Why is there a .htaccess file in each bitrix section?

A

Alexey2021-02-03 16:52:28

1C-Bitrix

Alexey, 2021-02-03 16:52:28

The client complained that sections of the site were not opening, including the admin panel with a 403 Forbidden error. After searching a little, I found that in each of the sections (for example /bitrix/, /about/, /contacts/, etc.) there is a .htaccess file with the code:

<FilesMatch ".(phtml|php|PhP|php5|suspected)$">
Order Allow,Deny
Deny from all
</FilesMatch>

Actually, if the file is deleted, then the section opens (which, in general, is logical). The question is where did these htaccess come from? All htaccess have the same modified date.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

G

ge, 2021-02-06
@gedev

And you also have an .htaccess file in the root of the site with a slightly longer almost similar content and an insert at the beginning of index.php with encrypted code and something referring to Wordpress.
If yes, then you are broken. Painfully familiar malware. Restore from backups and close all the holes you can. Most likely somewhere nearby lies a couple of other shells. For example, I often saw fot.php .
I won’t tell you how to treat, but I strongly recommend that you take care of security.

A

Alexey Emelyanov, 2021-02-03
@babarun

This is definitely not the work of Bitrix. Run a kernel change test, just in case.

S

Sergey Venediktov, 2021-03-02
@sven

Did you manage to find the reason? And on what hosting is the site hosted - virtual or VDS?