	/**
2417	* Reassign callbackback function for the bootom of comment output.
2418	*/

js/apbct-public.js CHANGED Viewed

@@ -1,9 +1,3 @@
-            -
            if(+apbctDebug.reload){
-            -
            	setTimeout(function(){
-            -
            		location.reload();
-            -
            	}, +apbctDebug.reload_time);
-            -
            }
-            -
             var ct_date = new Date(),
             	ctTimeMs = new Date().getTime(),
             	ctMouseEventTimerFlag = true, //Reading interval flag

             var ct_date = new Date(),
             	ctTimeMs = new Date().getTime(),
             	ctMouseEventTimerFlag = true, //Reading interval flag

js/cleantalk-admin-settings-page.js CHANGED Viewed

	@@ -50,6 +50,9 @@ jQuery(document).ready(function(){
50	}
51	});
52



53	ct_adv_settings=jQuery('#cleantalk_registrations_test1').parent().parent().parent().parent();
54	ct_adv_settings.hide();
55	ct_adv_settings_title=ct_adv_settings.prev();


50	}
51	});
52
53	+ // Adding subtitle
54	+ jQuery("#ct_stats_banner").prev().after('<h4 style="color: gray; position: relative; margin: 0; top: -15px;">'+ctSettingsPage.ct_subtitle+'</h4>');
55	+
56	ct_adv_settings=jQuery('#cleantalk_registrations_test1').parent().parent().parent().parent();
57	ct_adv_settings.hide();
58	ct_adv_settings_title=ct_adv_settings.prev();

lib/CleantalkHelper.php CHANGED Viewed

	@@ -46,8 +46,9 @@ class CleantalkHelper
46	* Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
47	* reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
48	*/
49	- static public function ip_get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $~~ips~~ = ~~array(~~))
50	- {

51	foreach($ips_input as $ip_type){
52	$ips[$ip_type] = '';
53	} unset($ip_type);
	@@ -77,9 +78,9 @@ class CleantalkHelper
77
78	// Cloud Flare
79	if(isset($ips['cloud_flare'])){
80	- if(isset($headers['~~Cf_Connecting_Ip~~'])){
81	if(self::ip_mask_match($ips['remote_addr'], self::$cdn_pool['cloud_flare']['ipv4'])){
82	- $ips['cloud_flare'] = $headers['~~Cf_Connecting_Ip~~'];
83	}
84	}
85	}
	@@ -90,10 +91,13 @@ class CleantalkHelper
90	$ips['real'] = $_SERVER['REMOTE_ADDR'];
91
92	// Cloud Flare
93	- if(isset($headers['~~Cf_Connecting_Ip~~'])){
94	if(self::ip_mask_match($ips['real'], self::$cdn_pool['cloud_flare']['ipv4'])){
95	- $ips['real'] = $headers['~~Cf_Connecting_Ip~~'];
96	}



97	// Private networks. Looking for X-Forwarded-For and X-Real-Ip
98	}elseif(self::ip_mask_match($ips['real'], self::$private_networks)){
99	if(isset($headers['X-Forwarded-For'])){
	@@ -107,8 +111,12 @@ class CleantalkHelper
107	// Validating IPs
108	$result = array();
109	foreach($ips as $key => $ip){
110	- if($~~ip && self::ip_validate($ip~~) ~~== 'v4')~~{
111	- $~~result[$key]~~ = ~~$ip;~~




112	}
113	}
114
	@@ -148,9 +156,10 @@ class CleantalkHelper
148	*/
149	static public function ip_validate($ip)
150	{
151	- if(~~filter_var($~~ip, ~~FILTER_VALIDATE_IP,~~ ~~FILTER_FLAG_IPV4))~~ ~~return~~ 'v4'; // ~~IPv4~~
152	- if(filter_var($ip, FILTER_VALIDATE_IP, ~~FILTER_FLAG_IPV6~~)) return 'v6'; // ~~IPv6~~
153	- return ~~false~~; // ~~Unknown~~

154	}
155
156	/*
	@@ -372,7 +381,10 @@ class CleantalkHelper
372	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
373	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
374	curl_setopt($ch, CURLOPT_CAINFO, APBCT_CASERT_PATH);
375	- }



376
377	$result = curl_exec($ch);
378


46	* Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
47	* reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
48	*/
49	+ static public function ip_get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $v4_only = true)
50	+ {
51	+ $ips = array();
52	foreach($ips_input as $ip_type){
53	$ips[$ip_type] = '';
54	} unset($ip_type);

78
79	// Cloud Flare
80	if(isset($ips['cloud_flare'])){
81	+ if(isset($headers['Cf-Connecting-Ip'])){
82	if(self::ip_mask_match($ips['remote_addr'], self::$cdn_pool['cloud_flare']['ipv4'])){
83	+ $ips['cloud_flare'] = $headers['Cf-Connecting-Ip'];
84	}
85	}
86	}

91	$ips['real'] = $_SERVER['REMOTE_ADDR'];
92
93	// Cloud Flare
94	+ if(isset($headers['Cf-Connecting-Ip'])){
95	if(self::ip_mask_match($ips['real'], self::$cdn_pool['cloud_flare']['ipv4'])){
96	+ $ips['real'] = $headers['Cf-Connecting-Ip'];
97	}
98	+ // Incapsula proxy
99	+ }elseif(isset($headers['Incap-Client-Ip'])){
100	+ $ips['real'] = $headers['Incap-Client-Ip'];
101	// Private networks. Looking for X-Forwarded-For and X-Real-Ip
102	}elseif(self::ip_mask_match($ips['real'], self::$private_networks)){
103	if(isset($headers['X-Forwarded-For'])){

111	// Validating IPs
112	$result = array();
113	foreach($ips as $key => $ip){
114	+ if($v4_only){
115	+ if(self::ip_validate($ip) == 'v4')
116	+ $result[$key] = $ip;
117	+ }else{
118	+ if(self::ip_validate($ip))
119	+ $result[$key] = $ip;
120	}
121	}
122

156	*/
157	static public function ip_validate($ip)
158	{
159	+ if(!$ip) return false; // NULL \|\| FALSE \|\| '' \|\| so on...
160	+ if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) return 'v4'; // IPv4
161	+ if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) return 'v6'; // IPv6
162	+ return false; // Unknown
163	}
164
165	/*

381	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
382	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
383	curl_setopt($ch, CURLOPT_CAINFO, APBCT_CASERT_PATH);
384	+ }else{
385	+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
386	+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
387	+ }
388
389	$result = curl_exec($ch);
390

lib/CleantalkSFW.php CHANGED Viewed

	@@ -57,9 +57,9 @@ class CleantalkSFW extends CleantalkHelper
57	* Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
58	* reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
59	*/
60	- static public function ip_get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $~~ips~~ = ~~array(~~)){
61
62	- $result = parent::ip_get($ips_input, $~~ips~~);
63
64	$result = !empty($result) ? $result : array();
65


57	* Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
58	* reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
59	*/
60	+ static public function ip_get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $v4_only = true){
61
62	+ $result = parent::ip_get($ips_input, $v4_only);
63
64	$result = !empty($result) ? $result : array();
65

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: znaeff, shagimuratov, sartemd174
3	Tags: spam, antispam, protection, comments, firewall
4	Requires at least: 3.0
5	- Tested up to: 4.9.4
6	- Stable tag: 5.~~93.1~~
7	License: GPLv2
8
9	Spam protection, antispam, all-in-one, premium plugin. No spam comments & users, no spam contact form & WooCommerce spam. Forget spam.
	@@ -87,7 +87,7 @@ Automatically block comments and registrations from your private black
87	IP/email address list. This option helps to strengthen the spam protection from a manual spam or block unwanted comments from users. You can add not only the certain IP addresses, but also a separate subnet to your personal black list.
88
89	= Private black list for Spam FireWall =
90	- It allows you to add individual IP addresses and subnets to ~~SpamFireWall~~. It
91	blocks the spam attacks from IP addresses which are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that made it through the HTTP/HTTPS. You can add not only the certain IP addresses, but also a separate subnet to your personal black list.
92
93	= Low false/positive rate =
	@@ -130,21 +130,21 @@ your safety.
130	Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the "Log of spam attacks" and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering.
131
132	= Spam FireWall =
133	- CleanTalk has an advanced option "~~SpamFireWall~~". This option allows blocking the most active spam bots before they get access to your website. It prevents spam bots from loading website pages so your web server doesn't have to perform all scripts on these pages. Also it prevents scanning of pages of the website by spam bots. Therefore ~~SpamFireWall~~ significantly reduces the load on your web server. ~~SpamFireWall~~ also makes CleanTalk the two-step protection from spam bots. ~~SpamFireWall~~ is the first step and it blocks the most active spam bots. CleanTalk Anti-Spam is the second step and checks all other requests on the website in the moment of submitting comments/registers etc.
134
135	= How Spam FireWall works? =
136	* The visitor enters to your web site.
137	* HTTP request data are being checked in the nearly 5.8 million of the identified spam bot IPs.
138	* If it is an active spam bot, the bot gets a blank page, if it is a visitor then he receives a normal page. This process is completely transparent for the visitors.
139
140	- All the CleanTalk ~~SpamFireWall~~ activity is being logged in the process of filtering.
141
142	- = ~~SpamFireWall~~ DDoS Protection =
143	- ~~SpamFireWall~~ can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, ~~SpamFireWall~~ blocks all requests from bad IP addresses. Your website gives the intruder a special page with the description of DDoS rejection instead of the website pages. Therefore ~~SpamFireWall~~ helps to reduce CPU usage of your server.
144	[youtube https://www.youtube.com/watch?v=Eu5Zqryvj4k]
145
146	= XML-RPC brute force protection =
147	- ~~SpamFireWall~~ can mitigate XML-RPC brute force attacks. It blocks XML-RPC attacks from bad IP addresses. This helps to prevent bruteforce attacks by a Remote Procedure Call.
148
149	= No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-free anti-spam for WordPress =
150	Spam is one of the most irritating things. Spam rates are increasing every year and conventional anti-spam can no longer handle all spam bots. CleanTalk prevents and automatically blocks spam. You'll be surprised how effective CleanTalk is in protecting from spam.
	@@ -196,7 +196,7 @@ Spam attacks log. Anti-Spam by CleanTalk records all filtered comments, registra
196
197	With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. The existing comments and users checking process is performed in a database of the nearly 2 million identified spam bots. Detailed spam stats allows CleanTalk customers to fully control it.
198
199	- CleanTalk has an advanced option "~~SpamFireWall~~". This option allows you to block the most active spam bots before they get access to your website. It unloads you website pages when an attempt attack was made, so your web server won't run unnecessary scripts on these pages. Also it prevents any scanning of website pages by spam bots. Subsequently ~~SpamFireWall~~ significantly reduces your webserver load. ~~SpamFireWall~~ can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, ~~SpamFireWall~~ will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. ~~SpamFireWall~~ can help to reduce the CPU usage of your server because of this reason.
200
201	"CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety".
202
	@@ -276,7 +276,7 @@ Please use the email stop_email@example.com for comments, contacts or signup
276	The plugin Anti-Spam by CleanTalk stops up to 99.998% of spam comments, spam signups (registrations), spam contact emails, spam subscriptions, spam bookings or spam orders.
277
278	= Does the plugin protect from brute force, DoS attacks and spam attacks? =
279	- Yes, it does. Please turn the option '~~SpamFireWall~~' on in the plugin settings to protect your website from DoS/DDoS, XML-RPC attacks.
280
281	= How does the plugin stop spam? =
282	Please, note - administrator's actions are NOT being checked.
	@@ -402,8 +402,8 @@ Yes, you can exclude your data. Add this string in your wp-config.php file befor
402
403	Now all fields in your submissions with the keys named 'key1', 'key2' or 'key3' will be excluded from spam checking.
404
405	- = How to test ~~SpamFireWall~~? =
406	- Use special IP 10.10.10.10 in URL to test ~~SpamFireWall~~. For example,
407
408	https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10
409
	@@ -464,10 +464,10 @@ The following possibilities are available for you in the Anti-Spam Log:
464	* Personal blacklists - go to your website Black&White Lists page.
465	* Record details: block reason, body of the message, additional caught data.
466
467	- = ~~SpamFireWall~~ and AntiSpam - Networks Blocking =
468
469	Anti-Spam - will blocks users from selected IP or network from using contacts/messages/registrations/comments forms.
470	- ~~SpamFireWall~~ - will blocks users from selected IP or network from entering the website.
471
472	Please, read more here
473	https://cleantalk.org/help/sfw-blocks-networks
	@@ -519,11 +519,18 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
519	10. Website's options.
520
521	== Changelog ==







522	= 5.93.1 April 9 2018 =
523	* Fix: Fatal error on PHP 5.5 or lower.
524
525	= 5.93 April 9 2018 =
526	- * Fix: ~~SpamFirewall~~ IP detection.
527	* Fix: Contact Form 7. False positives.
528	* Mod: Autoupdate function improved.
529	* Minor fixes.
	@@ -548,7 +555,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
548	* Minor fixes.
549
550	= 5.90 March 7 2018 =
551	- * Improvement: Better IP recognition in ~~SpamFireWall~~.
552	* Fix: Gravity Froms blocking message.
553	* Security improvments.
554	* Minor fixes.
	@@ -622,7 +629,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
622	= 5.80 November 3 2017 =
623	* Spam protection improved.
624	* Improved filtration quality for WooCommerce checkout.
625	- * Minor fixes for ~~SpamFireWall~~.
626
627	= 5.79 October 26 2017 =
628	* Spam protection improved.
	@@ -643,7 +650,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
643	* Banners logic updated.
644
645	= 5.76 September 20 2017 =
646	- * Fixed issue with ~~SpamFireWall~~ and caching plugins.
647	* Banners logic updated.
648
649	= 5.75 September 15 2017 =
	@@ -665,7 +672,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
665
666	= 5.73 August 11 2017 =
667	* Fix for spam check for already existed users and comments.
668	- * ~~SpamFireWall~~ updated.
669	* Layout fix for BT Comments.
670	* Minor fixes.
671
	@@ -679,10 +686,10 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
679	* Minor fixes.
680
681	= 5.70.2 July 17 2017 =
682	- * Fix for ~~SpamFireWall~~ for Multisite.
683
684	= 5.70.1 July 17 2017 =
685	- * Fix for ~~SpamFireWall~~.
686	* Spam detection improved.
687
688	= 5.70 July 13 2017 =
	@@ -692,8 +699,8 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
692	* Optimization.
693	* Fixed users and comments spam check.
694	* Fixed layout for Comment's feedback from public page.
695	- * Updated ~~SpamFireWall~~.
696	- * SFW: ~~SpamFireWall~~ counter now work in real-time.
697	* SFW: Improved compatibility with different Data Bases.
698
699	= 5.69 July 3 2017 =
	@@ -738,7 +745,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
738	* Major fixes for users and comments spam check.
739	* Added feedback from Wordpress comments list.
740	* Fix for "internal forms check" option.
741	- * Fixed issue with caching ~~SpamFireWall~~ die page.
742	* Other small fixes.
743
744	= 5.65 May 16 2017 =
	@@ -827,7 +834,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
827	= 5.57 February 8 2017 =
828	* Setting page changes.
829	* Bug fixes for WooCommerce.
830	- * ~~SpamFireWall~~ filters only GET requests.
831	* Optimization.
832	* Minor and major fixes.
833
	@@ -858,7 +865,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
858
859	= 5.53 November 28 2016 =
860	* Addition warning before deleting users.
861	- * ~~SpamFireWall~~ is enabled by default.
862	* Usernoise modal feedback / contact form : integration.
863	* Translations.
864	* Optimization.
	@@ -878,7 +885,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
878
879	= 5.50.1 October 24 2016 =
880	* Improved filtration in contact forms.
881	- * ~~SpamFireWall~~: Fixed issue with SFW logs
882	* Skipping service fields: Fast Secure Contact Froms, QU Forms, Custom Contact Forms
883
884	= 5.50 October 20 2016 =
	@@ -887,7 +894,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
887	* PHP 7 compatibility: Deleted third-party JSON library and dependences.
888	* PHP 7 compatibility: Fixed end of lines.
889	* YOAST Seo: Fixed PHP warnings.
890	- * ~~SpamFireWall~~: Minor fix for ~~SpamFireWall~~ counter.
891	* Only admin could access to CleanTalk dashboard (exclude Authors an Editors).
892	* Improved filtration in contact forms.
893
	@@ -898,12 +905,12 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
898	* Fixed database error.
899
900	= 5.49 October 3 2016 =
901	- * ~~SpamFireWall~~ feature: Class upgraded.
902	* New feature: Delete links from approved comments.
903	* Settings: Grouped.
904	* Settings: Altered description fixed spelling mistakes.
905	- * Settings: Added indicator for ~~SpamFireWall~~.
906	- * Admin bar: Added ~~SpamFireWall~~ counter
907	* Clean and Simple Contact Form: Direct integration.
908	* WooCommerce: Don't check password recovery form.
909	* WooCommerce Wishlists: Issue with check for Google bots.
	@@ -927,7 +934,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
927	* bbPress: Skip check for admin in comments and topics
928	* UserPro: fixes. Request without field "shortcode"
929	* Contact Form 7: Bug fix.
930	- * ~~SpamFireWall~~: Optimized logs rotation.
931	* Updated inner functions (compatibility fix for PHP 5.4+)
932	* Fixed output of counters (without spamfirewall stats)
933	* Fixed spelling in settings
	@@ -1012,17 +1019,17 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1012	* Minor fix in plugin settings.
1013	* Fixed pagination for bulk users spam test.
1014	* Fixed issue with unknown _SESSION.
1015	- * Fixed issue with double ~~SpamFireWall~~ database upload.
1016
1017	= 5.39.1 2016-04-04 =
1018	* Improved AJAX based anti-spam test with HTTPS backends.
1019	* Added fix to avoid issue with empty ct_info_flag on JavaScript side.
1020	- * Added logic to exclude caching for ~~SpamFireWall~~.
1021	* Removed a condition to skip accounts with 127.0.0.1 IP in spam test for registered acconts.
1022
1023	= 5.38.1 2016-03-24 =
1024	* Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'.
1025	- * Removed ~~SpamFireWall~~ protection on /feed page.
1026	* Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off.
1027	* Added reject notice for spam submissions on Gravity forms with AJAX calls.
1028
	@@ -1066,7 +1073,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1066
1067	= 5.33 2015-12-01 =
1068	* Backend interface fixes
1069	- * Improved ~~SpamFireWall~~ efficiency
1070	* Improved performance of anti spam checking
1071
1072	= 5.32 2015-11-26 =
	@@ -1079,7 +1086,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1079	= 5.31 2015-11-11 =
1080	* Improved backend performance
1081	* Fixed counter of approved/blocked spam attacks
1082	- * Fixed ~~SpamFireWall~~ logging
1083
1084	= 5.30 2015-11-05 =
1085	* Improved anti-spam checking
	@@ -1103,14 +1110,14 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1103	* Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
1104
1105	= 5.27 2015-10-13 =
1106	- * Improvements in ~~SpamFireWall~~ feature
1107	* Code optimization
1108	* Backend interface fixes
1109
1110	= 5.26 2015-10-05 =
1111	* Added WordPress Language Pack support
1112	* Removed spam checking for some autorisation plugins
1113	- * New experimental feature: ~~SpamFireWall~~
1114
1115	= 5.25.2 2015-09-28 =
1116	* Fixed backend bug
	@@ -1573,6 +1580,13 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1573	* First version
1574
1575	== Upgrade Notice ==







1576	= 5.93.1 April 9 2018 =
1577	* Fix: Fatal error on PHP 5.5 or lower.
1578
	@@ -1602,7 +1616,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1602	* Minor fixes.
1603
1604	= 5.90 March 7 2018 =
1605	- * Improvement: Better IP recognition in ~~SpamFireWall~~.
1606	* Fix: Gravity Froms blocking message.
1607	* Security improvments.
1608	* Minor fixes.
	@@ -1676,7 +1690,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1676	= 5.80 November 3 2017 =
1677	* Spam protection improved.
1678	* Improved filtration quality for WooCommerce checkout.
1679	- * Minor fixes for ~~SpamFireWall~~.
1680
1681	= 5.79 October 26 2017 =
1682	* Spam protection improved.
	@@ -1697,7 +1711,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1697	* Banners logic updated.
1698
1699	= 5.76 September 20 2017 =
1700	- * Fixed issue with ~~SpamFireWall~~ and caching plugins.
1701	* Banners logic updated.
1702
1703	= 5.75 September 15 2017 =
	@@ -1719,7 +1733,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1719
1720	= 5.73 August 11 2017 =
1721	* Fix for spam check for already existed users and comments.
1722	- * ~~SpamFireWall~~ updated.
1723	* Layout fix for BT Comments.
1724	* Minor fixes.
1725
	@@ -1733,10 +1747,10 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1733	* Minor fixes.
1734
1735	= 5.70.2 July 17 2017 =
1736	- * Fix for ~~SpamFireWall~~ for Multisite.
1737
1738	= 5.70.1 July 17 2017 =
1739	- * Fix for ~~SpamFireWall~~.
1740	* Spam detection improved.
1741
1742	= 5.70 July 13 2017 =
	@@ -1746,8 +1760,8 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1746	* Optimization.
1747	* Fixed users and comments spam check.
1748	* Fixed layout for Comment's feedback from public page.
1749	- * Updated ~~SpamFireWall~~.
1750	- * SFW: ~~SpamFireWall~~ counter now work in real-time.
1751	* SFW: Improved compatibility with different Data Bases.
1752
1753	= 5.69 July 3 2017 =
	@@ -1792,7 +1806,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1792	* Major fixes for users and comments spam check.
1793	* Added feedback from Wordpress comments list.
1794	* Fix for "internal forms check" option.
1795	- * Fixed issue with caching ~~SpamFireWall~~ die page.
1796	* Other small fixes.
1797
1798	= 5.65 May 16 2017 =
	@@ -1881,7 +1895,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1881	= 5.57 February 8 2017 =
1882	* Setting page changes.
1883	* Bug fixes for WooCommerce.
1884	- * ~~SpamFireWall~~ filters only GET requests.
1885	* Optimization.
1886	* Minor and major fixes.
1887
	@@ -1912,7 +1926,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1912
1913	= 5.53 November 28 2016 =
1914	* Addition warning before deleting users.
1915	- * ~~SpamFireWall~~ is enabled by default.
1916	* Usernoise modal feedback / contact form : integration.
1917	* Translations.
1918	* Optimization.
	@@ -1932,7 +1946,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1932
1933	= 5.50.1 October 24 2016 =
1934	* Improved filtration in contact forms.
1935	- * ~~SpamFireWall~~: Fixed issue with SFW logs
1936	* Skipping service fields: Fast Secure Contact Froms, QU Forms, Custom Contact Forms
1937
1938	= 5.50 October 20 2016 =
	@@ -1941,7 +1955,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1941	* PHP 7 compatibility: Deleted third-party JSON library and dependences.
1942	* PHP 7 compatibility: Fixed end of lines.
1943	* YOAST Seo: Fixed PHP warnings.
1944	- * ~~SpamFireWall~~: Minor fix for ~~SpamFireWall~~ counter.
1945	* Only admin could access to CleanTalk dashboard (exclude Authors an Editors).
1946	* Improved filtration in contact forms.
1947
	@@ -1952,12 +1966,12 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1952	* Fixed database error.
1953
1954	= 5.49 October 3 2016 =
1955	- * ~~SpamFireWall~~ feature: Class upgraded.
1956	* New feature: Delete links from approved comments.
1957	* Settings: Grouped.
1958	* Settings: Altered description fixed spelling mistakes.
1959	- * Settings: Added indicator for ~~SpamFireWall~~.
1960	- * Admin bar: Added ~~SpamFireWall~~ counter
1961	* Clean and Simple Contact Form: Direct integration.
1962	* WooCommerce: Don't check password recovery form.
1963	* WooCommerce Wishlists: Issue with check for Google bots.
	@@ -1981,7 +1995,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
1981	* bbPress: Skip check for admin in comments and topics
1982	* UserPro: fixes. Request without field "shortcode"
1983	* Contact Form 7: Bug fix.
1984	- * ~~SpamFireWall~~: Optimized logs rotation.
1985	* Updated inner functions (compatibility fix for PHP 5.4+)
1986	* Fixed output of counters (without spamfirewall stats)
1987	* Fixed spelling in settings
	@@ -2065,17 +2079,17 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
2065	* Minor fix in plugin settings.
2066	* Fixed pagination for bulk users spam test.
2067	* Fixed issue with unknown _SESSION.
2068	- * Fixed issue with double ~~SpamFireWall~~ database upload.
2069
2070	= 5.39.1 2016-04-04 =
2071	* Improved AJAX based anti-spam test with HTTPS backends.
2072	* Added fix to avoid issue with empty ct_info_flag on JavaScript side.
2073	- * Added logic to exclude caching for ~~SpamFireWall~~.
2074	* Removed a condition to skip accounts with 127.0.0.1 IP in spam test for registered acconts.
2075
2076	= 5.38.1 2016-03-24 =
2077	* Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'.
2078	- * Removed ~~SpamFireWall~~ protection on /feed page.
2079	* Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off.
2080	* Added reject notice for spam submissions on Gravity forms with AJAX calls.
2081
	@@ -2112,7 +2126,7 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
2112
2113	= 5.33 2015-12-01 =
2114	* Backend interface fixes
2115	- * Improved ~~SpamFireWall~~ efficiency
2116	* Improved performance of anti spam checking
2117
2118	= 5.32 2015-11-26 =
	@@ -2148,14 +2162,14 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
2148	* Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
2149
2150	= 5.27 2015-10-13 =
2151	- * Improvements in ~~SpamFireWall~~ feature
2152	* Code optimization
2153	* Backend interface fixes
2154
2155	= 5.26 2015-10-05 =
2156	* Added WordPress Language Pack support
2157	* Removed spam checking for some autorisation plugins
2158	- * New experimental feature: ~~SpamFireWall~~
2159
2160	= 5.25.2 2015-09-28 =
2161	* Fixed backend bug


2	Contributors: znaeff, shagimuratov, sartemd174
3	Tags: spam, antispam, protection, comments, firewall
4	Requires at least: 3.0
5	+ Tested up to: 4.9.5
6	+ Stable tag: 5.94
7	License: GPLv2
8
9	Spam protection, antispam, all-in-one, premium plugin. No spam comments & users, no spam contact form & WooCommerce spam. Forget spam.

87	IP/email address list. This option helps to strengthen the spam protection from a manual spam or block unwanted comments from users. You can add not only the certain IP addresses, but also a separate subnet to your personal black list.
88
89	= Private black list for Spam FireWall =
90	+ It allows you to add individual IP addresses and subnets to Spam FireWall. It
91	blocks the spam attacks from IP addresses which are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that made it through the HTTP/HTTPS. You can add not only the certain IP addresses, but also a separate subnet to your personal black list.
92
93	= Low false/positive rate =

130	Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the "Log of spam attacks" and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering.
131
132	= Spam FireWall =
133	+ CleanTalk has an advanced option "Spam FireWall". This option allows blocking the most active spam bots before they get access to your website. It prevents spam bots from loading website pages so your web server doesn't have to perform all scripts on these pages. Also it prevents scanning of pages of the website by spam bots. Therefore Spam FireWall significantly reduces the load on your web server. Spam FireWall also makes CleanTalk the two-step protection from spam bots. Spam FireWall is the first step and it blocks the most active spam bots. CleanTalk Anti-Spam is the second step and checks all other requests on the website in the moment of submitting comments/registers etc.
134
135	= How Spam FireWall works? =
136	* The visitor enters to your web site.
137	* HTTP request data are being checked in the nearly 5.8 million of the identified spam bot IPs.
138	* If it is an active spam bot, the bot gets a blank page, if it is a visitor then he receives a normal page. This process is completely transparent for the visitors.
139
140	+ All the CleanTalk Spam FireWall activity is being logged in the process of filtering.
141
142	+ = Spam FireWall DDoS Protection =
143	+ Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Spam FireWall blocks all requests from bad IP addresses. Your website gives the intruder a special page with the description of DDoS rejection instead of the website pages. Therefore Spam FireWall helps to reduce CPU usage of your server.
144	[youtube https://www.youtube.com/watch?v=Eu5Zqryvj4k]
145
146	= XML-RPC brute force protection =
147	+ Spam FireWall can mitigate XML-RPC brute force attacks. It blocks XML-RPC attacks from bad IP addresses. This helps to prevent bruteforce attacks by a Remote Procedure Call.
148
149	= No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-free anti-spam for WordPress =
150	Spam is one of the most irritating things. Spam rates are increasing every year and conventional anti-spam can no longer handle all spam bots. CleanTalk prevents and automatically blocks spam. You'll be surprised how effective CleanTalk is in protecting from spam.

196
197	With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. The existing comments and users checking process is performed in a database of the nearly 2 million identified spam bots. Detailed spam stats allows CleanTalk customers to fully control it.
198
199	+ CleanTalk has an advanced option "Spam FireWall". This option allows you to block the most active spam bots before they get access to your website. It unloads you website pages when an attempt attack was made, so your web server won't run unnecessary scripts on these pages. Also it prevents any scanning of website pages by spam bots. Subsequently Spam FireWall significantly reduces your webserver load. Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Spam FireWall will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. Spam FireWall can help to reduce the CPU usage of your server because of this reason.
200
201	"CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety".
202

276	The plugin Anti-Spam by CleanTalk stops up to 99.998% of spam comments, spam signups (registrations), spam contact emails, spam subscriptions, spam bookings or spam orders.
277
278	= Does the plugin protect from brute force, DoS attacks and spam attacks? =
279	+ Yes, it does. Please turn the option 'Spam FireWall' on in the plugin settings to protect your website from DoS/DDoS, XML-RPC attacks.
280
281	= How does the plugin stop spam? =
282	Please, note - administrator's actions are NOT being checked.

402
403	Now all fields in your submissions with the keys named 'key1', 'key2' or 'key3' will be excluded from spam checking.
404
405	+ = How to test Spam FireWall? =
406	+ Use special IP 10.10.10.10 in URL to test Spam FireWall. For example,
407
408	https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10
409

464	* Personal blacklists - go to your website Black&White Lists page.
465	* Record details: block reason, body of the message, additional caught data.
466
467	+ = Spam FireWall and AntiSpam - Networks Blocking =
468
469	Anti-Spam - will blocks users from selected IP or network from using contacts/messages/registrations/comments forms.
470	+ Spam FireWall - will blocks users from selected IP or network from entering the website.
471
472	Please, read more here
473	https://cleantalk.org/help/sfw-blocks-networks

519	10. Website's options.
520
521	== Changelog ==
522	+ = 5.94 April 23 2018 =
523	+ * Mod: Async load option for JS.
524	+ * Mod: JS scripts loading is conditional.
525	+ * Fix: IP detection.
526	+ * Fix: IP detection.
527	+ * Fix: Javascript error.
528	+
529	= 5.93.1 April 9 2018 =
530	* Fix: Fatal error on PHP 5.5 or lower.
531
532	= 5.93 April 9 2018 =
533	+ * Fix: Spam FireWall IP detection.
534	* Fix: Contact Form 7. False positives.
535	* Mod: Autoupdate function improved.
536	* Minor fixes.

555	* Minor fixes.
556
557	= 5.90 March 7 2018 =
558	+ * Improvement: Better IP recognition in Spam FireWall.
559	* Fix: Gravity Froms blocking message.
560	* Security improvments.
561	* Minor fixes.

629	= 5.80 November 3 2017 =
630	* Spam protection improved.
631	* Improved filtration quality for WooCommerce checkout.
632	+ * Minor fixes for Spam FireWall.
633
634	= 5.79 October 26 2017 =
635	* Spam protection improved.

650	* Banners logic updated.
651
652	= 5.76 September 20 2017 =
653	+ * Fixed issue with Spam FireWall and caching plugins.
654	* Banners logic updated.
655
656	= 5.75 September 15 2017 =

672
673	= 5.73 August 11 2017 =
674	* Fix for spam check for already existed users and comments.
675	+ * Spam FireWall updated.
676	* Layout fix for BT Comments.
677	* Minor fixes.
678

686	* Minor fixes.
687
688	= 5.70.2 July 17 2017 =
689	+ * Fix for Spam FireWall for Multisite.
690
691	= 5.70.1 July 17 2017 =
692	+ * Fix for Spam FireWall.
693	* Spam detection improved.
694
695	= 5.70 July 13 2017 =

699	* Optimization.
700	* Fixed users and comments spam check.
701	* Fixed layout for Comment's feedback from public page.
702	+ * Updated Spam FireWall.
703	+ * SFW: Spam FireWall counter now work in real-time.
704	* SFW: Improved compatibility with different Data Bases.
705
706	= 5.69 July 3 2017 =

745	* Major fixes for users and comments spam check.
746	* Added feedback from Wordpress comments list.
747	* Fix for "internal forms check" option.
748	+ * Fixed issue with caching Spam FireWall die page.
749	* Other small fixes.
750
751	= 5.65 May 16 2017 =

834	= 5.57 February 8 2017 =
835	* Setting page changes.
836	* Bug fixes for WooCommerce.
837	+ * Spam FireWall filters only GET requests.
838	* Optimization.
839	* Minor and major fixes.
840

865
866	= 5.53 November 28 2016 =
867	* Addition warning before deleting users.
868	+ * Spam FireWall is enabled by default.
869	* Usernoise modal feedback / contact form : integration.
870	* Translations.
871	* Optimization.

885
886	= 5.50.1 October 24 2016 =
887	* Improved filtration in contact forms.
888	+ * Spam FireWall: Fixed issue with SFW logs
889	* Skipping service fields: Fast Secure Contact Froms, QU Forms, Custom Contact Forms
890
891	= 5.50 October 20 2016 =

894	* PHP 7 compatibility: Deleted third-party JSON library and dependences.
895	* PHP 7 compatibility: Fixed end of lines.
896	* YOAST Seo: Fixed PHP warnings.
897	+ * Spam FireWall: Minor fix for Spam FireWall counter.
898	* Only admin could access to CleanTalk dashboard (exclude Authors an Editors).
899	* Improved filtration in contact forms.
900

905	* Fixed database error.
906
907	= 5.49 October 3 2016 =
908	+ * Spam FireWall feature: Class upgraded.
909	* New feature: Delete links from approved comments.
910	* Settings: Grouped.
911	* Settings: Altered description fixed spelling mistakes.
912	+ * Settings: Added indicator for Spam FireWall.
913	+ * Admin bar: Added Spam FireWall counter
914	* Clean and Simple Contact Form: Direct integration.
915	* WooCommerce: Don't check password recovery form.
916	* WooCommerce Wishlists: Issue with check for Google bots.

934	* bbPress: Skip check for admin in comments and topics
935	* UserPro: fixes. Request without field "shortcode"
936	* Contact Form 7: Bug fix.
937	+ * Spam FireWall: Optimized logs rotation.
938	* Updated inner functions (compatibility fix for PHP 5.4+)
939	* Fixed output of counters (without spamfirewall stats)
940	* Fixed spelling in settings

1019	* Minor fix in plugin settings.
1020	* Fixed pagination for bulk users spam test.
1021	* Fixed issue with unknown _SESSION.
1022	+ * Fixed issue with double Spam FireWall database upload.
1023
1024	= 5.39.1 2016-04-04 =
1025	* Improved AJAX based anti-spam test with HTTPS backends.
1026	* Added fix to avoid issue with empty ct_info_flag on JavaScript side.
1027	+ * Added logic to exclude caching for Spam FireWall.
1028	* Removed a condition to skip accounts with 127.0.0.1 IP in spam test for registered acconts.
1029
1030	= 5.38.1 2016-03-24 =
1031	* Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'.
1032	+ * Removed Spam FireWall protection on /feed page.
1033	* Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off.
1034	* Added reject notice for spam submissions on Gravity forms with AJAX calls.
1035

1073
1074	= 5.33 2015-12-01 =
1075	* Backend interface fixes
1076	+ * Improved Spam FireWall efficiency
1077	* Improved performance of anti spam checking
1078
1079	= 5.32 2015-11-26 =

1086	= 5.31 2015-11-11 =
1087	* Improved backend performance
1088	* Fixed counter of approved/blocked spam attacks
1089	+ * Fixed Spam FireWall logging
1090
1091	= 5.30 2015-11-05 =
1092	* Improved anti-spam checking

1110	* Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
1111
1112	= 5.27 2015-10-13 =
1113	+ * Improvements in Spam FireWall feature
1114	* Code optimization
1115	* Backend interface fixes
1116
1117	= 5.26 2015-10-05 =
1118	* Added WordPress Language Pack support
1119	* Removed spam checking for some autorisation plugins
1120	+ * New experimental feature: Spam FireWall
1121
1122	= 5.25.2 2015-09-28 =
1123	* Fixed backend bug

1580	* First version
1581
1582	== Upgrade Notice ==
1583	+ = 5.94 April 23 2018 =
1584	+ * Mod: Async load option for JS.
1585	+ * Mod: JS scripts loading is conditional.
1586	+ * Fix: IP detection.
1587	+ * Fix: IP detection.
1588	+ * Fix: Javascript error.
1589	+
1590	= 5.93.1 April 9 2018 =
1591	* Fix: Fatal error on PHP 5.5 or lower.
1592

1616	* Minor fixes.
1617
1618	= 5.90 March 7 2018 =
1619	+ * Improvement: Better IP recognition in Spam FireWall.
1620	* Fix: Gravity Froms blocking message.
1621	* Security improvments.
1622	* Minor fixes.

1690	= 5.80 November 3 2017 =
1691	* Spam protection improved.
1692	* Improved filtration quality for WooCommerce checkout.
1693	+ * Minor fixes for Spam FireWall.
1694
1695	= 5.79 October 26 2017 =
1696	* Spam protection improved.

1711	* Banners logic updated.
1712
1713	= 5.76 September 20 2017 =
1714	+ * Fixed issue with Spam FireWall and caching plugins.
1715	* Banners logic updated.
1716
1717	= 5.75 September 15 2017 =

1733
1734	= 5.73 August 11 2017 =
1735	* Fix for spam check for already existed users and comments.
1736	+ * Spam FireWall updated.
1737	* Layout fix for BT Comments.
1738	* Minor fixes.
1739

1747	* Minor fixes.
1748
1749	= 5.70.2 July 17 2017 =
1750	+ * Fix for Spam FireWall for Multisite.
1751
1752	= 5.70.1 July 17 2017 =
1753	+ * Fix for Spam FireWall.
1754	* Spam detection improved.
1755
1756	= 5.70 July 13 2017 =

1760	* Optimization.
1761	* Fixed users and comments spam check.
1762	* Fixed layout for Comment's feedback from public page.
1763	+ * Updated Spam FireWall.
1764	+ * SFW: Spam FireWall counter now work in real-time.
1765	* SFW: Improved compatibility with different Data Bases.
1766
1767	= 5.69 July 3 2017 =

1806	* Major fixes for users and comments spam check.
1807	* Added feedback from Wordpress comments list.
1808	* Fix for "internal forms check" option.
1809	+ * Fixed issue with caching Spam FireWall die page.
1810	* Other small fixes.
1811
1812	= 5.65 May 16 2017 =

1895	= 5.57 February 8 2017 =
1896	* Setting page changes.
1897	* Bug fixes for WooCommerce.
1898	+ * Spam FireWall filters only GET requests.
1899	* Optimization.
1900	* Minor and major fixes.
1901

1926
1927	= 5.53 November 28 2016 =
1928	* Addition warning before deleting users.
1929	+ * Spam FireWall is enabled by default.
1930	* Usernoise modal feedback / contact form : integration.
1931	* Translations.
1932	* Optimization.

1946
1947	= 5.50.1 October 24 2016 =
1948	* Improved filtration in contact forms.
1949	+ * Spam FireWall: Fixed issue with SFW logs
1950	* Skipping service fields: Fast Secure Contact Froms, QU Forms, Custom Contact Forms
1951
1952	= 5.50 October 20 2016 =

1955	* PHP 7 compatibility: Deleted third-party JSON library and dependences.
1956	* PHP 7 compatibility: Fixed end of lines.
1957	* YOAST Seo: Fixed PHP warnings.
1958	+ * Spam FireWall: Minor fix for Spam FireWall counter.
1959	* Only admin could access to CleanTalk dashboard (exclude Authors an Editors).
1960	* Improved filtration in contact forms.
1961

1966	* Fixed database error.
1967
1968	= 5.49 October 3 2016 =
1969	+ * Spam FireWall feature: Class upgraded.
1970	* New feature: Delete links from approved comments.
1971	* Settings: Grouped.
1972	* Settings: Altered description fixed spelling mistakes.
1973	+ * Settings: Added indicator for Spam FireWall.
1974	+ * Admin bar: Added Spam FireWall counter
1975	* Clean and Simple Contact Form: Direct integration.
1976	* WooCommerce: Don't check password recovery form.
1977	* WooCommerce Wishlists: Issue with check for Google bots.

1995	* bbPress: Skip check for admin in comments and topics
1996	* UserPro: fixes. Request without field "shortcode"
1997	* Contact Form 7: Bug fix.
1998	+ * Spam FireWall: Optimized logs rotation.
1999	* Updated inner functions (compatibility fix for PHP 5.4+)
2000	* Fixed output of counters (without spamfirewall stats)
2001	* Fixed spelling in settings

2079	* Minor fix in plugin settings.
2080	* Fixed pagination for bulk users spam test.
2081	* Fixed issue with unknown _SESSION.
2082	+ * Fixed issue with double Spam FireWall database upload.
2083
2084	= 5.39.1 2016-04-04 =
2085	* Improved AJAX based anti-spam test with HTTPS backends.
2086	* Added fix to avoid issue with empty ct_info_flag on JavaScript side.
2087	+ * Added logic to exclude caching for Spam FireWall.
2088	* Removed a condition to skip accounts with 127.0.0.1 IP in spam test for registered acconts.
2089
2090	= 5.38.1 2016-03-24 =
2091	* Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'.
2092	+ * Removed Spam FireWall protection on /feed page.
2093	* Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off.
2094	* Added reject notice for spam submissions on Gravity forms with AJAX calls.
2095

2126
2127	= 5.33 2015-12-01 =
2128	* Backend interface fixes
2129	+ * Improved Spam FireWall efficiency
2130	* Improved performance of anti spam checking
2131
2132	= 5.32 2015-11-26 =

2162	* Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
2163
2164	= 5.27 2015-10-13 =
2165	+ * Improvements in Spam FireWall feature
2166	* Code optimization
2167	* Backend interface fixes
2168
2169	= 5.26 2015-10-05 =
2170	* Added WordPress Language Pack support
2171	* Removed spam checking for some autorisation plugins
2172	+ * New experimental feature: Spam FireWall
2173
2174	= 5.25.2 2015-09-28 =
2175	* Fixed backend bug

Spam protection, AntiSpam, FireWall by CleanTalk - Version 5.94

Version Description

Release Info

Code changes from version 5.93.1 to 5.94