Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency

[felemur]

I'm just curious - can this happen with Linux, or is it just a Windows issue?

[Citizen229]

Got an article to link? Or is this made up?

[felemur]

https://www.theregister.co.uk/2017/10/1 ... to_mining/

https://www.forbes.com/sites/leemathews ... 3a360e7250

https://www.extremetech.com/computing/2 ... across-web

http://www.zdnet.com/article/android-se ... -your-cpu/

https://www.google.ca/search?q=websites ... jwSotJ_gDQ

[Mick-Cork]

It can be done both secretly (malicious) and openly (honest) via browsers running on any OS. The malicious way tends to happen when a website gets hacked by a 3rd party, or the owner doesn't tell you they are doing it themselves. The honest method is when the owner is up front and it's typically used as an alternative to making voluntary donations.

I read an article about it recently, and in the comments an honest broker linked back to his thank you page where the script would run automatically. He had an explanation on the page explaining why he was using it. Basically it uses the power of your machine to generate the hashes required to create cryptocoins (if that's the right term?). When I landed on the page both of my CPU processors went up to 100% utilisation (LM 18.2 Cinnamon) - fans came on fairly quickly!

If I can find the page I'll come back and add it.

Edit: Original article: https://www.wordfence.com/blog/2017/10/ ... wordpress/

and page mentioned in comments that runs mining script... http://www.joelevi.com/thanks.html

Warning: it will start eating up available CPU power whilst you're on the page, but stops once you close it.

[felemur]

I posted the same question on the Vivaldi Browser forum (as that is the one I use the most), and one of the people indicated that using the uBlock Origin extension would stop it.

Is that true?

EDIT: Here is a cross-post of my same question on the Vivaldi Forum, as some of the answers are interesting.

https://forum.vivaldi.net/topic/21956/w ... tocurrency

[felemur]

FYI: Here is an extension that is supposed to block this (from one of the answers on the Vivaldi Forum). This should work on Chromium based browsers like Chrome, Vivaldi, SlimJet, etc.

https://chrome.google.com/webstore/deta ... fmgmpblogb

[Mick-Cork]

Just tested that extension in Chromium and on the website I mentioned - it worked

Not sure how it filters/blocks, so whether it will remain effective over time remains to be seen.

Edit: hmmm, think it just blocks connection to domains, in this case 'coinhive.com'.

[BigEasy]

I'm just curious - can this happen with Linux, or is it just a Windows issue?

Can happen with everything (Windowses, Linuxes, Androids, iOS, macOS...) where exists applications able to run JS and internet.

[felemur]

Just tested that extension in Chromium and on the website I mentioned - it worked

Not sure how it filters/blocks, so whether it will remain effective over time remains to be seen.

Edit: hmmm, think it just blocks connection to domains, in this case 'coinhive.com'.

Yes, it is list based. I hope it updates regularly with any new mining domains.

I guess the good side of being a list based domain blocker, is it is unlikely to cause any problems.

If you could locate up-to-date mining domain lists, you could just add them to uBlock Origin, though if the Cyrpto Mining Blocker does that all automatically, it is the easy way as far as I can tell.

EDIT: Here is the GitHub page for the Crypto Mining Blocker, and it shows what the Blacklist is:\

https://github.com/lesander/crypto-mine ... blocker.js

[Mick-Cork]

Good find, looks like it also tries to block certain js scripts as well so a bit more than just domains. I just added coin-hive.com to my hosts file as a test (using Domain Blocker in LM), and that prevents any app from being able to connect to it. If the spread of this becomes a real problem then I guess keeping the hosts file up to date would be an effective, machine-wide, way of dealing with it.

[coffee412]

Wow. Glad I read this post. I just added coin-hive to my domain blocking too.

I think either way (honest/dishonest) is bad. I can see some computers just locking up solid when visiting a site like that.

[Mick-Cork]

Hi coffee412, from what I can find these are the domains currently involved:

coinhive.com
coin-hive.com
jsecoin.com
crypto-loot.com

I suspect more will start to appear as the bandwagon grows, so whether it ends up with script or domain blocking (or both?) time will tell. Anyway, a few to add to the domain blocker for the moment.

[lisabonne citadel]

It seems one type of cryptocurrency ONLY take advantage of 445 TCP UDP port.
You can use firewall to prevent this and you can set iptable to block all tcp and udp ports except 80 and 443...
https://www.scmagazine.com/cryptocurren ... le/662128/
i published here yesterday how

[coffee412]

Hi coffee412, from what I can find these are the domains currently involved:

coinhive.com
coin-hive.com
jsecoin.com
crypto-loot.com

I suspect more will start to appear as the bandwagon grows, so whether it ends up with script or domain blocking (or both?) time will tell. Anyway, a few to add to the domain blocker for the moment.

Big thankyous for the domains to block. Just got back from a service call and added them immediately.

Thanks again,

[coffee412]

It seems one type of cryptocurrency ONLY take advantage of 445 TCP UDP port.
You can use firewall to prevent this and you can set iptable to block all tcp and udp ports except 80 and 443...
https://www.scmagazine.com/cryptocurren ... le/662128/
i published here yesterday how

Thanks for the link. I will be checking into that too.

coffee

[lisabonne citadel]

take a look https://www.computerworld.com/article/2 ... -risk.html
12 years passed by and... many dangerous attacks always came from 445 tcp udp port.
445 port is SMB protocol or File-Sharing Protocol... I already said... I hate Sharing tools.
In case you cant delete SMB, install catfish and search smb in filesystem directory.
NOTE:
Dont get confused with smbios, BECAUSE YOU CANT HAVE system reability if you delete that.
Other easy way, is block with firewall 445 tcp udp port.

[lmintnewb2]

Interesting stuff, one of the reasons I love tech, just about the time I/you think you know everything, come across 4 million new things I'd known nothing about and realize how much I still have to learn.

Btw: Mick-Cork that pages doesn't do anything if you have Firefox with noscript installed. Much be javascript or similar based cause noscript stops it dead, my cpu(s) showed no additional activity visiting the webpage linked.

[Faust]

Could simply edit the hosts file ( /etc/hosts ) so that those sites point to loopback ( 127.0.0.1 ) , or null ( 0.0.0.0 )
it’s a plain text file so edits are super easy .
example - add this line :
127.0.0.1 coinhive.com

@Mick-Cork
I forgot all about Domain Blocker .... thanks

[Pjotr]

Could simply edit the hosts file ( /etc/hosts ) so that those sites point to loopback ( 127.0.0.1 ) , or null ( 0.0.0.0 )
it’s a plain text file so edits are super easy .
example - add this line :
127.0.0.1 coinhive.com

Good way, but you'll have to keep it updated as new mining domains spring up. For example by browsing the blacklist of the popular browser add-on No Coin:
https://github.com/keraf/NoCoin/blob/ma ... cklist.txt

Or choose the easy way: put your trust in an add-on like No Coin itself, and install it in your Firefox, Chrome or Chromium. I'm rather lazy myself, so I'm leaning towards that.

-- Edit (1): it appears that the adblocker uBlock Origin also blocks miners:
https://themerkle.com/ublock-origin-dev ... g-scripts/

Maybe a reason to dump Adblock Plus and switch to uBlock Origin? Probably no need for a dedicated mining blocker like No Coin then.

-- Edit (2): you can see uBlock Origin's mining filters under: "uBlock filters - Resource abuse".

[Faust]

.....
Good way, but you'll have to keep it updated as new mining domains spring up.....

Agreed , manual updating would be a bind .

There are some good tools for blocking at browser level , no doubt .
I wonder how many users of uBlockOrigin have actually dug into the settings and found all of the fine-grained
tweaking that's available , in particular those third-party filter lists ( that are regularly updated ) .
Just check the box and that list is included .... easy life !

But I'm more interested in blocking at OS level , and using those same filter lists for rolling updates

It shouldn't be that difficult.
On that other OS , " Hosts Block " ( the dev is called Brocke ) handles this very neatly , with user options for
run-on-boot , auto-update , and opt-ins for all of those useful lists of stinkers .

I haven't seen much discussion of this idea for GNU/Linux systems .... maybe it's a project to save for a rainy day
.... one that's no use for cycling ( I don't care much for walking in the rain , no matter what The Ronettes say )