Support » Plugin: http:BL WordPress Plugin » Recent Update & Warning on Desc Page

  • You have placed a fairly dire warning on the Description Page:

    “Versions prior to 2.0 should be used only with extreme caution. There are known security issues and vulnerabilities.”

    But the only version available is 1.91.

    Also there was an Update issued with the Changelog, “New maintainer check in” or something similar.

    After applying that update I am seeing error logs generated:

    [05-Aug-2015 12:04:58 UTC] PHP Warning:  mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /wp-content/plugins/httpbl/httpbl.php on line 26
    [05-Aug-2015 12:04:58 UTC] PHP Warning:  mysql_real_escape_string(): A link to the server could not be established in /wp-content/plugins/httpbl/httpbl.php on line 26
    [05-Aug-2015 16:29:42 UTC] PHP Warning:  mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /wp-content/plugins/httpbl/httpbl.php on line 26
    [05-Aug-2015 16:29:42 UTC] PHP Warning:  mysql_real_escape_string(): A link to the server could not be established in /wp-content/plugins/httpbl/httpbl.php on line 26

    Should I remove http:bl?

    It appears to still be doing its job, having caught several spam bots just today.

    I am quite concerned about the warning with no advice on use “with extreme caution” might look like. For exampel, having secured the directory with htaccess, is that extreme caution?

    Is there a version 2.0 somewhere? Or is that a reference to version 2.0 of WordPresas, in which case why would anyone be running such an outdated install?

    As you can see, I am quite confused. I am assuming that because it has not been removed from the repository for having serious vulnerabilities, that it is safe to use.

    Though I would like the new error messages addressed because they look worrisome in their own right — attempts to connect to the db with odd username and no password? Why would it be doing that?

    https://wordpress.org/plugins/httpbl/

  • The topic ‘Recent Update & Warning on Desc Page’ is closed to new replies.