I know because I reviewed this library (https://github.com/VincentGarreau/particles.js) when a colleague wanted to add something similar to our site. The problem is it uses a naive O(n^2) algorithm for linking up particles when they get near each other, which wastes a lot of CPU cycles.
Running this script with a large number of particles and auto-linking on is ill-advised - but fortunately you can delete the <canvas> element quite easily to stop the script.
There is some more info in the README at Github (https://github.com/binaryedge/ratemyip-openframework), but nothing about why torrents induce extreme risk level.
> Web: The lack of at least one security header represents an extreme level of exposure
Don't really get that one either. So any site not using HSTS, CSP, or Key Pinning, for example, is automatically at extreme risk?
Additional non-related questions:
- How do you scan ipv6s? Scanning the entire space is easy for ipv4 (we do that for some router-security-related projects), but ipv6 space is freaking huge.
- Have you considered using something like Shodan (https://www.shodan.io/) API instead of scanning the address space by yourselves?
- We wouldn't use shodan as we developed our own custom scanners and methodologies of scanning to increase data quality which is extremely important for our customers (cyberinsurers, SoCs, cyberrating companies). We also do some specific things with data which you can check on http://blog.binaryedge.io/2016/11/18/bsides-lisbon-2015/
1. It's only scanning for default ports.
2. It told me about having a CVE-Score "3/3", please provide me with the exact CVEs, so I can patch my system accordingly.
3. Running a webserver on Port 80 is not insecure per se, it's just not encrypted.
4. No feature to rescan, provided information is probably old.
While I like the overall design, I think this tool is not for technical people, but for everyone who uses the word "cyber" on a daily unironically basis.
1 - Its scanning 200 ports
2 - Indeed atm we just provide an overall view, we intend to improve this tool further. We had too many people requesting us custom scans when Doublepulsar came out.
3 - True, please submit an issue on the github so a discussion about this can be started. We like having an open formula that people can change/comment on.
4 - Scans are from last 2 months and will keep changing accordingly. It queries our database rather than doing an active scan!
6/6 on HTTP with SSL. Again, six what? Total open HTTP connections? Couldn't I have more than six, and wouldn't that data be important? No clue, it doesn't say.
Trying the site with my VPN connection enabled is amusing.
For example, I get 14 out of 100. Encryption are all 0, yet "Overall" is 3 out of 6. The only other non-zero value is "Number of open ports" (2). 2+3 != 14. Σ0 = 0 != 3.
Obviously, I have no idea what those 12 risk points are. The three encryption points are not explained at all, neither are the remaining nine.
What it needs is a way for me to switch. I'm seeing my IPv6 reputation, but I'm more interested in my IPv4.
Maybe it's broken the other way round? ;)
E-mailing every single company that does this is ridiculous.
Sure, a fine if they don't follow robots.txt might be appropriate but jail? That is absurd.
I already stated a fine is more than sufficient. Or do you think you should be jailed for speeding on the freeway too?
Proportionality in relation to the offense is a thing.