Fehlermeldungen aus dem Shop

Hallo,

wenn im Shop ein Fehler auftritt erhalte ich darüber eine Mail. Seit gestern werden aber permanent Mails mit Fehlermeldungen geschickt:

Message:

 exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /home/sexshopl/public\_html/engine/Shopware/Components/CSRFTokenValidator.php:161 Stack trace: #0 [internal function]: Shopware\Components\CSRFTokenValidator-\>checkFrontendTokenValidation(Object(Enlight\_Controller\_ActionEventArgs)) #1 /home/sexshopl/public\_html/engine/Library/Enlight/Event/Handler/Default.php(91): call\_user\_func(Array, Object(Enlight\_Controller\_ActionEventArgs)) #2 /home/sexshopl/public\_html/engine/Library/Enlight/Event/EventManager.php(214): Enlight\_Event\_Handler\_Default-\>execute(Object(Enlight\_Controller\_ActionEventArgs)) #3 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Action.php(143): Enlight\_Event\_EventManager-\>notify('Enlight\_Control...', Object(Enlight\_Controller\_ActionEventArgs)) #4 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight\_Controller\_Action-\>dispatch('notifyAction') #5 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Front.php(223): Enlight\_Controller\_Dispatcher\_Default-\>dispatch(Object(Enlight\_Controller\_Request\_RequestHttp), Object(Enlight\_Controller\_Response\_ResponseHttp)) #6 /home/sexshopl/public\_html/engine/Shopware/Kernel.php(176): Enlight\_Controller\_Front-\>dispatch() #7 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel-\>handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #8 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL) #9 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache-\>forward(Object(Symfony\Component\HttpFoundation\Request), true) #10 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>pass(Object(Symfony\Component\HttpFoundation\Request), true) #11 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>invalidate(Object(Symfony\Component\HttpFoundation\Request), true) #12 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache-\>invalidate(Object(Symfony\Component\HttpFoundation\Request), true) #13 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #14 /home/sexshopl/public\_html/shopware.php(101): Shopware\Components\HttpCache\AppCache-\>handle(Object(Symfony\Component\HttpFoundation\Request)) #15 {main}

Time:

 2016-08-18T16:30:09.521382+0200

Channel:

 core

request:

 { "uri": "/secu\_payment\_secupay/notify?id=bde998d96f649fa00afc609777199344", "method": "POST", "query": { "id": "bde998d96f649fa00afc609777199344", "module": "frontend", "controller": "secu\_payment\_secupay", "action": "notify" }, "post": { "hash": "dwbolddtusti1423122", "status\_id": "59", "status\_description": "Zahlung abgebrochen", "changed": "1471445743", "payment\_status": "denied", "apikey": "ea7d8c78c26ce44ad20241d80bacfef9e0d39311", "hint": "" } }

session:

 { "sessionId": "006d2fe93557894d1786c8f08bf7297f4ffe4c9677ecc872396b8673c65bacb9", "sArea": null, "sCountry": null, "sState": null, "X-CSRF-Token": "FE1xU9bgOZ6h7cUOHYEyHZ1OKJWoj6", "Bot": null }

shopId:

 1

shopName:

 Deutsch

 

Leider weiß ich nicht was ich damit anfangen soll. Kann mir da bitte jemand helfen? Vielen Dank.

welche shopversion ?

 

1 Like

Hallo,

da die Fehlermeldung auf der URL /secu_payment_secupay auftritt, würde ich vermuten, dass das Plugin noch nicht mit 5.2 kompatibel ist. Der Fehler sagt erstmal, dass da ein Aufruf nicht in der CSRF-Whitelist steht.

Moritz

1 Like

Guten Morgen,

ich bin gestern mit zwei Shops auf Shopware umgestiegen, kann von den Fehlern allerdings auch berichten. Gestern kamen die sporadisch mit den unterschiedlichsten Meldungen, eben kamen 75 Meldungen innerhalb von 65 Sekunden. Hier vermute ich mal eine Suchmaschine als Auslöser?

Shopware 5.2.5, Plugins alle von Shopware (PayPal, Google Services, Import/Export Advanced), außer Payone. Hauptshop und subshop.

Message

exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/CSRFTokenValidator.php:161
Stack trace:
#0 [internal function]: Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/Handler/Default.php(91): call_user_func(Array, Object(Enlight_Controller_ActionEventArgs))
#2 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/EventManager.php(214): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#3 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Action.php(143): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#4 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight_Controller_Action->dispatch('indexAction')
#5 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#6 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Kernel.php(176): Enlight_Controller_Front->dispatch()
#7 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/shopware.php(101): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}

2016-08-18T20:35:55.227564+0200
Cannnel

core
{
    "uri": "/index.php?",
    "method": "POST",
    "query": {
        "module": "frontend",
        "controller": "index.php",
        "action": "index"
    },
    "post": {
        "stoken": "1D0BE259",
        "force_sid": "",
        "lang": "0",
        "cnid": "c078755a86f644ff725a7800175fe877",
        "listtype": "list",
        "ldtype": "line",
        "cl": "details",
        "aid": "F28742",
        "anid": "F28742",
        "parentid": "F28742",
        "panid": "",
        "fnc": "tobasket",
        "am": "1"
    }
}

Session

{
    "sessionId": "ac57925de9b8a067bffc6ab74e8c7aa25d9c3c2c0b6f34a64e8725be3fd005ad",
    "sArea": null,
    "sCountry": null,
    "sState": null,
    "X-CSRF-Token": "A5FIC0lPDdMvKyx0uARgIyoYPyfnJc",
    "Bot": null
}
1

 

Und heute Morgen beispielsweise eine der genau 75 E-Mails: 

Message

exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/CSRFTokenValidator.php:161
Stack trace:
#0 [internal function]: Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/Handler/Default.php(91): call_user_func(Array, Object(Enlight_Controller_ActionEventArgs))
#2 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/EventManager.php(214): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#3 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Action.php(143): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#4 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight_Controller_Action->dispatch('indexAction')
#5 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#6 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Kernel.php(176): Enlight_Controller_Front->dispatch()
#7 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/shopware.php(101): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}

 

Channel und Session

2016-08-19T04:56:38.737584+0200
core
{
    "uri": "/",
    "method": "POST",
    "query": [],
    "post": {
        "1000000": ""
    }
}
{
    "sessionId": "e79aaf713e56552467a7b992c2a6c9bba8d71bf821ae23cd2fb6ed3251337d36",
    "sArea": null,
    "sCountry": null,
    "sState": null,
    "X-CSRF-Token": "L9zWRVjpHxqcEfUHFozx4ERO804bcD",
    "Bot": null
}

 

Vielleicht klemmt da doch noch etwas?

Gruß

Peter

1 Like

Die Fehlermeldung tritt ja nur auf, wenn jemand einen POST-Request auf der Seite macht. Die beiden Beispiele von dir sind ja auch auf URLs, die im Regelfall nicht per POST aufgerufen werden. Sieht mir also durchaus nach einem Bot aus, der versucht bei dir eine Schwachstelle zu finden. Insofern ist es völlig korrekt, dass die Fehlermeldung geworfen wird.

2 Likes

Danke für die Info. Dann werden wir das einfach weiter beobachten…

Gruß 

Peter

1 Like