1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Coin-miner is now an attack...

Discussion in 'General Chat' started by deathshadow, Sep 21, 2017.

  1. #1
    A few days ago Gizmodo did a article about the coin-miner JavaScript which lets websites use and abuse your system to mine the sleazy scam artist hoodoo voodoo bullshit known as cryptocurrency:

    https://gizmodo.com/how-to-stop-pirate-bay-and-other-sites-from-hijacking-y-1818549856

    NOW that's escalated as I've come across four separate forums -- three running vBull and one running SMF -- that have been hacked to inject this script into their templates!!!

    DP seems to be clean, don't know if the attack vector being used to inject this script would even work on it, but keep an eye out just in case.

    FOR NOW I still say this is why anyone with a brain browsing the web should be running the Adblock Plus and Ghostery browser extensions. FOR NOW they do not recognize it, though malwarebytes is already listing it. Do yourself a favor, and block the domain in adblock plus as per gizmodo's instructions, though I change the line to:

    ||coin-hive.com/*
    Code (markup):
    To just block their entire freaking domain.
    SEMrush
    People wonder why I consider bitcoin and it's ilk to be sleazy scam artist bullshit. HERE'S WHY. I saw this coming months ago...
     
    deathshadow, Sep 21, 2017 IP
    sarahk and Frost1 like this.
    SEMrush
  2. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,171
    Likes Received:
    1,725
    Best Answers:
    239
    Trophy Points:
    515
    #2
    Small update -- if you have adblock plus installed, you can go to their subscriptions page and add one called "nocoin" that looks like it will be tracking known coinminers moving forward, and nabs five or six existing ones. Also, Malwarebytes has added it to their hotlists.
     
    deathshadow, Sep 21, 2017 IP
  3. badger_

    badger_ Greenhorn

    Messages:
    52
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    20
    #3
    Thanks for the heads up.

    About bullshit blockers, I farly prefer uBlock origin + uMatrix, both available for Firefox and Chrome.
     
    badger_, Sep 23, 2017 IP
  4. Barti1987

    Barti1987 Well-Known Member

    Messages:
    2,703
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    185
    #4
    Let them mine bro. My CPU is your CPU. If I am not using the CPU I don't see an issue with letting someone else use it.

    Sharing is caring.
     
    Barti1987, Sep 24, 2017 IP
  5. badger_

    badger_ Greenhorn

    Messages:
    52
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    20
    #5
    Let them abuse? no, thanks. Here there is an updated coin-miners list for Adblock: https://github.com/hoshsadiq/adblock-nocoin-list

    This site is very useful to get the suckers out of your network using your own DNS server: http://pgl.yoyo.org/adservers/
     
    badger_, Sep 24, 2017 IP
  6. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,171
    Likes Received:
    1,725
    Best Answers:
    239
    Trophy Points:
    515
    #6
    Which is the one you can now subscribe to off adblock plus's subscription page:
    https://adblockplus.org/subscriptions

    Which means it will auto-update for you.

    Unless of course they consume so much of it the browser gets hard to use and it chokes out other processes in the background. If it starts sucking on CPU to the point it will drain your mobile or laptop's battery dry in minutes. Unless it's consuming so much electricity it makes your power bill go up...

    ... and remember, power bill cost to efficiency of mining is the #1 concern amongst people who mine; part of what makes turning this into an attack so insideous, is it lets someone use your power bill as cash, and they don't even have to care how inefficient it is since it's not THEIR power bill.

    All things considered, it's a pretty scummy thing to do.
     
    deathshadow, Sep 25, 2017 IP