No problems or worries, just a compliment to M66B for Shortcode-exec-php. I looked for it so I could favorite it but see that it’s no longer listed.
Thanks for creating it in the first place. I’ve been enjoying it on one of my sites and now that I finally understand more about the role of shortcodes and have time to improve the way I do things I was hoping to deploy it to more sites but alas, it’s apparently retired.
Thank you again and if you have a replacement to suggest, please let me know.
Mike
Website hobbyist
Fairport, NY
You have placed a fairly dire warning on the Description Page:
“Versions prior to 2.0 should be used only with extreme caution. There are known security issues and vulnerabilities.”
But the only version available is 1.91.
Also there was an Update issued with the Changelog, “New maintainer check in” or something similar.
After applying that update I am seeing error logs generated:
[05-Aug-2015 12:04:58 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /wp-content/plugins/httpbl/httpbl.php on line 26
[05-Aug-2015 12:04:58 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /wp-content/plugins/httpbl/httpbl.php on line 26
[05-Aug-2015 16:29:42 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /wp-content/plugins/httpbl/httpbl.php on line 26
[05-Aug-2015 16:29:42 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /wp-content/plugins/httpbl/httpbl.php on line 26Should I remove http:bl?
It appears to still be doing its job, having caught several spam bots just today.
I am quite concerned about the warning with no advice on use “with extreme caution” might look like. For exampel, having secured the directory with htaccess, is that extreme caution?
Is there a version 2.0 somewhere? Or is that a reference to version 2.0 of WordPresas, in which case why would anyone be running such an outdated install?
As you can see, I am quite confused. I am assuming that because it has not been removed from the repository for having serious vulnerabilities, that it is safe to use.
Though I would like the new error messages addressed because they look worrisome in their own right — attempts to connect to the db with odd username and no password? Why would it be doing that?
]]>Just installed on 3.9.1, and the IP’s it’s blocked so far, seem to be for very good reason.
Even if it has not been updated in over 2 years, it appears just fine.
]]>I’m running both WP 3.32 and 3.4 RC1.
I want to thank Jan St?pień, who is not even currently using WordPress, for updating the http:BL code back in March.
The plugin operates exactly as expected and does an excellent job of blocking spammers and malicious bot attacks.
]]>On the description page it states “Compatible up to: 2.9.2” but below that there is the “Compatibility” box that shows 3.31. Is that drop down box just there for users to log in and vote or is http:BL actually compatible with 3.31 but the author has not updated it?
]]>WordPress database error: [Table ‘myprefix.wp_httpbl_log’ doesn’t exist]
SELECT blocked,count(*) FROM wp_httpbl_log GROUP BY blocked
Deactivating, un-installing and re-installing did not work as a solution for me.
The table does not exist.
Can you provide me with the SQL code so that I can plug it in directly?
]]>I’m looking for some (hopefully) trivial clarification by the developer(s) about the plugin’s logic. It’s about the logic of the http:BL plugin which uses the same two threshold / cutoff values as the API, of course: age and threat level. What I don’t understand is the logic of the age evaluation. There are two possible scenarios:
The significance is this: if it’s the first of the two, then a higher value means better protection (the net is wider, as it catches older offenders while it always catches recent ones). If however it’s the second, then a lower value means better protection.
The snag with case #2 is that unless the value is set to zero the typically more serious / troubling very recent offenders that were seen earlier in the same day (think e.g. a botnet attack) are off the hook… Case#2 makes little sense to me, but someone told me that that is how it works.
]]>I’ve used httpbl for quite some time but it’s no longer that effective.
I’ve noticed IPs listed on the Project Honeypot blacklists are being allowed through by httpbl.
I’ve had to install a second, more recent anti-spam plugin which also consults the Project Honeypot databases and its catching what httpbl is missing.
]]>