A mock API attracted hackers immediately, with attacks coming from all over the world
And the results were startling: the average time for a newly deployed API to be discovered was just 29 seconds, with the longest still only 34 seconds.
The most frequently targeted port was port 80, which accounted for 19% of the results; next was 26657, followed by the 443, 8080, and 8443.
26657
Quick search says it’s “Tendermint RPC”:
Tendermint is software for securely and consistently replicating an application on many machines.
https://docs.tendermint.com/v0.34/introduction/what-is-tendermint.html
Why is it that common? Or is it something else? It’s something based on blockchain, is it cryptobros again?
The other 4 are common http and https ports, but I never met this one. It’s not even on the wiki list: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
My guess is it’s a newer thing for the cloud, where it is common to shift load and replicate servers and software.