XF 2.2 hCaptcha configuration error: invalid-remoteip

spk100

Member
Recently I switched to Ezoic for monetization and I moved to their cloudflare. I do not have the caching enabled.

Then these started appearing in bucket loads. Just in the last 2 days - 384 of them.


Stack trace​

#0 src/XF.php(218): XF\Error->logError('hCaptcha config...', false)
#1 src/XF/Captcha/HCaptcha.php(122): XF::logError('hCaptcha config...')
#2 src/XF/Mvc/Controller.php(883): XF\Captcha\HCaptcha->isValid()
#3 src/XF/Pub/Controller/Register.php(409): XF\Mvc\Controller->captchaIsValid()
#4 src/XF/Mvc/Dispatcher.php(352): XF\Pub\Controller\Register->actionRegister(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:Register', 'Register', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Register), NULL)
#6 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Register), NULL)
#7 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2351): XF\Mvc\Dispatcher->run()
#9 src/XF.php(517): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}
 

Chris D

XenForo developer
Staff member
The remoteip that we send through to hCaptcha is supposed to be the user’s IP address.

If you’re behind various proxies it’s possible that the IP address they’re actually seeing belongs to Ezoic or Cloudflare and hCaptcha may be recognising this as being invalid.

You may find that in XF every single user is being logged with the same IP addresses or group of addresses that belong to the proxies rather than the users.

I would seek support of Ezoic/Cloudflare in the first instance. The real user IP is usually sent in the request and you may be able to map that to the correct server value so that IP addresses are sent correctly but the specifics of that may vary.

This typically looks something like this but in the Cloudflare case we handle this automatically so it may be that there are specific steps in your environment:

PHP:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
{
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
 
Top