XF 2.2 a strange kind of attack

Kassierer

Member
Hello,


since a few weeks the server error log is filled with entries like this one:
Server error log

ErrorException: [E_DEPRECATED] trim(): Passing null to parameter #1 ($string) of type string is deprecated src/XF/Debugger.php:229

Generated by: Unknown account Mar 3, 2022 at 9:22 PM

Stack trace

#0 [internal function]: XF::handlePhpError(8192, '[E_DEPRECATED] ...', '/home/rr184dbq/...', 229)
#1 src/XF/Debugger.php(229): trim(NULL)
#2 src/XF/Debugger.php(124): XF\Debugger::getDatabaseDebugInfo(Object(XF\Db\Mysqli\Adapter))
#3 src/XF/App.php(2125): XF\Debugger->getDebugPageHtml()
#4 src/XF/App.php(2355): XF\App->finalOutputFilter(Object(XF\Http\Response))
#5 src/XF.php(517): XF\App->run()
#6 index.php(20): XF::runApp('XF\\Pub\\App')
#7 {main}

Request state

array(4) {
["url"] => string(33) "/whats-new/posts/174739/?_debug=1"
["referrer"] => bool(false)
["_GET"] => array(1) {
["_debug"] => string(1) "1"
}
["_POST"] => array(0) {
}
}

The only thing that changes is the post ID, like in the error log entry before the one quoted: ["url"] => string(33) "/whats-new/posts/172344/?_debug=1"

Our forum has less than 2,000 posts, so this looks some kind of attack to me, as there are 206 pages of error records, starting from February, 6th (the last time I cleared the log).

We are running 2.2.8 Patch 1.

Any advice how I can react (at the moment, I just clear the server error log).


Kind regards,

Georg
 
Solution
You are running your forum in debug mode on PHP 8.1. There are some outstanding issues with PHP 8.1 compatibility, the debug page among them. Any time someone requests the debug page, you will receive that error in your log. In any case, you should never enable debug mode on a production site.

Jeremy P

XenForo developer
Staff member
You are running your forum in debug mode on PHP 8.1. There are some outstanding issues with PHP 8.1 compatibility, the debug page among them. Any time someone requests the debug page, you will receive that error in your log. In any case, you should never enable debug mode on a production site.
 
Solution

Mouth

Well-known member
You don't recommend PHP 8.1 with last XF release ?
"XenForo 2.2.8 brings initial PHP 8.1 support to XenForo. We do not currently recommend upgrading to PHP 8.1 in production [...]"
 

Jeremy P

XenForo developer
Staff member
Initial support was added in XF 2.2.8 so most things should continue to work. Otherwise just report any issues you come across or server errors you receive, assuming you can reproduce them with a default style and add-ons disabled, and they have not already been reported (as always).
 

Kassierer

Member
Good morning, Jeremy P -


correct, the board was running with debug enable. I can't tell you why, but I switched it off and will have a look on how things develop and also report back here.

Thank you!


Georg
 
Top