eBay is port scanning your system

Topic

New Reply

eBay is port scanning your system when you load the webpage

Have you been to eBay lately? The auction site is a popular destination to buy new and used items. It may surprise you that eBay is running a local port scan when you access the site in a browser…

Reply | Quote

Replies

I was alarmed by your topic title, “eBay is port scanning your system”, which is not what @martinbrinkmann wrote in his article. It’s not port scanning my system, because I don’t load their webpage. Also, as I have JS enabled site by site, it would be highly unlikely even if I had loaded their webpage.

If I had loaded their webpage, it could be… but that’s a qualifier that was much missed in the arguably alarmist title.

From your linked article by Martin:

What you may do about it
If you don’t want your systems to be port scanned by eBay whenever you connect to the site, you may be able to do something about it.

Block the check.js script in a content blocker.
In some browsers, e.g. Firefox, disable Web Sockets.
The eBay site loads the check.js script from the following URL currently: https://src.ebay-us.com/fp/check.js

Something like ||src.ebay-us.com^*/check.js should work.

The URL may change and it is different when you connect to localized eBay sites, e.g. eBay.de.

The other option, to disable WebSockets entirely, may lead to incompatibilities and loading issues on sites. Still, it is possible in Firefox by setting the parameter network.websocket.max-connections to 0.

3 users thanked author for this post.

Elly, Alex5723, satrow

Reply | Quote

Kirsty wrote:

What you may do about it

Both remedies are worse then the disease.
“In the first quarter of 2020, eBay reached 174 million active buyers worldwide”

How many use Firefox and how many use NoScript…?

I think Ebay’s port scanning is alarming as we don’t know what lies behind the scan.

Reply | Quote

Yes, Ebay is doing this since vulnerabilities exist in either older or current versions of the software for which ports they are scanning for. It is easy to remotely hack older or perhaps current versions of programs which have the associated open ports which Ebay is scanning for.

Ebay’s port scanning is no different from bona fide security researchers who scan the Internet for computers which have open ports and which have older and non-secure software installed. I see this legitimate activity all the time in my AV and router logs.

The upshot is that I am glad that Ebay is scanning my computer’s ports, and perhaps running test scripts, in order to determine if I have older and vulnerable versions of programs such as RealVNC or TeamViewer installed on my computer, or whether or not my computer’s Win7 OS is updated in order to prevent the Remote Desktop vulnerability. Why? Because Ebay is inextricably linked to Paypal, which is the bread and butter at the heart of Ebay and which in every way operates as a bank yet is not a bank.

If Paypal ever suffered a data breach, then that would be devastatingly bad for Ebay. I figure that this is why Ebay is proactively performing port scans, in order to protect consumers —  and themselves.

Reply | Quote

Do you have evidence for your theory?

cheers, Paul

Reply | Quote

[johnf]

This won’t affect you if you’ve taken the proper steps…block all non essential ports at the router, as well as your local firewall. You can google instructions for configuring your router and your PC firewall on the web, and check for open ports here .

• This reply was modified 5 years ago by johnf.

Reply | Quote