Recently, there have been reports of mass website hacks on Bitrix: Site Manager and Bitrix24. Messages that appeared on June 28th, 2022, mentioned dozens of website hacks, but the exact number is still unknown. It should be noted that 1C-Bitrix has already fixed all known vulnerabilities in May of this year and sent out information emails on this topic. Therefore, hacks are only possible on websites that are running outdated versions of the CMS.
1C-Bitrix has officially announced the absence of vulnerabilities in the current version of the CMS. For those who maintain their own website on 1C-Bitrix, it is highly recommended to update it. To do this, you need to have an active license and perform the following actions:
- Create a backup of the website and make sure it is available.
- If possible, deploy a backup on a test server and perform the update there.
- If you have no issues updating and haven't made any changes to the core, and all code supports PHP 7.4, then you can update directly.
- If you need to update PHP and MySQL to current versions, you should create a backup at the server/hosting level beforehand.
- After the update, it is necessary to check the functionality of all website sections.
In addition to the recommendations listed, there are several other ways to secure your website:
- Install an SSL certificate to secure the transmission of data between the server and users' browsers. An SSL certificate allows you to encrypt data transmitted over the internet and ensure the security of web traffic.
- Keep your CMS and installed extensions up to date with the latest versions. New versions may contain security vulnerability fixes that can help protect your site from potential attacks.
- Restrict access to the administrative section of the site only to necessary users. Do not give access to the administrative section of the site to all users, especially if they are not involved in site management.
- Use complex and unique passwords for all accounts on the site, including the database and FTP accounts.
- Limit access to website files and folders if necessary. For example, if you are using a CMS, you need to restrict access to the folder containing the configuration files.
- Set up a monitoring system that allows you to track changes on the site and respond quickly to security threats.
- Educate your employees on the basics of security and create a security policy for your website. This can help minimize risks and protect your site from internal security threats.
We recommend scanning your website for vulnerabilities. To do this, go to Settings – Proactive Protection – Security Scanner and run the scan. After scanning, you can see which tests the site failed and perform the recommendations. Recommendations are also available in the Settings – Proactive Protection – Security Panel section.
For additional protection, we recommend installing the "Trojan Search" module from the Marketplace. After installation, you can find the module in the Settings – bitrix.xscan – Trojan Search section. Scan the site and fix any vulnerabilities.
If you have detected suspicious changes on your site, try to find the files that have been recently modified. If you have access to the console, you can use a command to check each file manually. Check agents for suspicious entries. You can do this in the Settings – Product Settings – Agents section.
If your site has already been hacked and you do not have access to the admin panel, try logging in as an administrator without a password. If this does not help, restoring a broken site will be difficult, so I recommend deploying the site from the latest backup and performing all the recommendations above. If you do not have backups, try requesting them from your host. If there are no backups, you will most likely have to manually restore the site, but be sure to secure it first to preserve the results of your work. Don't forget to delete the /bitrix/.settings.php and /bitrix/php_interface/dbconn.php files, the modified main page, and the deleted infoblocks.
If you are unable to update Bitrix, there are several ways to protect against vulnerabilities such as the vote module. The first way is to insert code into specific files, and the second way is to limit at the nginx level. If you encounter problems with protection, updating, or restoring the site, you can seek assistance.