Support » Plugin: Spam protection, AntiSpam, FireWall by CleanTalk » Weird Entries Related to CleanTalk Plugin in Server Log

  • Resolved Yet Another WP User

    (@yet-another-wp-user)


    Today while checking server logs, I found following entry:

    POST /?spbc_remote_call_token=xxxxx&spbc_remote_call_action=sfw_update&plugin_name=apbct&file_url=https%3A%2F%2Fapix2.cleantalk.org%2Fstore%2Fbl_list_xxxxx.csv.gz HTTP/1.1

    There were 41 entries.

    The useragent used was “APBCT(wordpress-51183)”.

    The entries were blocked by server due to restrictions applied via .htaccess file.

    I want to know what CleanTalk plugin was trying to do using these POST commands?

    I only have CleanTalk Spam Firewall enabled. All form protections are disabled.

Viewing 15 replies - 1 through 15 (of 17 total)
  • Plugin Support amagsumov

    (@amagsumov)

    Hello, @yet-another-wp-user

    Thank you for your request.

    I’ve passed your question to programmer staff.

    You’ll be contacted within 48 hours.

    Best regards.

    Plugin Author Safronik

    (@safronik)

    Hello @yet-another-wp-user

    This is remote calls system as you can see spbc_remote_call_action = sfw_update
    We use it to update SpamFireWall’s local database on your website. Website sends request to itself.
    Wordpress’s built in schedule system works in the same way. For example, you could search “wp-cron.php” in your webserver access log.

    The entries were blocked by server due to restrictions applied via .htaccess file.

    What restrictions you are talking about? Are these restrictrictions were made by you?

    Please, allow these requests to get full functionality of the plugin.

    Contact us.

    Yet Another WP User

    (@yet-another-wp-user)

    @safronik
    Yes. Those restrictions were made by me using .htaccess file. I’m blocking all attempts to access .gz files as many hackers try to download .gz files regularly.

    I have never seen these entries of CleanTalk plugin since 1 or 2 years when I started using this plugin. So why suddenly these attempts were made?

    Did you change some functionality to update blocklist of SFW?

    Plugin Support alexandergull

    (@alexandergull)

    Hello

    I’ve passed your question to programmer staff.

    You’ll be contacted within 48 hours.

    Best regards.

    Plugin Author Safronik

    (@safronik)

    @yet-another-wp-user

    Yes we did. Such scheme provide no delay when an updating is triggered, because we perform it in other PHP process.

    As i told above, i recommend you to allow such requests. Maybe you could make an exception for *.cleantalk.org domain?

    Thank you for interesting question!

    • This reply was modified 8 months ago by Safronik.
    Yet Another WP User

    (@yet-another-wp-user)

    @safronik
    Thanks for the answer.

    I want to ask following questions for further clarification:

    1. I noticed that “spbc_remote_call_token=” and the token used in “bl_list_xxxxxxxxx.csv.gz” filename were same in all requests. Do they depend upon the license key and will never change or they are random?

    2. Will your plugin always use “APBCT(wordpress-51183)” as useragent or will it change in future? Also is this useragent fixed for all plugin users or the ending numbers differ for different wordpress versions?

    I’m asking these questions so that I can decide which thing should I whitelist in .htaccess rules to allow these requests from CleanTalk plugin.

    Plugin Support amagsumov

    (@amagsumov)

    Hello, @yet-another-wp-user

    I’ve passed your question to programmer staff.

    You’ll be contacted within 48 hours.

    Best regards.

    Plugin Author Safronik

    (@safronik)

    Hello @yet-another-wp-user

    Filename and license key have no connection.
    We have standardized user-agent for you.
    In this (https://downloads.wordpress.org/plugin/cleantalk-spam-protect.zip) and further versions in will be looks like
    APBCT-wordpress/NNN.NNN.NNN; http://YOURWEBSITE.com
    , where
    NNN.NNN.NNN – version. it could be “1” or “2.39” or “999.999.999” or “unknown”.
    here is the regular expression for you:
    (APBCT-wordpress)\/(unknown|\d+\.\d+\.?\d?-?.*?);\s?(.*)

    Contact us if you have questions.

    • This reply was modified 8 months ago by Safronik.
    Yet Another WP User

    (@yet-another-wp-user)

    @safronik
    Thank you so much. I appreciate that you standardized the useragent. It’ll help me and many other plugin users in whitelisting CleanTalk plugin.

    I still have one question:

    Are the token used in “spbc_remote_call_token=” and “bl_list_xxxxxxxxx.csv.gz” filename in URLs same for all websites or different for each website? Also will the token change in future or will remain same?

    Plugin Support amagsumov

    (@amagsumov)

    I’ve passed your question.

    You’ll be contacted within 48 hours.

    Please, wait.

    Plugin Author Safronik

    (@safronik)

    @yet-another-wp-user

    You should not relay on gz file name, it could be random.
    But spbc_remote_call_token depends from access key, they are different for each website.

    Yet Another WP User

    (@yet-another-wp-user)

    @safronik
    Thanks for your replies. I have whitelisted CleanTalk now.

    Plugin Support alexandergull

    (@alexandergull)

    No problem, @yet-another-wp-user.

    Write back to us anytime.

    Best regards.

    Yet Another WP User

    (@yet-another-wp-user)

    After removing the restriction from .htaccess file, I again tried by accessing the blocked URL manually in web browser and I found following error message:

    Warning: gzopen(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/xxx/public_html/wp-content/plugins/cleantalk-spam-protect/lib/CleantalkSFW_Base.php on line 205
    
    Warning: gzopen(https://apix2.cleantalk.org/store/bl_list_xxxxx.csv.gz): failed to open stream: no suitable wrapper could be found in /home/xxx/public_html/wp-content/plugins/cleantalk-spam-protect/lib/CleantalkSFW_Base.php on line 205
    FAIL {"error":"ERROR_OPEN_GZ_FILE"}

    So I assume even after removing the blocking rule, cleantalk is still unable to update blocklist for Spam Firewall.

    Plugin Support alexandergull

    (@alexandergull)

    Okay, I transfer it to the developer. We can check it in a few days.

    Be well,

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Weird Entries Related to CleanTalk Plugin in Server Log’ is closed to new replies.