XF 2.2 a strange kind of attack

[Kassierer]

Hello,


since a few weeks the server error log is filled with entries like this one:

Server error log

ErrorException: [E_DEPRECATED] trim(): Passing null to parameter #1 ($string) of type string is deprecated src/XF/Debugger.php:229

Generated by: Unknown account Mar 3, 2022 at 9:22 PM

Stack trace

#0 [internal function]: XF::handlePhpError(8192, '[E_DEPRECATED] ...', '/home/rr184dbq/...', 229)
#1 src/XF/Debugger.php(229): trim(NULL)
#2 src/XF/Debugger.php(124): XF\Debugger::getDatabaseDebugInfo(Object(XF\Db\Mysqli\Adapter))
#3 src/XF/App.php(2125): XF\Debugger->getDebugPageHtml()
#4 src/XF/App.php(2355): XF\App->finalOutputFilter(Object(XF\Http\Response))
#5 src/XF.php(517): XF\App->run()
#6 index.php(20): XF::runApp('XF\\Pub\\App')
#7 {main}

Request state

array(4) {
["url"] => string(33) "/whats-new/posts/174739/?_debug=1"
["referrer"] => bool(false)
["_GET"] => array(1) {
["_debug"] => string(1) "1"
}
["_POST"] => array(0) {
}
}

The only thing that changes is the post ID, like in the error log entry before the one quoted: ["url"] => string(33) "/whats-new/posts/172344/?_debug=1"

Our forum has less than 2,000 posts, so this looks some kind of attack to me, as there are 206 pages of error records, starting from February, 6th (the last time I cleared the log).

We are running 2.2.8 Patch 1.

Any advice how I can react (at the moment, I just clear the server error log).


Kind regards,

Georg

 

[Jeremy P]

You are running your forum in debug mode on PHP 8.1. There are some outstanding issues with PHP 8.1 compatibility, the debug page among them. Any time someone requests the debug page, you will receive that error in your log. In any case, you should never enable debug mode on a production site.

 

[Old Nick]

You are running your forum in debug mode on PHP 8.1. There are some outstanding issues with PHP 8.1 compatibility

You don't recommend PHP 8.1 with last XF release ?

 

[Mouth]

You don't recommend PHP 8.1 with last XF release ?

"XenForo 2.2.8 brings initial PHP 8.1 support to XenForo. We do not currently recommend upgrading to PHP 8.1 in production [...]"

XenForo 2.2.8 Patch 1 and Add-On Updates Released

XenForo 2.2.8 Released XenForo 2.2.8 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability. XenForo 2.2.8 brings initial PHP 8.1 support to XenForo...

xenforo.com

 

[Jeremy P]

You don't recommend PHP 8.1 with last XF release ?

We appreciate people running it on test installations where possible to help catch any outstanding issues, but otherwise not just yet.

 

[Old Nick]

Too late, a week ago my server was upgraded to PHP 8.1...
How can i help now ? I didn't notice issues for the moment.

 

[Jeremy P]

Initial support was added in XF 2.2.8 so most things should continue to work. Otherwise just report any issues you come across or server errors you receive, assuming you can reproduce them with a default style and add-ons disabled, and they have not already been reported (as always).

 

[Kassierer]

Good morning, Jeremy P -


correct, the board was running with debug enable. I can't tell you why, but I switched it off and will have a look on how things develop and also report back here.

Thank you!


Georg