Is running a Globalping software probe secure?

At Globalping, we’re always happy to welcome new users who want to join our community by hosting one or more probes. The more probes there are in the Globalping network, the better and more reliable the platform becomes.

If you're considering running a probe but have questions or concerns about its security, this blog post is for you. We'll outline the probe software's main security features and provide insights into a security analysis conducted as part of a bachelor's thesis published at FIT CTU in Prague. In the end, we hope to put your concerns to rest and encourage you to host one or more probes.

Why do we need our community to host probes?

The Globalping network relies on its community to host thousands of probes distributed across the globe. Most of these are software probes written in TypeScript that you can run on almost any internet-connected hardware using tools like Docker.

Some partners and community members also host hardware probes that run the same software but are easier to install – just plug and play.

Essentially, all an active probe does is establish a connection to the Globalping API and wait for it to send a measurement request, like a ping or mtr test. It then executes the test and sends the result back to the API, which forwards it to the user.

For example, if you have a probe in Athens and a user wants to ping their website from Greece, the Globalping API may choose your probe to perform that test.

Ultimately, the platform thrives on the contribution of the community! With your support, we can continually improve the platform and provide all users with reliable measurement results at no cost.

Keeping probes and our community secure

Let's look at some measures we've implemented that directly and indirectly impact the probe software's security:

We allow only one probe to run per public IP address to prevent abuse and ensure that probes are distributed globally.
Our probes don't open or listen on any TCP or UDP ports on your machine; they can only connect to our API.
All communication between your probe and the Globalping API runs over HTTPS, making sure all data exchanges are private and protected from being intercepted or tampered with.
We limit the number of tests a user can run within a given timeframe to help protect our network and prevent abuse. You can learn more about the specific rate limits on our website.
We use regularly updated lists and databases of domains and IP addresses known for malicious activity, such as malware or phishing, and block them at the API level.
Probes can't perform measurements against private IP addresses.
The probe software's source code is open source and available on GitHub. This means that anyone can review the code, report issues, and track updates and security improvements we make.

With these security measures, we ensure that our community can safely host probes to support the platform while enabling all users to use it safely and reliably.

Insights from a security analysis

To give you even more confidence in the security of our probes, we want to share some insights from a security analysis. Viktor Tyúkos took a close look at our Globalping probe software for his bachelor's thesis.

Viktor's goal was to thoroughly analyze the Globalping probe's security. Among other things, he examined how the platform works, reviewed the probe's code (version 0.29.0, released on March 18, 2024), and used proven techniques to identify and rate potential security issues.

The good news is that most of his findings were minor, and we have since fixed them (some of them while Viktor was working on his thesis).

Still, let's take a look at some of the issues he found and where we stand now:

Viktor found that some user input was not sufficiently validated in the probe software. However, he also pointed out that although this was not ideal, it was not a security issue because all input was validated by our API.
He highlighted that the measurement data transmitted between the probe and the API was not encrypted. While we’ve always considered all measurements “public”, we've since upgraded all connections to the secure WebSocket protocol, which encrypts the data and ensures it can’t be tampered with in transit.
He also found that some of the probes' external dependencies were not up to date, although the versions in use did not contain any security risks. Keeping our dependencies up to date is an ongoing process, and we track and update these as part of our regular maintenance.

Thanks to this security review, we've received valuable feedback, which helped us further improve our probes, supporting the thesis's conclusion that hosting them is secure. As Viktor wrote in his thesis, “during the analysis of the Globalping probe, I did not manage to uncover any severe vulnerabilities in the application,” and “hosting the tested version of the probe should be secure; there are minor issues for the development team to stay on top of, but these do not pose a threat to the end users."

Conclusion

We hope that with this insight into the security measures for Globalping probes, we've been able to show you how important the security and trustworthiness of our network and its probes are to us.

Hosting a probe is not binding, and you can stop whenever you want. So, why not give it a try? You can find setup instructions on GitHub or head straight to the Globalping Dashboard to run and adopt your probe, earn credits, and get higher API limits!