Fehlermeldungen aus dem Shop

Ero24 · 18. August 2016 um 15:38

Hallo,

wenn im Shop ein Fehler auftritt erhalte ich darüber eine Mail. Seit gestern werden aber permanent Mails mit Fehlermeldungen geschickt:

Message:

 exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /home/sexshopl/public\_html/engine/Shopware/Components/CSRFTokenValidator.php:161 Stack trace: #0 [internal function]: Shopware\Components\CSRFTokenValidator-\>checkFrontendTokenValidation(Object(Enlight\_Controller\_ActionEventArgs)) #1 /home/sexshopl/public\_html/engine/Library/Enlight/Event/Handler/Default.php(91): call\_user\_func(Array, Object(Enlight\_Controller\_ActionEventArgs)) #2 /home/sexshopl/public\_html/engine/Library/Enlight/Event/EventManager.php(214): Enlight\_Event\_Handler\_Default-\>execute(Object(Enlight\_Controller\_ActionEventArgs)) #3 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Action.php(143): Enlight\_Event\_EventManager-\>notify('Enlight\_Control...', Object(Enlight\_Controller\_ActionEventArgs)) #4 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight\_Controller\_Action-\>dispatch('notifyAction') #5 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Front.php(223): Enlight\_Controller\_Dispatcher\_Default-\>dispatch(Object(Enlight\_Controller\_Request\_RequestHttp), Object(Enlight\_Controller\_Response\_ResponseHttp)) #6 /home/sexshopl/public\_html/engine/Shopware/Kernel.php(176): Enlight\_Controller\_Front-\>dispatch() #7 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel-\>handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #8 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL) #9 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache-\>forward(Object(Symfony\Component\HttpFoundation\Request), true) #10 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>pass(Object(Symfony\Component\HttpFoundation\Request), true) #11 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>invalidate(Object(Symfony\Component\HttpFoundation\Request), true) #12 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache-\>invalidate(Object(Symfony\Component\HttpFoundation\Request), true) #13 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #14 /home/sexshopl/public\_html/shopware.php(101): Shopware\Components\HttpCache\AppCache-\>handle(Object(Symfony\Component\HttpFoundation\Request)) #15 {main}

Time:

 2016-08-18T16:30:09.521382+0200

Channel:

 core

request:

 { "uri": "/secu\_payment\_secupay/notify?id=bde998d96f649fa00afc609777199344", "method": "POST", "query": { "id": "bde998d96f649fa00afc609777199344", "module": "frontend", "controller": "secu\_payment\_secupay", "action": "notify" }, "post": { "hash": "dwbolddtusti1423122", "status\_id": "59", "status\_description": "Zahlung abgebrochen", "changed": "1471445743", "payment\_status": "denied", "apikey": "ea7d8c78c26ce44ad20241d80bacfef9e0d39311", "hint": "" } }

session:

 { "sessionId": "006d2fe93557894d1786c8f08bf7297f4ffe4c9677ecc872396b8673c65bacb9", "sArea": null, "sCountry": null, "sState": null, "X-CSRF-Token": "FE1xU9bgOZ6h7cUOHYEyHZ1OKJWoj6", "Bot": null }

shopId:

shopName:

 Deutsch

Leider weiß ich nicht was ich damit anfangen soll. Kann mir da bitte jemand helfen? Vielen Dank.

kulli · 18. August 2016 um 16:14

welche shopversion ?

Moritz_Naczenski · 18. August 2016 um 19:05

Hallo,

da die Fehlermeldung auf der URL /secu_payment_secupay auftritt, würde ich vermuten, dass das Plugin noch nicht mit 5.2 kompatibel ist. Der Fehler sagt erstmal, dass da ein Aufruf nicht in der CSRF-Whitelist steht.

Moritz

delivinos · 19. August 2016 um 03:28

Guten Morgen,

ich bin gestern mit zwei Shops auf Shopware umgestiegen, kann von den Fehlern allerdings auch berichten. Gestern kamen die sporadisch mit den unterschiedlichsten Meldungen, eben kamen 75 Meldungen innerhalb von 65 Sekunden. Hier vermute ich mal eine Suchmaschine als Auslöser?

Shopware 5.2.5, Plugins alle von Shopware (PayPal, Google Services, Import/Export Advanced), außer Payone. Hauptshop und subshop.

Message

exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/CSRFTokenValidator.php:161
Stack trace:
#0 [internal function]: Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/Handler/Default.php(91): call_user_func(Array, Object(Enlight_Controller_ActionEventArgs))
#2 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/EventManager.php(214): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#3 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Action.php(143): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#4 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight_Controller_Action->dispatch('indexAction')
#5 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#6 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Kernel.php(176): Enlight_Controller_Front->dispatch()
#7 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/shopware.php(101): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}

2016-08-18T20:35:55.227564+0200
Cannnel

core
{
    "uri": "/index.php?",
    "method": "POST",
    "query": {
        "module": "frontend",
        "controller": "index.php",
        "action": "index"
    },
    "post": {
        "stoken": "1D0BE259",
        "force_sid": "",
        "lang": "0",
        "cnid": "c078755a86f644ff725a7800175fe877",
        "listtype": "list",
        "ldtype": "line",
        "cl": "details",
        "aid": "F28742",
        "anid": "F28742",
        "parentid": "F28742",
        "panid": "",
        "fnc": "tobasket",
        "am": "1"
    }
}

Session

{
    "sessionId": "ac57925de9b8a067bffc6ab74e8c7aa25d9c3c2c0b6f34a64e8725be3fd005ad",
    "sArea": null,
    "sCountry": null,
    "sState": null,
    "X-CSRF-Token": "A5FIC0lPDdMvKyx0uARgIyoYPyfnJc",
    "Bot": null
}
1

Und heute Morgen beispielsweise eine der genau 75 E-Mails:

Message

exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/CSRFTokenValidator.php:161
Stack trace:
#0 [internal function]: Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/Handler/Default.php(91): call_user_func(Array, Object(Enlight_Controller_ActionEventArgs))
#2 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/EventManager.php(214): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#3 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Action.php(143): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#4 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight_Controller_Action->dispatch('indexAction')
#5 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#6 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Kernel.php(176): Enlight_Controller_Front->dispatch()
#7 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/shopware.php(101): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}

Channel und Session

2016-08-19T04:56:38.737584+0200
core
{
    "uri": "/",
    "method": "POST",
    "query": [],
    "post": {
        "1000000": ""
    }
}
{
    "sessionId": "e79aaf713e56552467a7b992c2a6c9bba8d71bf821ae23cd2fb6ed3251337d36",
    "sArea": null,
    "sCountry": null,
    "sState": null,
    "X-CSRF-Token": "L9zWRVjpHxqcEfUHFozx4ERO804bcD",
    "Bot": null
}

Vielleicht klemmt da doch noch etwas?

Gruß

Peter

Moritz_Naczenski · 19. August 2016 um 06:06

Die Fehlermeldung tritt ja nur auf, wenn jemand einen POST-Request auf der Seite macht. Die beiden Beispiele von dir sind ja auch auf URLs, die im Regelfall nicht per POST aufgerufen werden. Sieht mir also durchaus nach einem Bot aus, der versucht bei dir eine Schwachstelle zu finden. Insofern ist es völlig korrekt, dass die Fehlermeldung geworfen wird.

delivinos · 19. August 2016 um 06:14

Danke für die Info. Dann werden wir das einfach weiter beobachten…

Gruß

Peter

Thema		Antworten	Aufrufe
Fehlermeldung / CSRFTokenValidator.php:161 Installation/Einstieg	3	1170	25. Januar 2017
["gelöst"] Fehlermeldungen des Shops bzgl. Outlook und Autodiscover nach Update auf 5.2. wg. X-CSRF Administration	37	3528	7. Juli 2020
Hunderte Fehlermeldungen CSRFTokenValidationException Allgemein	1	379	21. Oktober 2016
Fehlermeldung X-CSRF-Token Allgemein	15	1232	8. November 2016
Fehler seit Update von 5.23 auf 5.25 Allgemein	18	1221	29. September 2016

Fehlermeldungen aus dem Shop

Verwandte Themen