Port 8080 · HTTP (alt)
Port 8080 is a common alternate HTTP port for proxies, dev servers, and management consoles. Exposure is low-risk on its own but often signals an unintended deployment.
What runs on port 8080
Port 8080 is widely used by reverse proxies (Tomcat, Jenkins, GitLab, many enterprise applications), development servers, and administrative consoles. There is no protocol obligation — anything HTTP can be served on 8080.
Why public exposure is dangerous
The risk depends on what is listening. Production reverse proxies behind a CDN are fine. Development servers, unconfigured Jenkins, or admin consoles inadvertently exposed are not — Jenkins remote-code-execution CVEs and GitLab admin-takeover bugs have been historical sources of large breaches reachable specifically on alt-HTTP ports.
How to lock it down
Audit what is actually listening. If it's an internal service, bind to a private interface or `127.0.0.1` and front it with a reverse proxy on 80/443. If it's a development server, kill it before deploying. If it's a production service, ensure TLS, authentication, and version currency match what you'd expect on a public-facing 443.
When public exposure is legitimate
Reverse-proxy upstream traffic, internal admin consoles behind a VPN or VPC, public APIs deliberately served on 8080. The presence of port 8080 is not itself a finding — what's behind it determines the risk.
Other ports DomainCare scans
- :3306 MySQL — MySQL listens on port 3306 by default. Public exposure is a critical data-leak risk.
- :5432 PostgreSQL — PostgreSQL listens on port 5432 by default. Public exposure is a critical data-leak risk equivalent to MySQL.
- :6379 Redis — Redis listens on port 6379 by default. Public exposure historically allows unauthenticated arbitrary code execution.
- :27017 MongoDB — MongoDB listens on port 27017 by default. Historically responsible for the largest single data-leak class — pre-3.0 builds shipped without authentication enabled.