XF 1.5 I have been advised there is a 0-day exploit in xenforo

and that it will show in the error logs as lots of repeated registration errors.

The person will not give me specifics but it is related to registration.

"it's impossible to detect pretty much unless you get server errors on the registration form"

These are the targeted modules:

/var/www/vhosts/thissite.com/httpdocs/library/Zend/Http/Client.php(973): Zend_Http_Client_Adapter_Socket->connect('www.google.com', 443, true) #1 /var/www/vhosts/thissite.com/httpdocs/library/XenForo/Captcha/NoCaptcha.php(76): Zend_Http_Client->request('POST') #2 /var/www/vhosts/thissite.com/httpdocs/library/XenForo/Captcha/Abstract.php(129): XenForo_Captcha_NoCaptcha->isValid(Array) #3 /var/www/vhosts/thissite.com/httpdocs/library/XenForo/ControllerPublic/Register.php(355): XenForo_Captcha_Abstract::validateDefault(Object(XenForo_Input)) #4 /var/www/vhosts/thissite.com/httpdocs/library/XenForo/FrontController.php(351): XenForo_ControllerPublic_Register->actionRegister() #5 /var/www/vhosts/thissite.com/httpdocs/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch)) #6 /var/www/vhosts/thissite.com/httpdocs/index.php(13): XenForo_FrontController->run() #7 {main}



XenForo developer
Staff member
While you never truly know if there's truth to a claim like this, we've had plenty of bogus security issue claims with a very similar pattern. In the past, investigations have clearly shown that the attacker knew a password of an admin, probably due to password reuse.

Having staff use a password manager and enable two step verification is strongly recommended.

In terms of the error quoted, that is just related to verifying a captcha with Google. If you have more details or log info, please send it to me in a conversation and we'll investigate.