Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Slashdot clandestinely scanning its users

arth1 (260657) writes | more than 6 years ago

Security 2

I just discovered something I'm not sure I like.

I just discovered something I'm not sure I like.

Whenever I post something to slashdot, slashdot connects back to port 80 on the machine I post from, looking for an open proxy on port 80.
This isn't behavior I really like to see. It's unsolicited, and more to the point, it takes advantage of a local firewall possibly being temporarily open for traffic FROM an address for a short while after connecting TO it.
There might be a "good cause", like collecting a list of open proxies for the poor guy behind the Great Firewall of China or something similar, but it's still unsolicted, clandestine and not documented.

Here are a couple of web log entries showing this: - - [10/Sep/2008:15:47:47 -0400] "GET HTTP/1.0" 404 271 "-" "libwww-perl/5.812" - - [10/Sep/2008:20:32:18 -0400] "GET HTTP/1.0" 404 273 "-" "libwww-perl/5.812"

cancel ×


Sorry! There are no comments related to the filter you selected.

Not new, unfortunately (1)

damn_registrars (1103043) | more than 6 years ago | (#24957191)

I've seen this behavior from slashdot for probably two years or more. I'm not sure exactly how long they've done it because I haven't been running a web server at home the whole time I've been posting on slashdot.

However, it did occur to me that a corporate webmaster could use the logs to determine when the worker bees are posting to slashdot on company time...

Proxy scanning (1)

Qzukk (229616) | more than 6 years ago | (#24957203)

Scanning for proxies has been around for years and years (at least IRC servers typically warn you that this is going to happen in their MOTD), usually for the purpose of kicking off people who appear to be using proxies to get around whatever ban, which is probably why slashdot does it.

As for the firewall, unless your client is badly, badly broken, you're connecting from some randomly selected port like 18231, to slashdot's port 80. Unless your firewall is badly broken, it shouldn't allow slashdot (much less random connections from the internet) to your port 80 just because you connected to slashdot's port 80.

Normally I'd say that it's harmless, but if they're doing the scan on every page load instead of keeping track, then I'd start getting irritated (especially with the ajax stuff)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?