Have you recently visited eBay? The site is a popular destination for buying new and used items. You will probably be surprised to learn that eBay scans your computer ports when you visit the site with a browser.
You can verify it very easily. Use a browser like Google Chrome, το Firefox, το Brave, το Microsoft Edge ή το Vivaldi. Ανοίξτε μια νέα σελίδα και πατήστε το κουμπί F12 για να ανοίξετε τα Εργαλεία προγραμματιστών του προγράμματος περιήγησης.
Open an eBay page on the Network tab in Developer Tools.
Wait for the page to load and look for 127.0.0.1 in the list of links. These are the scans that eBay runs when you log in to the site.
You can click the link to see additional ones information. This way you will see the port that eBay is currently scanning. The scan is performed by check.js, a JavaScript that runs on eBay when users log in to the site. It uses WebSockets to run searches on your local system using a specified port, and scans are performed regardless of connection status.
Bleeping Computer has created a handy table listing the ports:
| Program | Ebay Name | Port (The Harbour District) |
|---|---|---|
| Unknown | REF | 63333 |
| VNC | VNC | 5900 |
| VNC | VNC | 5901 |
| VNC | VNC | 5902 |
| VNC | VNC | 5903 |
| Remote Desktop Protocol | RDP | 3389 |
| Aeroadmin | ARO | 5950 |
| Ammyy Admin | AMY | 5931 |
| TeamViewer | TV0 | 5939 |
| TeamViewer | TV1 | 6039 |
| TeamViewer | TV2 | 5944 |
| TeamViewer | TV2 | 6040 |
| Anyplace control | Services | 5279 |
| AnyDesk | ANY | 7070 |
Most of these ports are used by remote connection applications, such as VNC, Teamviewer, or Windows Remote Desktop.
The Nullsweep website, which mentioned first this issue, found that the scan does not run on Linux systems.
It is not currently known why eBay scans its visitors' computers. Of course the reactions on Twitter and other social media sites are overwhelmingly negative. Users generally criticize eBay for scanning ports and for scanning ports as well as users who are not logged into the site.
What can you do;
Block check.js script with some content blocking program.
In some browsers, such as Firefox, turn off Web Sockets. EBay is loading script check.js from the following address (currently): https://src.ebay-us.com/fp/check.js
So a regex like || src.ebay-us.com ^ * / check.js should work fine.
The address may change and may differ if you log in from different company addresses such as eBay.de.
The other option is to turn off WebSockets completely, but incompatibilities and upload problems may occur on other sites.
