question

PonugotiNarendraGLOBALV-1301 avatar image
0 Votes"
PonugotiNarendraGLOBALV-1301 asked ·

azure app service modified with malisious .js files

One of our website hosted in azure app service got infected. Java script files inside app service were modified. This code decodes to a malicious domain. We haven't notified any alerts from Security center about this modification. Could you please suggest why there is no alert from Security center if there is .Js file modification

azure-security-centeroffice-js-devazure-webapps-security
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Apologies for any inconvenience with this concern. I'm following-up with you offline to fetch some PII details to gain better insights into the problem
<While I follow-up with you further, I'll leave this open for the community share their insights>

0 Votes 0 ·

@PonugotiNarendraGLOBALV-1301, Just following-up to add more information:

Based on your description, without reviewing in detail about your site. In most cases (to my knowledge) it’s due to the sites allowing file uploads. If you’re using upload forms/ (site allows files uploads). If there is any inconsistency with this flow, that may have allowed someone to upload arbitrary site content including malicious JS files.

Kindly take a look at this document on ‘Security considerations with file uploads’.
(This is a .net doc, the security concerns outlined and some of the recommendations shared can apply broadly)

More generally, for these requirements, we would recommend running the site behind a WAF device. For example, both Azure Front Door and Application Gateway come with built-in WAF capabilities.

0 Votes 0 ·

Additional information:

Typically, the Azure Security Center (ASC) can scan HTTP access logs from the site but may not have configured/covered all the necessary variations on how a file might change (site allows file uploads).

  1. This article lists the security alerts that you receive from Azure Security Center for Azure App Service.

  2. The document section outlined how to further protect your App Service app from threats, by employing App service security best practices.

  3. AppServiceAntivirusScanAuditLogs”, monitor the site content (Preview)

  4. A guide to securing your web app


0 Votes 0 ·

0 Answers