Jump to content

Cre8asiteforums

Discussing Web Design & Marketing Since 1998

  • Announcements

    • cre8pc

      Thank you! Cre8asiteforums 1998 - 2018   01/18/2018

      Internet Marketing Ninjas released many of the online forums they had acquired, such as WebmasterWorld, SEOChat, several DevShed properties and these forums back to their founders. You will notice a new user interface for Cre8asiteforums, the software was upgraded, and it was moved to a new server. Thank you for your support as we turn 20 years old.  
cre8pc

Guard Your Crypto

Recommended Posts

Various reports on the Web on this...

Now Hackers Are Mining Crypto On Government Websites

Hackers hijacked software intended to help people with disabilities to mine cryptocurrency, affecting more than 4,000 websites around the world.

 

Share this post


Link to post
Share on other sites

This stuff is also happening on regular websites either compromised by a third party or knowingly by the owner. Norton caught one on this machine but my other machine with EMSIsoft does not. I'm not sure if they all consider this malware or is it malware if it is not disclosed to a visitor.

Norton sees it as a high risk intrusion attempt and sent it to the bit bucket.

While researching how secure the Firefox password manager was using a good master password, I fell upon this guy:

www. top-password .com / firefox-password-recovery. html :green-envy:

19 Dec, 2017 13 Min Read
Browser-Based Cryptocurrency Mining Makes Unexpected Return from the Dead
https://www.symantec.com/blogs/threat-intelligence/browser-mining-cryptocurrency

Edited by bobbb

Share this post


Link to post
Share on other sites

There are two sides to this:
Note: current estimate is that over 3-million sites are mining via visitors' computers/phones.
Note: this is especially a problem with phones overheating at continued 100% CPU usage.
1. if the site being visited is upfront and says that it is mining using visitors computers it then becomes a choice similar to ad blocking: it's just another revenue stream that may be irritating but is also similar to making a donation. Best practice would be for the site to also offer opt-in, opt-out choice along with notification although I'm not aware of any doing such.

2. if the site is simply mining without notification I consider it having crossed the line and would seriously consider leaving and never going back as well as giving negative reviews.

As of now I believe Opera is the only browser (version 50) with built in anti-cryptocurrency mining (in it's ad blocker).

For many of the rest of us the NoCoin [github] browser extension (for Chrome, for FireFox, for Opera) is an open source consideration.
Not available for Edge, IE, Safari.

As is redirecting known (requires manual updating) miners to null via hosts file:
* Windows: C:\Windows\System32\drivers\etc -> hosts  
* Linux: sudo nano /private/etc/hosts
* Mac: sudo nano /etc/hosts -> ENTER -> TYPE admin pwd -> ENTER
* Android:
---step 1: /system/etc -> LONG-PRESS hosts -> TAP Menu -> SELECT Properties -> IN Permissions TAP change -> TAP check box for Group under the Write column -> TAP ok -> TAP Cancel -> REBOOT.
---step 2: /system/etc LONG-PRESS hosts -> TAP More -> TAP Open -> Tap Text
Note: there are apps available to do this...caveat emptor.

and add to eof: [ 0.0.0.0 coin-hive.com ]
Note: plus any other miners you encounter...

And of course there is NoScript :) as so far all miners I've seen work via JavaScript, the kiddies' choice.

 

Share this post


Link to post
Share on other sites

The problem with 2 is you have to know it is happening. Done right, you should never notice unless the abuser pigs out the CPU at 100%... and they just can't help doing 100% because they are greedy money grabbing abusers. :)

I still believe this is a job for your anti-virus company. Norton caught it as I imagine EMSIsoft catches it now too. (not tested)

In the example I gave above the culprit code was at https:// greenindex. dynamic-dns. net/ jqueryeasyui.js and the calling code looked normal except for a var named deepMiner. They could have used deepJazz... and they were actually using throttling. I imagine jqueryeasyui.js should trigger a signature with the AV company.

My other computer with EMSIsoft hit ~30% and dropped after I killed the tab. I always have a CPU graph at the bottom on my screen. Neat tool. https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

A precision for the Windows redirect. You must start the Notepad type editor as administrator (à la Linux sudo) even if your userid is in the Windows admin group.  right click "Run as administrator"


I just can't help it. Opera?? Isn't that something you go to at Place des Arts in Montreal

Ha Ha! Not even Google's Virustotal website catches the URL I mentioned above. It's safe browsing

Edited by bobbb

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×