Join Log in
Score:0
John Doe avatar Server

Will a web server get blacklisted for port scanning?

in flag
John Doe

As I understand it, port scanning is an activity that can be a precursor to malicious activity, as one of the things it is used for is to scan for open ports that one can attack.

In that train of thought, why do sites like the following exist? Won't they get blacklisted by some web servers as a result?

I am asking because I am building a port scanner on my own website, and I am wary that if I start generating traffic for it, when people use it, it may create some issues for me because it will get my server's traffic blacklisted from other websites.

Aside from 1) rate-limiting the number of queries, 2) preventing remote REST queries from other servers using CSRF blockers, and 3) blacklisting / whitelisting certain domains / IPs, how else can you host such a tool on your server without having it be abused?

176
1 + 1
ip
us flag
Tero Kilkanen
It might get. On the other hand, it might not. It all depends on the systems the scanned web server has.
1
Reply
Score:1
diya avatar Server
la flag
diya

why do sites offering portscans exist?
...
I am asking because I am building a port scanner on my own website

Why do YOU want to offer that on your website?

There are several scenario's that can happen in response to a portscan:

  • fairly often: nothing at all.

    Either it isn't detected at all, or simply deemed not sufficiently malicious and anomalous to warrant further (automated) action.

  • the target of the port scan has an IDS that does recognise the portscan and it deems the act of a port scan malicious.
    Then it might take a follow up action:

    • the system blocks all future traffic from the IP-address of your webserver.

      That is probably not actually be a problem for you though, maybe only for whomever used your site to scan their system(s).

    • the system sends a complaint to the abuse contact for your IP-address.

      That can be problematic for you, when your ISP follows up on that (by cutting off your connectivity for example) because that ins't allowed by their terms of service.

  • Your ISP detects that your system performs port scans and follows up on that (by cutting off your connectivity for example) because that ins't allowed by their terms of service.

Your website might be categorised as "hacking tools" or a similar BS category by one or more content control providers and thus access to your website will effectively be blocked for the users of such internet filtering.

+ 3
John Doe avatar
in flag
John Doe
Thanks for the quick answer! Frankly, I just want to make an app that will be useful to people so I can stick Adsense ads on it. Port scans can be useful if you are trying to set up a WAMP / XAMPP server, and you can't get say Apache to start. The app can tell you which ports are blocked, so you know what the problem is. It can also be used when say you are setting up a mail server, and you want to check if your SMTP port is open or blocked by a firewall.
0
Reply
diya avatar
la flag
diya
My counter question was intended to be sarcastic. When you yourself can only list abuse but still want to offer the service, why would I attempt to convince you of other use-cases?
0
Reply
John Doe avatar
in flag
John Doe
Yes, I got the sarcasm. I just don't assume the worst of people, so I took it that you didn't mean it condescendingly. I had the idea for the port scanner because I have to troubleshoot local web servers a lot remotely, and I thought it would be a quicker way for me to see if certain localhost ports of the computers I work with are open. If you are against the ads, well there are a lot of big sites out there running on them you can unleash your crusade on too. I'm sure I don't make even 0.01% of what they do.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.