Have you visited eBay recently? The site is a popular destination for buying new and used items. You will probably be surprised to learn that eBay scans your computer ports when you visit the site with one program browsing.
You can verify it very easily. Use a browser such as Google Chrome, Firefox, Brave, Microsoft Edge, or Vivaldi. Open a new page and press the F12 key to open the Browser Developer Tools.
Open an eBay page on the Network tab in Developer Tools.
Wait for the page to load and look for 127.0.0.1 in the list of links. These are the scans that eBay runs when you log in to the site.
You can click on connection για να δείτε επιπρόσθετες πληροφορίες. Με αυτόν τον τρόπο θα δείτε την θύρα που σαρώνει το eBay αυτή τη στιγμή. Η σάρωση εκτελείται από το check.js, ένα JavaScript που εκτελείται στο eBay όταν οι χρήστες συνδέονται στον ιστότοπο. Χρησιμοποιεί WebSockets για να τρέχει τις αναζητήσεις στο τοπικό σας σύστημα χρησιμοποιώντας μια καθορισμένη θύρα και οι σαρώσεις πραγματοποιούνται ανεξάρτητα από την κατάσταση σύνδεσης.
The Bleeping Desktop created a handy table listing the ports:
| Program | Ebay Name | Port (The Harbour District) |
|---|---|---|
| Unknown | REF | 63333 |
| VNC | VNC | 5900 |
| VNC | VNC | 5901 |
| VNC | VNC | 5902 |
| VNC | VNC | 5903 |
| Remote Desktop Protocol | RDP | 3389 |
| Aeroadmin | ARO | 5950 |
| Ammyy Admin | AMY | 5931 |
| TeamViewer | TV0 | 5939 |
| TeamViewer | TV1 | 6039 |
| TeamViewer | TV2 | 5944 |
| TeamViewer | TV2 | 6040 |
| Anyplace control | Services | 5279 |
| AnyDesk | ANY | 7070 |
Most of these ports are used by remote connection applications, such as VNC, Teamviewer, or Windows Remote Desktop.
The Nullsweep website, which mentioned first this issue, found that the scan does not run on Linux systems.
It is unknown at this time why eBay is scanning its visitors' computers. Of course the reactions on Twitter and other social media sites are very negative. Users as a whole criticize eBay for scanning ports and for scanning ports as well as users who are not logged in to the site.
What can you do;
Block check.js script with a content blocker.
In some browsers, such as Firefox, turn off Web Sockets. EBay is loading script check.js from the following address (currently): https://src.ebay-us.com/fp/check.js
So a regex like || src.ebay-us.com ^ * / check.js should work fine.
The address can change and may differ if you log in from different addresses companysuch as eBay.de.
The other option is to turn off WebSockets completely, but incompatibilities and upload problems may occur on other sites.
