C
C
Chainik1232018-02-25 14:58:03
Information Security
Chainik123, 2018-02-25 14:58:03

The problem with the security of the site on Bitrix, what is the source of external authorization saleanonymous?

Hello! Help the newbie, and don't swear too much if the questions seem naive....
In the Bitrix admin panel, the "small business" editors, in the Event log section, found that they periodically try to delete all clients registered on the site. Some of the clients have been deleted, some of the clients cannot be deleted due to Bitrix restrictions (you cannot delete a user with a current order).
Then I began to study the error logs on the hosting, and saw access errors with the tag "attack-injection" tags.
Since I did not perform mass procedures for deleting clients, I suspect that a certain script is running on the site that is trying to delete all users of the site.
Moreover, the deletion of users occurs every time from different ip, in several cases I noticed the coincidence of ip with the ip of the registered user, a couple of times the deletion occurred from my ip. I also noticed that a new user is constantly registering with mail like anonymous_****@example.com (**** - an arbitrary set of characters) and in his column "source of external authorization" in the list of clients there is an inscription - saleanonymous. I delete it, it reappears, and the notification of the registration of a new user with such suspicious registrations does not come to me.
Help fix the problem and answer the following questions:
1. What is the source of external user authorization on Bitrix and how to disable it?
2. how to stop deleting clients?
3. How to prohibit registration of new clients by mask, for example, with mail like *anonymous* or an external source of authorization?
4. And what is going on in general? Website broken?
PS: I wrote to the hoster - he says that he did not find anything suspicious. Bitrix support is silent.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Y
Yuriy, 2018-10-09
@yous

https://dev.1c-bitrix.ru/learning/course/?COURSE_I...
1. During the first billing, a fictitious user named anonymous_[character set] is created in CRM. Removing it will result in inability to bill.
2. Users can be licensed and active. Licensed is the number of users available under the license + the number of additional purchased users. Active users are users authorized on the portal at the moment.
The administrator can work in the administrative part with all users, but the public part can include no more than licensed active users.
3. When Open lines work, an extranet type user is created on the portal for each external client. If you find such users in the user list, don't worry, you haven't been hacked. These are system users.
4. Starting from version 15.5.0, when deleting a user, checking for his participation in task templates is enabled.

D
Dimonchik, 2018-02-25
@dimonchik2013

the hoster will not work for free
saleanonymous apparently sale without registration - here you should know better, check with others, model

match ip with ip
if you look in Bitrix, and not in the logs - very presumptuous
3. only post-processing
4. either the database is scanned or tested under mailspam or generally normal behavior

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question