This PHP warning, already reported here, is still flooding the error.log.

array_rand(): Array is empty in /wp-content/plugins/honeypot-toolkit/lib/HoneypotToolkit.class.php on line 129'

I went to my site today and I got the black screen failed to load error. I disabled all plugins and when I when to reactivate HoneyPot Toolkit I got the following message:

Plugin could not be activated because it triggered a?fatal error.

The following is when I found in the WordPress error log:

[Sun Mar 12 13:16:10.923330 2023] [proxy_fcgi:error] [pid 1134495:tid 140028055373568] [client 172.177.133.249:61435] AH01071: Got error 'PHP message: PHP Warning:  Use of undefined constant ABSPATH - assumed 'ABSPATH' (this will throw an Error in a future version of PHP) in /var/www/wordpress/wp-includes/class-wp-http.php on line 11PHP message: PHP Warning:  Use of undefined constant WPINC - assumed 'WPINC' (this will throw an Error in a future version of PHP) in /var/www/wordpress/wp-includes/class-wp-http.php on line 11PHP message: PHP Warning:  require(ABSPATHWPINC/class-requests.php): failed to open stream: No such file or directory in /var/www/wordpress/wp-includes/class-wp-http.php on line 11PHP message: PHP Fatal error:  require(): Failed opening required 'ABSPATHWPINC/class-requests.php' (include_path='.:/usr/share/php') in /var/www/wordpress/wp-includes/class-wp-http.php on line 11', referer: binance.com
[Sun Mar 12 13:16:16.514171 2023] [proxy_fcgi:error] [pid 1134495:tid 140028724426496] [client 172.177.133.249:60774] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Class 'WP_Dependencies' not found in /var/www/wordpress/wp-includes/class-wp-scripts.php:18\nStack trace:\n#0 {main}\n  thrown in /var/www/wordpress/wp-includes/class-wp-scripts.php on line 18', referer: binance.com
[Sun Mar 12 13:16:36.331052 2023] [proxy_fcgi:error] [pid 1134495:tid 140028038588160] [client 172.177.133.249:58896] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Class 'WP_Dependencies' not found in /var/www/wordpress/wp-includes/class-wp-styles.php:18\nStack trace:\n#0 {main}\n  thrown in /var/www/wordpress/wp-includes/class-wp-styles.php on line 18', referer: binance.com
[Sun Mar 12 13:18:35.364815 2023] [proxy_fcgi:error] [pid 1134495:tid 140028206376704] [client 172.177.133.249:59779] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function get_the_block_template_html() in /var/www/wordpress/wp-includes/template-canvas.php:12\nStack trace:\n#0 {main}\n  thrown in /var/www/wordpress/wp-includes/template-canvas.php on line 12', referer: binance.com
[Sun Mar 12 13:20:13.571512 2023] [proxy_fcgi:error] [pid 1134495:tid 140028716033792] [client 172.177.133.249:57799] AH01071: Got error 'PHP message: PHP Warning:  Use of undefined constant ABSPATH - assumed 'ABSPATH' (this will throw an Error in a future version of PHP) in /var/www/wordpress/wp-includes/blocks/index.php on line 8PHP message: PHP Warning:  Use of undefined constant WPINC - assumed 'WPINC' (this will throw an Error in a future version of PHP) in /var/www/wordpress/wp-includes/blocks/index.php on line 8PHP message: PHP Warning:  require(ABSPATHWPINC/blocks/legacy-widget.php): failed to open stream: No such file or directory in /var/www/wordpress/wp-includes/blocks/index.php on line 11PHP message: PHP Fatal error:  require(): Failed opening required 'ABSPATHWPINC/blocks/legacy-widget.php' (include_path='.:/usr/share/php') in /var/www/wordpress/wp-includes/blocks/index.php on line 11', referer: binance.com
[Sun Mar 12 13:20:44.275158 2023] [proxy_fcgi:error] [pid 1134495:tid 140028197984000] [client 172.177.133.249:52775] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Class 'WP_Widget' not found in /var/www/wordpress/wp-includes/widgets/class-wp-widget-block.php:17\nStack trace:\n#0 {main}\n  thrown in /var/www/wordpress/wp-includes/widgets/class-wp-widget-block.php on line 17', referer: binance.com

Dear Jeff

Thank you for a great plugin! However I am a non-technical person, and I am afraid I don’t know how to use your plugin, and I cant hire a web developer for this purpose. Basically, I want to use this plugin in woocommerce registration and checkout pages, and also in my subscription sign up form in the website. But I am at a loss on how to implement this solution. Could you please help me or provide me with documentation that would show a step-by-step process on how to do it?

Kind regards,

Can you add a feature of whitelist by json link list for Google Bot (https://developers.google.com/static/search/apis/ipranges/googlebot.json)

Also I need whitelist by reverse ip check for yandex bots. (https://yandex.com/support/webmaster/robot-workings/check-yandex-robots.html)

Because It blocks search engines bots.

Hi Jeff!

In lib/HoneypotToolkit.class.php on line 861 $_SERVER['SERVER_ADDR'] is not necessarily set. I suggest to use this if condition instead: if ($ipAddress != '' && isset($_SERVER['SERVER_ADDR']) && $ipAddress == $_SERVER['SERVER_ADDR']) {.

Best,
Marian

Hi Jeff!

In lib/HoneypotToolkit.class.php on line 129 $positions is an empty array if all honeypot positions are unchecked and array_rand() complains about an empty array.

Adding

if (empty($positions)) {
  return;
}

before $positionKey = array_rand($positions, 1); would fix that issue.

Best,
Marian

For the last few updates I am unable to view the blocklist, whitelist, or activity list. I just get a spinning dot on the screen ad infinitum.

Hi!

I noticed that PHP throws the following warning:

Undefined array key 0 in honeypot-toolkit/lib/HoneypotToolkit.class.php on line 901
Trying to access array offset on value of type null in toolkit/lib/HoneypotToolkit.class.php on line 901

Best,
Marian

Hello Jeff,

since just now, the plugin generates a PHP error (white page) for me. I disabled it in the database and tried to disable it again in the backend.
Meaning with the following error message:

“The plugin cannot be activated because it generates a fatal error.”

(“Das Plugin kann nicht aktiviert werden, da es einen fatalen Fehler erzeugt.”)

TIA
Cheers
Michael

What is about gdpr usage of this plugin on european websites?

Is the honeypot project blacklist loaded to the plugin on the website, or do the plugin looks for the ip by sending the visitor ip to the honeypot project server?

We love your plugin, but have to deactivate the it, until this question is answered and love to hear from you.

Best regards, Alex

Hello, I installed the plugin. Then I registered and typed the api key to the plugin. I created honeypot and uploaded it to my site and wrote the extension on the plugin. When I try to go to Honeypot with my browser “Cloudflare protected IP encountered.” he is writing. What should I do? I also stayed in step 3 of honeypot setup.

https://prnt.sc/zd16u4

Hi!

It would be great if you can add the rel=”nofollow” attribute to the link that is generated for the Honeypot script. So instead of something like:

<a href="https://www.example.com/gene.php" style="display: none;" title=" s l DHuOQeKXGlfD j g C"> s l DHuOQeKXGlfD j g C</a>

adding the above attribute to generate this:

<a rel="nofollow" href="https://www.example.com/gene.php" style="display: none;" title=" s l DHuOQeKXGlfD j g C"> s l DHuOQeKXGlfD j g C</a>

That will prevent legit bots like Google and others from following the link to the Honeypot.

Thanks!

Hi all!
If you receive the php warning:

Deprecated: Unparenthesized 'a ? b : c ? d : e' is deprecated. Use either '(a ? b : c) ? d : e' or 'a ? b : (c ? d : e)' in /path/to/wp-content/plugins/honeypot-toolkit/lib/HoneypotToolkit.class.php on line xxx
Here is the fix:
change line 209 from:
$activityNotes .= (isset($_SERVER['SERVER_NAME']))? htmlentities($_SERVER['SERVER_NAME']):(isset($_SERVER['HTTP_HOST']))? htmlentities($_SERVER['HTTP_HOST']):'';
to:
$activityNotes .= ((isset($_SERVER['SERVER_NAME']))? htmlentities($_SERVER['SERVER_NAME']):(isset($_SERVER['HTTP_HOST'])))? htmlentities($_SERVER['HTTP_HOST']):'';
change line 337 from:
$activityNotes .= (isset($_SERVER['SERVER_NAME']))? htmlentities($_SERVER['SERVER_NAME']):(isset($_SERVER['HTTP_HOST']))? htmlentities($_SERVER['HTTP_HOST']):'';
to:
$activityNotes .= ((isset($_SERVER['SERVER_NAME']))? htmlentities($_SERVER['SERVER_NAME']):(isset($_SERVER['HTTP_HOST'])))? htmlentities($_SERVER['HTTP_HOST']):'';
change line 364 from:
$activityNotes .= ((isset($_SERVER['SERVER_NAME']))? htmlentities($_SERVER['SERVER_NAME']):(isset($_SERVER['HTTP_HOST']))? htmlentities($_SERVER['HTTP_HOST']):'');
to:
$activityNotes .= (((isset($_SERVER['SERVER_NAME']))? htmlentities($_SERVER['SERVER_NAME']):(isset($_SERVER['HTTP_HOST'])))? htmlentities($_SERVER['HTTP_HOST']):'');

Hopefully Jeff will have some time to fix this and push out an update.
Thanks!
Brian Brown, Ph.D
@brianbrown

• This topic was modified 4 years, 4 months ago by Brian Brown, Ph.D.. Reason: forgot the code markers
• This topic was modified 4 years, 4 months ago by Brian Brown, Ph.D..
• This topic was modified 4 years, 4 months ago by Brian Brown, Ph.D..
• This topic was modified 4 years, 4 months ago by Brian Brown, Ph.D..
• This topic was modified 4 years, 4 months ago by Brian Brown, Ph.D..

Hello,

yes, I read you advices of adding IP ranges to whitelist in order to avoid being blocked. But technically this can not work because not everyone has always the same IP adresses (range). You have one range at home, one at work, one on the go, one at your family … And if a blog does have several authors you can multiply this. So, the advice does not work at all. And beside that: adding all these ranges will macke your plugin in obselete when you have more whitelisted IP than blocked.

So I wonder if it would be a possibility to provide an url with a secret key (per user or one for all) with which a user can unblock by oneself. That should not be a problem at all since other blocking plugins do have such a mechanism.

Is there any chance you could add this ?

Thanks in advance

Dragon013

Hi

Can I ask, is there any possibility that this plugin and the script could disrupt any anti-hotlinking scripts on NGINX servers?

Thanks in advance

Rob

Hi,

I have set honeypot threat level to 25 but it is blocking real visitors who whose ip are below 1 threat count. I set up the days to 60 but when I refresh it goes back to 255 days.

As I get a lot of traffic it is so hard to manually check ip and whitelist them.

Any suggestion on how to block only spam ip?

thank you

I’ve read over the FAQs, Instructions, and a Forum post with the exact same question, but I can’t seem to figure out what to type into this field. Thanks for any hints.

Hi
I was doing some work this morning on my site. All was fine.
I came back 2 hours later. All I got was a white screen (frontend and backend).
If I disable Honeypot my site comes back.
How can I get into my site with Honeypot enabled under this conditions?
You need a safe backdoor entry if this happens.

Can you help?

Rob

Hi,
i like your plugin very much and it does its job very well. But i miss an option, to anonymize the last part of IPv4 or IPv6. GDPR is neccessary for every european website and their visitors.
Would love to see that feature in future.

With best regards from Germany,
ITDAH

In batches of 15 IP-numbers per 30 minutes, at least one hacker is trying to brute force access, using the domain name of the WP-installation. Saving a domain name (i.e. ending with a point + Top-Level Domain) in the “Banned Usernames” field on the login tab of the settings page of the Honeypot_Toolkit plugin presents a submission error: “Please correct the fields marked in red”. This warning is triggered whenever such entry contains a point. I kindly request to allow the point.

PS: Thanks for developing and maintaining this plugin! ??

Hi
After our last message about whitelisting the local IP address. I had an issue today where the ISP became inactive and I rebooted my router and got locked out, even though I whitelisted the IP range before. It seems that the IP range changes.
Maybe you need to find a way to have the ppplugin know the admins IP and have that taken from the HoneyPot process.

Hi
I installed the plugin went through the set-up process. Not sure what the box for Honeypot path was for. That is blank. Added the script to my server, activated it, and added one of the html suggested links to a vulnerable page. Checked it was OK.
Then when I refreshed, it went whites screen
How can I get the plugin up again, as I disable it, to do the necessary checks and changes?

Thanks for the toolkit!

With the plugin installed and enabled, and either of the options “Use Spamcop” or “Use Project Honeypot” checked, every page-load hangs, often resulting in timeout errors which render the entire site unusable. WordPress and this plugin are fully updated, and otherwise working well.

Welcome to the support forum for Honeypot Toolkit. Please take a few minutes to look through some of the support questions that have previously been asked. Your problem might have already been solved in a previous support thread. This plugin can block access to your site so be careful not to lock yourself out. If you do, just rename the plugin folder to gain access. You can find information for setup and troubleshooting the app at the following addresses.

Documentation: https://www.sterupdesign.com/dev/wordpress/plugins/honeypot-toolkit/documentation/

This official source recommends to use MULTIPLE hyperlink formats, in order to fool even clever harvesters. Currently, the plugin inserts a link only in this fixed/ single format:
<div style="display: none;"><a href="path/script.php" title="randomstring">randomstring</a></div>
Hence, as an admin of the plugin, I would like to configure the inserted link/code instead, so I am free to include other and/ or multiple hyperlink formats, such as:

<a href="https://www.{..}.php"><!-- obstacle --></a>
<a href="https://www.{..}.php"><img src="obstacle.gif" height="1" width="1" border="0"></a>
<a href="https://www.{..}.php" style="display: none;">obstacle</a>
<div style="display: none;"><a href="https://www.{..}.php">obstacle</a></div>
<a href="https://www.{..}.php"></a>
<!-- <a href="https://www.{..}.php">obstacle</a> -->
<div style="position: absolute; top: -250px; left: -250px;"><a href="https://www.{..}.php">obstacle</a></div>
<a href="https://www.{..}.php"><span style="display: none;">obstacle</span></a>
<a href="https://www.{..}.php"><div style="height: 0px; width: 0px;"></div></a>

Hi Jeff,

Thanks for the great tool.

Can you please clarify what the Honey Pot path is for: should it be blank or filled in; is optional; is that where you would enter the path for the project honeypot local php script?

Thanks,

Brad

Hi, thank you for this amazing plugin you made! ??
I saw it runs some queries checking stuff on the control panel while logged. Is not possible to prevent some of these queries if not needed and maybe run just some of them while logged and some while not? In order to improve my server performance…

Thank you very much! ??

• This topic was modified 5 years, 10 months ago by diegpl.
• This topic was modified 5 years, 10 months ago by diegpl.

Hi Jeff,

Does the honeypot still working if using a page caching plugin? Thanks

Hi. Is it possible to be notified (via email or anything else, Telegram, Slack, etc) when a block occurs?

Hi. I’ve just started testing this plugin and have found that when Google bot generates 404’s it gets blocked by the plugin.

The following should never ever be blocked:

AOL.com
Baidu
Bingbot/MSN
DuckDuckGo
Googlebot
Teoma
Yahoo!
Yandex

So there’s got to be a way to have an inbuilt whitelist for the above, so even when monitoring 404’s or anything else, the above don’t get blocked.

Can you please implement or advise how we can implement easily?

When adding Google bot manually to the whitelist:

https://evert.meulie.net/faqwd/googlebot-ip-ranges/

there should also be a way to add CIDR’s:

64.18.0.0/20

instead of ranges:

64.18.0.0 – 64.18.15.255

It will just make it much easier.

A better list looks to be here:

https://www.techarp.com/guides/search-engine-robot-ip-addresses/

Thanks.

• This topic was modified 6 years ago by WordPressFan.
• This topic was modified 6 years ago by WordPressFan.