UBlock Chibviro ikozvino ine rutsigiro rwe network network scan scaning

Munguva pfupi yapfuura, ruzivo rwakaburitswa nezve mamwe mawebhusaiti anoita enzvimbo inomiririra port port inopesana nevashanyi, izvi "zvinofungidzirwa" sechikamu cheminwe yeminwe uye kuteedzera kwevashandisi kana kuona bhoti.

Mukati meaya mawebhusaiti, chete kutaura chimwe chezvinyanya kufarirwa izvo zvinoita zvemuno chiteshi kuongorora ndiyo eBay.com saiti.

Uyezve, zvakazoitika tsika iyi haina kuganhurirwa eBay uye mamwe akawanda masosi (Citibank, TD Bank, Sky, GumTree, WePay, nezvimwewo) shandisa chiteshi kuongororas kubva kune yemushandisi sisitimu yemuno kana uchivhura mapeji ayo, uchishandisa kodhi kuona kuyedza kuwana makomputa akabiwa, anopiwa neThreatMetrix.

Muchiitiko cheBay, 14 network port dzakasimbiswa inosangana nemaseva ekuwana kure kure seVNC, TeamViewer, Chero nzvimbo Kudzora, Aeroadmin, Ammy Admin, uye RDP.

Zvingangodaro, iko kuongorora kuchaitwa kuti uone kana paine zviratidzo zvemarware zvinokanganiswa nehurongwa kudzivirira zvekunyepedzera kutenga uchishandisa botnets. Kuongorora kunogona zvakare kushandiswa kuwana dhata yeasina kujeka mushandisi kuzivikanwa.

Izvi zvisati zvaitika uBlock Origin mugadziri akafunga kutora matanho mune iyi nyayakuenda uye muEasyPrivacy yakawedzera mitemo yekuvhara zvinyorwa zvakajairika zvinoongorora network mapoti pane system yemushandisi yemuno.

Zvekuvheneka, hunyanzvi hunoshandiswa zvichibva pakuedza kumisikidza kubatana kune akasiyana manetwork emachiteshi eiyo inomiririra 127.0.0.1 (localhost) kuburikidza neWebSocket.

Kuongorora kwePort inzira yekukonana inowanzo shandiswa nevanobaya pendi kana vabiridzi kuongorora michina neinternet yekubatanidza uye kuona kuti ndeapi mashandiro kana masevhisi ari kuteerera kunetiweki, kazhinji kuitira kuti kurwiswa chaiko kuitwe. Zvakajairika kune software yekuchengetedza kuti ione inoshanda port port scans uye ucherechedze sezvinobvira kushungurudzwa.

Kunyangwe iwe uine yakavhurika network chiteshi haina kunangana yakatarwa nemisiyano mukukanganisa kugadzirisa kana uchibatanidza kune anoshanda uye asina kushandiswa network mapoti.

WebSocket inobvumira kutumira chete HTTP zvikumbiro, asi chikumbiro chakafanana cheiyo idle network chiteshi chinokundikana nekukasira uye kweiyo inoshanda port chete mushure mechinguva zvinotora kuyedza kutaurirana kubatana. Zvakare, mune kesi yeasingaite chiteshi, WebSocket inogadzira kodhi kubatanidza kukanganisa (ERR_CONNECTION_REFUSED), uye kana iri chiteshi chinoshanda, yekubatanidza kutaurirana kodhi yekodhi.

Paunenge uchigadzirisa webhu soketi, taura yekuenda inomiririra uye chiteshi, iyo isingafanire kunge iri imwechete dura iyo script inopihwa kubva. 

Kuti uite port scan, iyo script chete inofanirwa kudoma yakavanzika IP kero (senge localhost) uye chiteshi chaunoda kuverenga.

Chiteshi chengarava chinogona kupa ruzivo kune webhusaiti nezve izvo software urikumhanya. Mazhinji madoko ane akanyatsotsanangurwa seti yemasevhisi anoashandisa iwo, saka runyorwa rweakavhurika madoko rinopa maonero akanaka ekushandisa mashandisiro. 

Semuenzaniso, Steam (chitoro chemitambo uye chikuva) inozivikanwa kumhanya pachiteshi 27036, saka scanner ichiona chiteshi ichi chakavhurika inogona kuva nechivimbo chekuti mushandisi aive neakavhurika sisitimu paakashanyira webhusaiti.

Pamusoro pechiratidzo chengarava, WebSocket inogona zvakare kushandiswa kurwisa mawebhu ekuvandudza masisitimu iyo inomhanya eWebSocket madhiraivha e React kunyorera pane yemuno system.

Saiti yekunze inogona kukwirisa kuburikidza nenetiweki chiteshi, kuona kuvapo kwemutongi akadaro, uye kubatanidza kwariri.

Pakati pekufungidzira kwemakanganiso mameseji uye kurwisa kwenguva, saiti inogona kuwana zano rakanaka rekuti chimwe chiteshi chakavhurika.

Kana iye anovandudza akanganisa, iyo anorwisa anozogona kuwana izvo zvemukati wedhodhi dhata, izvo zvinogona kusanganisira zvakapatsanurwa zvakavanzika ruzivo.

Kana iwe uchida kuziva zvakawanda nezvazvo, iwe unogona kureva kune inotevera positi.

mabviro: https://nullsweep.com/