Have you recently visited eBay? The site is a popular destination for buying new and used items. You will probably be surprised to learn that eBay scans your computer ports when you visit the site with a browser.
You can verify it very easily. Use a browser such as Google Chrome, Firefox, Brave, Microsoft Edge, or Vivaldi. Open a new page and press the F12 key to open the Browser Developer Tools.
Open an eBay page on the Network tab in Developer Tools.
Wait for the page to load and look for 127.0.0.1 in the list of links. These are the scans that eBay runs when you log in to the site.
You can click on the link to see additional information. This way you will see the port that is scanning eBay right now. The scan is performed by check.js, a JavaScript that runs on eBay when users log in to the site. Uses WebSockets to run searches on your local system using a specified port, and scans are performed regardless of login status.
Bleeping Computer has created a handy table listing the ports:
| Program | Ebay Name | Port (The Harbour District) |
|---|---|---|
| Unknown | REF | 63333 |
| VNC | VNC | 5900 |
| VNC | VNC | 5901 |
| VNC | VNC | 5902 |
| VNC | VNC | 5903 |
| Remote Desktop Protocol | RDP | 3389 |
| Aeroadmin | ARO | 5950 |
| Ammyy Admin | AMY | 5931 |
| TeamViewer | TV0 | 5939 |
| TeamViewer | TV1 | 6039 |
| TeamViewer | TV2 | 5944 |
| TeamViewer | TV2 | 6040 |
| Anyplace control | Services | 5279 |
| AnyDesk | ANY | 7070 |
Most of these ports are used by remote connection applications, such as VNC, Teamviewer, or Windows Remote Desktop.
The Nullsweep website, which mentioned first this issue, found that the scan does not run on Linux systems.
It is unknown at this time why eBay is scanning its visitors' computers. Of course the reactions on Twitter and other social media sites are very negative. Users as a whole criticize eBay for scanning ports and for scanning ports as well as users who are not logged in to the site.
What can you do;
Block check.js script with a content blocker.
In some browsers, such as Firefox, turn off Web Sockets. EBay is loading script check.js from the following address (currently): https://src.ebay-us.com/fp/check.js
So a regex like || src.ebay-us.com ^ * / check.js should work fine.
The address may change and may differ if you log in from different company addresses such as eBay.de.
The other option is to turn off WebSockets completely, but incompatibilities and upload problems may occur on other sites.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Thoron: post-exploitation framework for Linux
»
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators