Fehlermeldungen aus dem Shop

Ero24 · 18. August 2016 um 15:38

Hallo,

wenn im Shop ein Fehler auftritt erhalte ich darüber eine Mail. Seit gestern werden aber permanent Mails mit Fehlermeldungen geschickt:

Message:

 exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /home/sexshopl/public\_html/engine/Shopware/Components/CSRFTokenValidator.php:161 Stack trace: #0 [internal function]: Shopware\Components\CSRFTokenValidator-\>checkFrontendTokenValidation(Object(Enlight\_Controller\_ActionEventArgs)) #1 /home/sexshopl/public\_html/engine/Library/Enlight/Event/Handler/Default.php(91): call\_user\_func(Array, Object(Enlight\_Controller\_ActionEventArgs)) #2 /home/sexshopl/public\_html/engine/Library/Enlight/Event/EventManager.php(214): Enlight\_Event\_Handler\_Default-\>execute(Object(Enlight\_Controller\_ActionEventArgs)) #3 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Action.php(143): Enlight\_Event\_EventManager-\>notify('Enlight\_Control...', Object(Enlight\_Controller\_ActionEventArgs)) #4 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight\_Controller\_Action-\>dispatch('notifyAction') #5 /home/sexshopl/public\_html/engine/Library/Enlight/Controller/Front.php(223): Enlight\_Controller\_Dispatcher\_Default-\>dispatch(Object(Enlight\_Controller\_Request\_RequestHttp), Object(Enlight\_Controller\_Response\_ResponseHttp)) #6 /home/sexshopl/public\_html/engine/Shopware/Kernel.php(176): Enlight\_Controller\_Front-\>dispatch() #7 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel-\>handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #8 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL) #9 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache-\>forward(Object(Symfony\Component\HttpFoundation\Request), true) #10 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>pass(Object(Symfony\Component\HttpFoundation\Request), true) #11 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>invalidate(Object(Symfony\Component\HttpFoundation\Request), true) #12 /home/sexshopl/public\_html/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache-\>invalidate(Object(Symfony\Component\HttpFoundation\Request), true) #13 /home/sexshopl/public\_html/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache-\>handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #14 /home/sexshopl/public\_html/shopware.php(101): Shopware\Components\HttpCache\AppCache-\>handle(Object(Symfony\Component\HttpFoundation\Request)) #15 {main}

Time:

 2016-08-18T16:30:09.521382+0200

Channel:

 core

request:

 { "uri": "/secu\_payment\_secupay/notify?id=bde998d96f649fa00afc609777199344", "method": "POST", "query": { "id": "bde998d96f649fa00afc609777199344", "module": "frontend", "controller": "secu\_payment\_secupay", "action": "notify" }, "post": { "hash": "dwbolddtusti1423122", "status\_id": "59", "status\_description": "Zahlung abgebrochen", "changed": "1471445743", "payment\_status": "denied", "apikey": "ea7d8c78c26ce44ad20241d80bacfef9e0d39311", "hint": "" } }

session:

 { "sessionId": "006d2fe93557894d1786c8f08bf7297f4ffe4c9677ecc872396b8673c65bacb9", "sArea": null, "sCountry": null, "sState": null, "X-CSRF-Token": "FE1xU9bgOZ6h7cUOHYEyHZ1OKJWoj6", "Bot": null }

shopId:

shopName:

 Deutsch

Leider weiß ich nicht was ich damit anfangen soll. Kann mir da bitte jemand helfen? Vielen Dank.

kulli · 18. August 2016 um 16:14

welche shopversion ?

Moritz_Naczenski · 18. August 2016 um 19:05

Hallo,

da die Fehlermeldung auf der URL /secu_payment_secupay auftritt, würde ich vermuten, dass das Plugin noch nicht mit 5.2 kompatibel ist. Der Fehler sagt erstmal, dass da ein Aufruf nicht in der CSRF-Whitelist steht.

Moritz

delivinos · 19. August 2016 um 03:28

Guten Morgen,

ich bin gestern mit zwei Shops auf Shopware umgestiegen, kann von den Fehlern allerdings auch berichten. Gestern kamen die sporadisch mit den unterschiedlichsten Meldungen, eben kamen 75 Meldungen innerhalb von 65 Sekunden. Hier vermute ich mal eine Suchmaschine als Auslöser?

Shopware 5.2.5, Plugins alle von Shopware (PayPal, Google Services, Import/Export Advanced), außer Payone. Hauptshop und subshop.

Message

exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/CSRFTokenValidator.php:161
Stack trace:
#0 [internal function]: Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/Handler/Default.php(91): call_user_func(Array, Object(Enlight_Controller_ActionEventArgs))
#2 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/EventManager.php(214): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#3 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Action.php(143): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#4 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight_Controller_Action->dispatch('indexAction')
#5 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#6 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Kernel.php(176): Enlight_Controller_Front->dispatch()
#7 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/shopware.php(101): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}

2016-08-18T20:35:55.227564+0200
Cannnel

core
{
    "uri": "/index.php?",
    "method": "POST",
    "query": {
        "module": "frontend",
        "controller": "index.php",
        "action": "index"
    },
    "post": {
        "stoken": "1D0BE259",
        "force_sid": "",
        "lang": "0",
        "cnid": "c078755a86f644ff725a7800175fe877",
        "listtype": "list",
        "ldtype": "line",
        "cl": "details",
        "aid": "F28742",
        "anid": "F28742",
        "parentid": "F28742",
        "panid": "",
        "fnc": "tobasket",
        "am": "1"
    }
}

Session

{
    "sessionId": "ac57925de9b8a067bffc6ab74e8c7aa25d9c3c2c0b6f34a64e8725be3fd005ad",
    "sArea": null,
    "sCountry": null,
    "sState": null,
    "X-CSRF-Token": "A5FIC0lPDdMvKyx0uARgIyoYPyfnJc",
    "Bot": null
}
1

Und heute Morgen beispielsweise eine der genau 75 E-Mails:

Message

exception 'Shopware\Components\CSRFTokenValidationException' with message 'The provided X-CSRF-Token is invalid. Please go back, reload the page and try again.' in /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/CSRFTokenValidator.php:161
Stack trace:
#0 [internal function]: Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/Handler/Default.php(91): call_user_func(Array, Object(Enlight_Controller_ActionEventArgs))
#2 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Event/EventManager.php(214): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#3 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Action.php(143): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#4 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Dispatcher/Default.php(523): Enlight_Controller_Action->dispatch('indexAction')
#5 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#6 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Kernel.php(176): Enlight_Controller_Front->dispatch()
#7 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(487): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(275): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(133): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/vendor/symfony/http-kernel/HttpCache/HttpCache.php(206): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/engine/Shopware/Components/HttpCache/AppCache.php(114): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /var/www/vhosts/web1.293.onlineshophosting.de/html/swdv56/shopware.php(101): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}

Channel und Session

2016-08-19T04:56:38.737584+0200
core
{
    "uri": "/",
    "method": "POST",
    "query": [],
    "post": {
        "1000000": ""
    }
}
{
    "sessionId": "e79aaf713e56552467a7b992c2a6c9bba8d71bf821ae23cd2fb6ed3251337d36",
    "sArea": null,
    "sCountry": null,
    "sState": null,
    "X-CSRF-Token": "L9zWRVjpHxqcEfUHFozx4ERO804bcD",
    "Bot": null
}

Vielleicht klemmt da doch noch etwas?

Gruß

Peter

Moritz_Naczenski · 19. August 2016 um 06:06

Die Fehlermeldung tritt ja nur auf, wenn jemand einen POST-Request auf der Seite macht. Die beiden Beispiele von dir sind ja auch auf URLs, die im Regelfall nicht per POST aufgerufen werden. Sieht mir also durchaus nach einem Bot aus, der versucht bei dir eine Schwachstelle zu finden. Insofern ist es völlig korrekt, dass die Fehlermeldung geworfen wird.

delivinos · 19. August 2016 um 06:14

Danke für die Info. Dann werden wir das einfach weiter beobachten…

Gruß

Peter

Thema		Antworten	Aufrufe
Neuinstallation auf 5.2.1. -> X-CSRF-Token is invalid. Allgemein	46	14352	21. Februar 2018
Fehlermail 'Shopware\Components\CSRFTokenValidationException' ohne, dass Änderungen vorgen. wurden Allgemein	14	2301	15. September 2016
Versuch eines Sammelthreads zu X-CSRF-Token / Validierungsproblem Allgemein	155	23939	5. April 2017
Fehlermeldungen von Shopware Programmierung customelements	4	667	17. Dezember 2018
Probleme nach Update auf neuste Version / wir brauchen dringend Hilfe / X-CSRF-Token Problem Allgemein	6	928	10. September 2016

Fehlermeldungen aus dem Shop

Verwandte Themen