JavaScript API
An Office service that supports add-ins to interact with objects in Office client applications.
994 questions
azure app service modified with malisious .js files
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 60%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Ponugoti Narendra
41
Reputation points
One of our website hosted in azure app service got infected. Java script files inside app service were modified. This code decodes to a malicious domain. We haven't notified any alerts from Security center about this modification. Could you please suggest why there is no alert from Security center if there is .Js file modification
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
ajkuma 26,466 Reputation points Microsoft Employee2021-03-19T15:13:05.817+00:00 Apologies for any inconvenience with this concern. I'm following-up with you offline to fetch some PII details to gain better insights into the problem
<While I follow-up with you further, I'll leave this open for the community share their insights> -
ajkuma 26,466 Reputation points Microsoft Employee
2021-03-19T20:07:46.87+00:00 @Ponugoti Narendra , Just following-up to add more information:
Based on your description, without reviewing in detail about your site. In most cases (to my knowledge) it’s due to the sites allowing file uploads. If you’re using upload forms/ (site allows files uploads). If there is any inconsistency with this flow, that may have allowed someone to upload arbitrary site content including malicious JS files.
Kindly take a look at this document on ‘Security considerations with file uploads’.
(This is a .net doc, the security concerns outlined and some of the recommendations shared can apply broadly)More generally, for these requirements, we would recommend running the site behind a WAF device. For example, both Azure Front Door and Application Gateway come with built-in WAF capabilities.
-
ajkuma 26,466 Reputation points Microsoft Employee
2021-03-19T20:14:08.487+00:00 Additional information:
Typically, the Azure Security Center (ASC) can scan HTTP access logs from the site but may not have configured/covered all the necessary variations on how a file might change (site allows file uploads).
- This article lists the security alerts that you receive from Azure Security Center for Azure App Service.
- The document section outlined how to further protect your App Service app from threats, by employing
App service security best practices. - AppServiceAntivirusScanAuditLogs”, monitor the site content (Preview)
- A guide to securing your web app
Sign in to comment
Sign in to answer