Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
- felemur
- Level 5
- Posts: 537
- Joined: Sun Sep 20, 2015 2:22 pm
- Location: In the middle of 1000's of acres of corn & soy fields in a house full of cats.
Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
I'm just curious - can this happen with Linux, or is it just a Windows issue?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Got an article to link? Or is this made up?
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
It can be done both secretly (malicious) and openly (honest) via browsers running on any OS. The malicious way tends to happen when a website gets hacked by a 3rd party, or the owner doesn't tell you they are doing it themselves. The honest method is when the owner is up front and it's typically used as an alternative to making voluntary donations.
I read an article about it recently, and in the comments an honest broker linked back to his thank you page where the script would run automatically. He had an explanation on the page explaining why he was using it. Basically it uses the power of your machine to generate the hashes required to create cryptocoins (if that's the right term?). When I landed on the page both of my CPU processors went up to 100% utilisation (LM 18.2 Cinnamon) - fans came on fairly quickly!
If I can find the page I'll come back and add it.
Edit: Original article: https://www.wordfence.com/blog/2017/10/ ... wordpress/
and page mentioned in comments that runs mining script... http://www.joelevi.com/thanks.html
Warning: it will start eating up available CPU power whilst you're on the page, but stops once you close it.
I read an article about it recently, and in the comments an honest broker linked back to his thank you page where the script would run automatically. He had an explanation on the page explaining why he was using it. Basically it uses the power of your machine to generate the hashes required to create cryptocoins (if that's the right term?). When I landed on the page both of my CPU processors went up to 100% utilisation (LM 18.2 Cinnamon) - fans came on fairly quickly!
If I can find the page I'll come back and add it.
Edit: Original article: https://www.wordfence.com/blog/2017/10/ ... wordpress/
and page mentioned in comments that runs mining script... http://www.joelevi.com/thanks.html
Warning: it will start eating up available CPU power whilst you're on the page, but stops once you close it.
- felemur
- Level 5
- Posts: 537
- Joined: Sun Sep 20, 2015 2:22 pm
- Location: In the middle of 1000's of acres of corn & soy fields in a house full of cats.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
I posted the same question on the Vivaldi Browser forum (as that is the one I use the most), and one of the people indicated that using the uBlock Origin extension would stop it.
Is that true?
EDIT: Here is a cross-post of my same question on the Vivaldi Forum, as some of the answers are interesting.
https://forum.vivaldi.net/topic/21956/w ... tocurrency
Is that true?
EDIT: Here is a cross-post of my same question on the Vivaldi Forum, as some of the answers are interesting.
https://forum.vivaldi.net/topic/21956/w ... tocurrency
- felemur
- Level 5
- Posts: 537
- Joined: Sun Sep 20, 2015 2:22 pm
- Location: In the middle of 1000's of acres of corn & soy fields in a house full of cats.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
FYI: Here is an extension that is supposed to block this (from one of the answers on the Vivaldi Forum). This should work on Chromium based browsers like Chrome, Vivaldi, SlimJet, etc.
https://chrome.google.com/webstore/deta ... fmgmpblogb
https://chrome.google.com/webstore/deta ... fmgmpblogb
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Just tested that extension in Chromium and on the website I mentioned - it worked
Not sure how it filters/blocks, so whether it will remain effective over time remains to be seen.
Edit: hmmm, think it just blocks connection to domains, in this case 'coinhive.com'.
Not sure how it filters/blocks, so whether it will remain effective over time remains to be seen.
Edit: hmmm, think it just blocks connection to domains, in this case 'coinhive.com'.
-
- Level 6
- Posts: 1282
- Joined: Mon Nov 24, 2014 9:17 am
- Location: Chrząszczyżewoszyce, powiat Łękołody
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Can happen with everything (Windowses, Linuxes, Androids, iOS, macOS...) where exists applications able to run JS and internet.felemur wrote:I'm just curious - can this happen with Linux, or is it just a Windows issue?
Windows assumes I'm stupid but Linux demands proof of it
- felemur
- Level 5
- Posts: 537
- Joined: Sun Sep 20, 2015 2:22 pm
- Location: In the middle of 1000's of acres of corn & soy fields in a house full of cats.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Yes, it is list based. I hope it updates regularly with any new mining domains.Mick-Cork wrote:Just tested that extension in Chromium and on the website I mentioned - it worked
Not sure how it filters/blocks, so whether it will remain effective over time remains to be seen.
Edit: hmmm, think it just blocks connection to domains, in this case 'coinhive.com'.
I guess the good side of being a list based domain blocker, is it is unlikely to cause any problems.
If you could locate up-to-date mining domain lists, you could just add them to uBlock Origin, though if the Cyrpto Mining Blocker does that all automatically, it is the easy way as far as I can tell.
EDIT: Here is the GitHub page for the Crypto Mining Blocker, and it shows what the Blacklist is:\
https://github.com/lesander/crypto-mine ... blocker.js
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Good find, looks like it also tries to block certain js scripts as well so a bit more than just domains. I just added coin-hive.com to my hosts file as a test (using Domain Blocker in LM), and that prevents any app from being able to connect to it. If the spread of this becomes a real problem then I guess keeping the hosts file up to date would be an effective, machine-wide, way of dealing with it.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Wow. Glad I read this post. I just added coin-hive to my domain blocking too.
I think either way (honest/dishonest) is bad. I can see some computers just locking up solid when visiting a site like that.
I think either way (honest/dishonest) is bad. I can see some computers just locking up solid when visiting a site like that.
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
Dell PE T610, Dell PE T710 - List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Dell PE T610, Dell PE T710 - List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Hi coffee412, from what I can find these are the domains currently involved:
coinhive.com
coin-hive.com
jsecoin.com
crypto-loot.com
I suspect more will start to appear as the bandwagon grows, so whether it ends up with script or domain blocking (or both?) time will tell. Anyway, a few to add to the domain blocker for the moment.
coinhive.com
coin-hive.com
jsecoin.com
crypto-loot.com
I suspect more will start to appear as the bandwagon grows, so whether it ends up with script or domain blocking (or both?) time will tell. Anyway, a few to add to the domain blocker for the moment.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
It seems one type of cryptocurrency ONLY take advantage of 445 TCP UDP port.
You can use firewall to prevent this and you can set iptable to block all tcp and udp ports except 80 and 443...
https://www.scmagazine.com/cryptocurren ... le/662128/
i published here yesterday how
You can use firewall to prevent this and you can set iptable to block all tcp and udp ports except 80 and 443...
https://www.scmagazine.com/cryptocurren ... le/662128/
i published here yesterday how
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Big thankyous for the domains to block. Just got back from a service call and added them immediately.Mick-Cork wrote:Hi coffee412, from what I can find these are the domains currently involved:
coinhive.com
coin-hive.com
jsecoin.com
crypto-loot.com
I suspect more will start to appear as the bandwagon grows, so whether it ends up with script or domain blocking (or both?) time will tell. Anyway, a few to add to the domain blocker for the moment.
Thanks again,
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
Dell PE T610, Dell PE T710 - List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Dell PE T610, Dell PE T710 - List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Thanks for the link. I will be checking into that too.lisabonne citadel wrote:It seems one type of cryptocurrency ONLY take advantage of 445 TCP UDP port.
You can use firewall to prevent this and you can set iptable to block all tcp and udp ports except 80 and 443...
https://www.scmagazine.com/cryptocurren ... le/662128/
i published here yesterday how
coffee
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
Dell PE T610, Dell PE T710 - List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Dell PE T610, Dell PE T710 - List your hardware Profile: inxi -Fxpmrz
MeshCentral * Virtualbox * Debian * InvoiceNinja * NextCloud * Linux since kernel 2.0.36
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
take a look https://www.computerworld.com/article/2 ... -risk.html
12 years passed by and... many dangerous attacks always came from 445 tcp udp port.
445 port is SMB protocol or File-Sharing Protocol... I already said... I hate Sharing tools.
In case you cant delete SMB, install catfish and search smb in filesystem directory.
NOTE:
Dont get confused with smbios, BECAUSE YOU CANT HAVE system reability if you delete that.
Other easy way, is block with firewall 445 tcp udp port.
12 years passed by and... many dangerous attacks always came from 445 tcp udp port.
445 port is SMB protocol or File-Sharing Protocol... I already said... I hate Sharing tools.
In case you cant delete SMB, install catfish and search smb in filesystem directory.
NOTE:
Dont get confused with smbios, BECAUSE YOU CANT HAVE system reability if you delete that.
Other easy way, is block with firewall 445 tcp udp port.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Interesting stuff, one of the reasons I love tech, just about the time I/you think you know everything, come across 4 million new things I'd known nothing about and realize how much I still have to learn.
Btw: Mick-Cork that pages doesn't do anything if you have Firefox with noscript installed. Much be javascript or similar based cause noscript stops it dead, my cpu(s) showed no additional activity visiting the webpage linked.
Btw: Mick-Cork that pages doesn't do anything if you have Firefox with noscript installed. Much be javascript or similar based cause noscript stops it dead, my cpu(s) showed no additional activity visiting the webpage linked.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Could simply edit the hosts file ( /etc/hosts ) so that those sites point to loopback ( 127.0.0.1 ) , or null ( 0.0.0.0 )
it’s a plain text file so edits are super easy .
example - add this line :
127.0.0.1 coinhive.com
@Mick-Cork
I forgot all about Domain Blocker .... thanks
it’s a plain text file so edits are super easy .
example - add this line :
127.0.0.1 coinhive.com
@Mick-Cork
I forgot all about Domain Blocker .... thanks
- Pjotr
- Level 24
- Posts: 20142
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Good way, but you'll have to keep it updated as new mining domains spring up. For example by browsing the blacklist of the popular browser add-on No Coin:Faust wrote:Could simply edit the hosts file ( /etc/hosts ) so that those sites point to loopback ( 127.0.0.1 ) , or null ( 0.0.0.0 )
it’s a plain text file so edits are super easy .
example - add this line :
127.0.0.1 coinhive.com
https://github.com/keraf/NoCoin/blob/ma ... cklist.txt
Or choose the easy way: put your trust in an add-on like No Coin itself, and install it in your Firefox, Chrome or Chromium. I'm rather lazy myself, so I'm leaning towards that.
-- Edit (1): it appears that the adblocker uBlock Origin also blocks miners:
https://themerkle.com/ublock-origin-dev ... g-scripts/
Maybe a reason to dump Adblock Plus and switch to uBlock Origin? Probably no need for a dedicated mining blocker like No Coin then.
-- Edit (2): you can see uBlock Origin's mining filters under: "uBlock filters - Resource abuse".
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
Agreed , manual updating would be a bind .Pjotr wrote: .....
Good way, but you'll have to keep it updated as new mining domains spring up.....
There are some good tools for blocking at browser level , no doubt .
I wonder how many users of uBlockOrigin have actually dug into the settings and found all of the fine-grained
tweaking that's available , in particular those third-party filter lists ( that are regularly updated ) .
Just check the box and that list is included .... easy life !
But I'm more interested in blocking at OS level , and using those same filter lists for rolling updates
It shouldn't be that difficult.
On that other OS , " Hosts Block " ( the dev is called Brocke ) handles this very neatly , with user options for
run-on-boot , auto-update , and opt-ins for all of those useful lists of stinkers .
I haven't seen much discussion of this idea for GNU/Linux systems .... maybe it's a project to save for a rainy day
.... one that's no use for cycling ( I don't care much for walking in the rain , no matter what The Ronettes say )
Last edited by Faust on Thu Nov 02, 2017 2:27 pm, edited 1 time in total.