Wird mein Shop gehackt?

Hallo.

Ich bekomme seit 3-4 Wochen folgende Fehlermeldungen:

ERROR
Message: 	

Shopware\Components\CSRFTokenValidationException: The provided X-CSRF-Token for path "/wp-admin/admin-post.php?page=301bulkoptions" is invalid. Please go back, reload the page and try again. in /home/www/Shopware/engine/Shopware/Components/CSRFTokenValidator.php:144
Stack trace:
#0 /home/www/Shopware/engine/Library/Enlight/Event/Handler/Default.php(91): Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /home/www/Shopware/engine/Library/Enlight/Event/EventManager.php(219): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#2 /home/www/Shopware/engine/Library/Enlight/Controller/Action.php(175): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#3 /home/www/Shopware/engine/Library/Enlight/Controller/Dispatcher/Default.php(563): Enlight_Controller_Action->dispatch('indexAction')
#4 /home/www/Shopware/engine/Library/Enlight/Controller/Front.php(222): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#5 /home/www/Shopware/engine/Shopware/Kernel.php(202): Enlight_Controller_Front->dispatch()
#6 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php(102): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#7 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(448): Symfony\Component\HttpKernel\HttpCache\SubRequestHandler::handle(Object(Shopware\Kernel), Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /home/www/Shopware/engine/Shopware/Components/HttpCache/AppCache.php(260): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(238): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /home/www/Shopware/engine/Shopware/Components/HttpCache/AppCache.php(142): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(181): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /home/www/Shopware/engine/Shopware/Components/HttpCache/AppCache.php(116): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /home/www/Shopware/shopware.php(122): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}


request: 	

{
    "uri": "/wp-admin/admin-post.php?page=301bulkoptions",
    "method": "POST",
    "query": {
        "page": "301bulkoptions",
        "module": "frontend",
        "controller": "wp-admin",
        "action": "admin-post.php"
    },
    "post": {
        "_wp_http_referer": "/wp-admin/options-general.php?page=301bulkoptions",
        "submit_bulk_301": "1",
        "auto_detect_end_line": "0",
        "wpnonce": "887cc0cb2f"
    }
}

Es kommen ungefähr 10 an einem Tag. Alle Meldungen unterscheiden sich bis auf das “wp-admin”.

Und heute kamm eine ganz andere Fehlermeldung:

ERROR
Message: 	

Shopware\Components\CSRFTokenValidationException: The provided X-CSRF-Token for path "/xmlrpc.php" is invalid. Please go back, reload the page and try again. in /home/www/Shopware/engine/Shopware/Components/CSRFTokenValidator.php:144
Stack trace:
#0 /home/www/Shopware/engine/Library/Enlight/Event/Handler/Default.php(91): Shopware\Components\CSRFTokenValidator->checkFrontendTokenValidation(Object(Enlight_Controller_ActionEventArgs))
#1 /home/www/Shopware/engine/Library/Enlight/Event/EventManager.php(219): Enlight_Event_Handler_Default->execute(Object(Enlight_Controller_ActionEventArgs))
#2 /home/www/Shopware/engine/Library/Enlight/Controller/Action.php(175): Enlight_Event_EventManager->notify('Enlight_Control...', Object(Enlight_Controller_ActionEventArgs))
#3 /home/www/Shopware/engine/Library/Enlight/Controller/Dispatcher/Default.php(563): Enlight_Controller_Action->dispatch('indexAction')
#4 /home/www/Shopware/engine/Library/Enlight/Controller/Front.php(222): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp))
#5 /home/www/Shopware/engine/Shopware/Kernel.php(202): Enlight_Controller_Front->dispatch()
#6 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php(102): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#7 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(448): Symfony\Component\HttpKernel\HttpCache\SubRequestHandler::handle(Object(Shopware\Kernel), Object(Symfony\Component\HttpFoundation\Request), 1, true)
#8 /home/www/Shopware/engine/Shopware/Components/HttpCache/AppCache.php(260): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL)
#9 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(238): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true)
#10 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(255): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true)
#11 /home/www/Shopware/engine/Shopware/Components/HttpCache/AppCache.php(142): Symfony\Component\HttpKernel\HttpCache\HttpCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#12 /home/www/Shopware/vendor/symfony/http-kernel/HttpCache/HttpCache.php(181): Shopware\Components\HttpCache\AppCache->invalidate(Object(Symfony\Component\HttpFoundation\Request), true)
#13 /home/www/Shopware/engine/Shopware/Components/HttpCache/AppCache.php(116): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#14 /home/www/Shopware/shopware.php(122): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request))
#15 {main}


Channel: 	

core

request: 	

{
    "uri": "/xmlrpc.php",
    "method": "POST",
    "query": {
        "module": "frontend",
        "controller": "xmlrpc.php",
        "action": "index"
    },
    "post": []
}

Jetzt habe ich auch eine Datei “phpstan.neon” im Shopordner.

Was kann es bedeuten? Versucht da jemand meinen Shop zu hacken?

Vielen dank im voraus!

MfG. Anatoli

Das ist einfach ein Bot der nach Schwachstellen sucht, anscheinend vor alles nach WordPress URLs. Kannst du ignorieren, die Meldung sagt dir nur, dass der Schutz funktioniert.

@Moritz Naczenski schrieb:

Das ist einfach ein Bot der nach Schwachstellen sucht, anscheinend vor alles nach WordPress URLs. Kannst du ignorieren, die Meldung sagt dir nur, dass der Schutz funktioniert.

Vielen Dank für eine schnelle Antwort!

Kann man dagegen etwas unternehmen?

Du könntest die IPs sperren.

Anleitung: Auf dem Server den Zugriff raussuchen (die IP) und per Whois die IP abfragen: http://www.utrace.de/

Entweder in der htacess hintendranhängen, besser auf dem Server direkt per fail2ban

deny from 176.121.14
deny from 185.100.87
deny from 85.25.236
deny from 37.187.148
deny from .....

und hier kommen noch ca. 50 Stück.

Wen einer meine gesamte Liste will: PN