Introducing Paraxial.io Network Scanning

Michael Lubas, 2024-12-18

Paraxial.io can now continuously monitor your servers’ open ports and SSH settings. If you are hosting an application in a virtual private server (VPS), for example an AWS EC2 instance, this is a useful security check to ensure your server is not exposing sensitive internal software to the public internet.

The recent article Security Best Practices for Deploying Rails 8 on Linux with Kamal discussed how exposing Docker on port 2375 to the public internet will lead to your server getting hacked. Other common services you generally do not want to leave open:

  1. MySQL
  2. PostgreSQL
  3. Redis
  4. Memcached
  5. Elasticsearch

For example, here is a server with MySQL port 3306 exposed:

This comes from a server deployed with Kamal. The secure way to configure the app’s deploy.yml file is:

accessories:
  db:
    image: mysql:8.0
    host: app.blackcatprojects.xyz
    port: "127.0.0.1:3306:3306"

This application is deployed in the unsafe way, with:

accessories:
  db:
    image: mysql:8.0
    host: app.blackcatprojects.xyz
    # Change to 3306 to expose port to the world instead of just local network.
    port: "3306"

Leading to the scan with 3306 open. Exposing MySQL to the public internet is discouraged from a security perspective. If you failed to set a strong password, an attacker may be able to login to your database and exfiltrate everything. Even if the attacker cannot guess the password, there may be a vulnerability present in the listening MySQL service that an attacker could exploit to gain access. Both of these risks are mitigated if you simply do not expose the port to the public internet, which is the recommended best practice.

You can configure Paraxial.io to automatically scan your domain ever day or week, and receive the details of the scan as a Slack alert:

To get started, see the relevant documentation. Network scanning is live now for all Paraxial.io customers. It is not available on the free tier, a paid account is required.

Paraxial.io stops data breaches by helping developers ship secure applications. Get a demo or start for free.

Subscribe to stay up to date on new posts.