You recently visited eBay; The site is a popular destination for buying new and used items. You will probably be surprised to learn that eBay scans your computer's ports when you visit the site with a browser.
You can verify it very easily. Use a browser such as Google Chrome, Firefox, Brave, Microsoft Edge or Vivaldi. Open a new page and press the F12 key to open the Browser Developer Tools.
Open a page on the Network tab in Developer Tools eBay.
Wait for the page to load and look for 127.0.0.1 in the list of links. These are the scans that run it eBay when you link to the site.
You can click on the link to see additional information. This way you will see the port scanning it eBay currently. The scan is performed by check.js, a JavaScript running on eBay when users log in to the site. Uses WebSockets to run searches on your local system using a specified port, and scans are performed regardless of login status.
Bleeping Computer has created a handy table listing the ports:
| Program | Ebay Name | Port (The Harbour District) |
|---|---|---|
| Unknown | REF | 63333 |
| VNC | VNC | 5900 |
| VNC | VNC | 5901 |
| VNC | VNC | 5902 |
| VNC | VNC | 5903 |
| Remote Desktop Protocol | RDP | 3389 |
| Aeroadmin | ARO | 5950 |
| Ammyy Admin | AMY | 5931 |
| TeamViewer | TV0 | 5939 |
| TeamViewer | TV1 | 6039 |
| TeamViewer | TV2 | 5944 |
| TeamViewer | TV2 | 6040 |
| Anyplace control | APC | 5279 |
| AnyDesk | ANY | 7070 |
Most of these ports are used by remote connection applications, such as VNC, Teamviewer, or Windows Remote Desktop.
The Nullsweep website, which mentioned first this issue, found that the scan does not run on Linux systems.
It is unknown at this time what he will do after leaving the post eBay scans the computers of its visitors. Of course the reactions on Twitter and other social media sites are very negative. Users criticize the whole eBay to scan ports and to scan ports but also users who are not logged in to the site.
What can you do;
Block check.js script with a content blocker.
In some browsers, such as Firefox, turn off Web Sockets. The eBay loads script check.js from the following address (currently): https: // src.ebay-us.com/fp/check.js
So a regex like || src.ebay-us.com ^ * / check.js should work fine.
The address may change and may differ if you log in from different company addresses such as eBay.com.
The other option is to turn off WebSockets completely, but incompatibilities and upload problems may occur on other sites.
Thoron: post-exploitation framework for Linux
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators