ax11

Mea culpa! Forgot to add https port to /etc/fail2ban/jail.local

I have been seeing the same thing in my logs again for some days now. Didn’t this problem seem to be solved quite a while ago? Looks like it’s back again.Yesterdays logs show one single IP happily sending tens of subsequent requests per second to xmlrpc.php for hours.

I am not blaming anyone. I just noticed, it’s likely too big for the casual user.
If I’d intend to post ten times a day to ten different social networks, I’d probably be quite happy with it. .

Point made. There are -as I see things- two possibilities of taking action:

• the fundamental one, which is introduction of a -voluntary and optional- ‘radically free’ badge which means absolutely no registration, maximally one “donate” button, one link that can be opted out.
• the alternative with votes and so on, which I see -at least partiall- implemented in the rating system, but should be extended in a way that any ‘phone home’-routine or required registration must be mentioned (before installation)

I far as I am into these things. the second point might even be necessary to conform with some European privacy laws. I am quite sure that this applies at least to Germany.

I do not trust anyone. Especially noone who has even remotely to do with search engines. And if I discover spyware or what I believe to be a rip-off anywhere I use to inform everyone within reach. Even if my occasionally drastic words are not always appreciated ??
And for the rest: I think a “donate” button is perfectly ok. I have not said a word against that. I just think that there should be an eye kept on some increasingly “creative” and proactive ways of monetarization. Some of them do not seem to leave the most positive impression to everyone and they might affect WPs overall reputation if left completely uncontrolled.

Well, being a plugin -and a lot of other things- dev myself, I think this request should even go further: I’d -and I will in an extra thread- suggest a “not-annoying-plugin” badge exclusively for plugins that

• are not panhandling in an aggressive way
• do not require “registration” with untrusted third parties
• are not only teasers for paid services

The plugins section sometimes reminds me to certain areas in the net where you should never go with javascript allowed. I don’t think this will have any positive effects on the long run.

I am not sure if I got your directory structure right, as “lib and js are in lib” seems to be rather paradox to me.
But if I unterstood you at least halfway right, then the very first Answer in the FAQ adresses your problem.

5.2.6 with suhosin-patch 0.9.6.2.
Default install from Debian stable.

I would be happy to say “I was configuring the control widget”. It’s just that I coudn’t even touch it. It lookx like the Ajax script tried to load on mouseover and instantly failed.
Due to the nature of the bug I wasn’t able to get any information out of it apart from “Ajax Error!”.

Same here. Auth and keys are OK. So is login status. PHP memory is at upper limits already. Apache logs do not report any errors. There’s just no sign of STCs providing any of its expected functions.