Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is anonymous user trying to access /admin/host/synctriggers?

Since a few days ago, I have started receiving error messages from all my Azure websites:

"The controller for path '/admin/host/synctriggers' was not found or does not implement IController."

This is coming my an anonymous user (or bot). The full error message is below.

What is this about and should I be concerned that there is some malicious activity involved?

Source : Error in: https://myproject.azurewebsites.net/admin/host/synctriggers?api-version=2018-11-01,
MemberName : Application_Error(Param : referrerUrl=),
SourceFilePath : C:\ProjectPath\Global.asax.cs,

Username : Anonymous
Date/Time : 20/7/2019 02:11:05

Stack Trace:
Message : The controller for path '/admin/host/synctriggers' was not found or does not implement IController.
Source : System.Web.Mvc
StackTrace : at System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType)
at System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName)
at MvcSiteMapProvider.DI.ControllerFactoryDecorator.CreateController(RequestContext requestContext, String controllerName)
at System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController& controller, IControllerFactory& factory)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.<>c__DisplayClass285_0.b__0()
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.StepInvoker.<>c__DisplayClass4_0.b__0()
at Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule.OnExecuteRequestStep(HttpContextBase context, Action step)
at System.Web.HttpApplication.<>c__DisplayClass284_0.b__0(Action nextStepAction)
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
like image 949
Windhoek Avatar asked Jul 20 '19 06:07

Windhoek


2 Answers

We've been seeing this as well in the last week. The User Agent comes through as "PolicyScan" and the source IP address is in the same Azure datacentre as the site being hit.

Not sure why this is happening, possible it's a error on the azure monitoring end, however the URL is certainly one of the URLs that is called relating to Azure functions. https://docs.microsoft.com/bs-latn-ba/azure/azure-functions/functions-deployment-technologies

like image 86
Stevie W Avatar answered Sep 28 '22 08:09

Stevie W


Apparently this is a known issue with User-Agent: PolicyScan introduced recently.

We started receiving similar errors on 18 July 2019, round about the same time others started reporting these errors. However we're getting two errors - as well as a request to admin/host/synctriggers we're also getting a request to admin/functions.

The complete URLs are:

https://myapp.azurewebsites.net/admin/functions?api-version=2018-11-01 https://myapp.azurewebsites.net/admin/host/synctriggers?api-version=2018-11-01

like image 23
Heisenberg Avatar answered Sep 28 '22 06:09

Heisenberg