astrabal service logo
Search similar:


uniqs
974
laser for miter saw comcast cable box drop off how to set aprilaire humidifier direct tv dvr receivers fx time warner cable time warner cable channel lineup printable linksys firmware upgrade wrt54gs smoke detector beeps every 5 minutes concrete efflorescence cleaner home depot dd wrt repeater games like silent hill u verse wireless gateway usps truck delivery hours abc family fios ny centurylink bill pay phone number motorola cable modem with phone jack how to get rid of underground yellow jackets cost to replace washing machine pump cheapest car insurance in ontario tivo time warner cable centurylink bill pay number single vs double bevel miter saw 2 stage cooling thermostat gas price converter us to canadian fios early termination fee charter netgear router login how many copyright infringement notices comcast sprint cards at walmart saddle valve open position verizon fios customer service number va home depot lawn mower return policy

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb

Premium Member

Coin mining: Hijacking a browser?

I didn't understand why, even when barely using my system one core was pegging at 100% and others higher than the should be. Then I remembered hearing about sites planting coin mining tricks on browsers so I cleared my firefox histories, shut it down, and also had to reboot. After rebooting I didn't run it and ran Chromium instead an my cores are staying down to less than 5% most of the time now.

Now, I just opened FF again and Posting from it, and enabled an anti coin miner app in it.

So far, my CPU is calm.

What bothers me is it would keep running the cores hard even after shutting down Firefox until reboot.

I still have a lot to learn about security and how to check processes in Linux.
doppler
join:2003-03-31
Blue Point, NY

doppler

Member

At over 7,000 a coin can you really fault them for trying to rob you of computer resources ?

I can!

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN
·Frontier Communi..

Blackbird to wutsinterweb

Premium Member

to wutsinterweb
In some reports by victims, their CPU core temps can rose to dangerous levels due to the sustained over-drive; in many cases, the entire system slows to a crawl that is difficult to clear - as you've observed. What I would love to see is an extension that detects such mining activity, then deliberately and irreversibly corrupts the computations and solutions being sent back to the mother ship. A little of that and the entire scheme would collapse as being a bad idea.
InternetJeff
I'm your huckleberry.
join:2001-09-25
.

InternetJeff to wutsinterweb

Member

to wutsinterweb
Or you might just have a more common issue.

Cartel
Premium Member
join:2006-09-13
Chilliwack, BC

Cartel to wutsinterweb

Premium Member

to wutsinterweb
does FF have that silly "standby" feature like chrome does where it doesn't actually close the processs when you close the browser?

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb

Premium Member

Ah, well it WAS coin mining. I cleared my settings/history and installed coin mining blockers and it's been fine since.
doppler
join:2003-03-31
Blue Point, NY

doppler to wutsinterweb

Member

to wutsinterweb
I would love to know which site(s) are using this practice.

Since Microsoft removed gadgets, I have been using Rainmeter and associated rainmeter plugins to monitor my resources. At a glance I know when SHTF. And at what temp my cpu is running.

Krisnatharok
PC Master Race
Premium Member
join:2009-02-11
Earth Orbit
804.3 1031.9

Krisnatharok to wutsinterweb

Premium Member

to wutsinterweb
said by wutsinterweb:

Ah, well it WAS coin mining. I cleared my settings/history and installed coin mining blockers and it's been fine since.

What sites were you visiting? That matters the most IMHO.

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb

Premium Member

many i don't even remember.

Krisnatharok
PC Master Race
Premium Member
join:2009-02-11
Earth Orbit
804.3 1031.9

Krisnatharok

Premium Member

said by wutsinterweb:

many i don't even remember.

Well there's your issue. I don't need anti-coin mining plug-ins because I don't go to sketchy sites that do these things.

Ironically, I'd actually prefer that sites switch from advertisements to coin-mining plug-ins, assuming I can control when they turn on and off and how much processing power and how many threads they get to control. It would be a way of voting with my CPU cycles.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN
·Frontier Communi..

Blackbird to wutsinterweb

Premium Member

to wutsinterweb
Reports I've been seeing indicate that the mining appears both on certain 'reputable' websites that have been hacked by rogue miners who inject code into the site's scripting and server modules to covertly hijack a visiting browser for mining purposes, as well as on various 'less-than-reputable' sites that are supplementing their income by directly operating the mining code on their own systems and running the computations through visiting systems.

In any case, as a precaution, one can try adding these mining sites being pinged by the mining hijackers to a hosts file or browser adblocker list:

coin-hive.com
crypto-loot.com
crypto-loot.eu
jsecoin.com
minemytraffic.com

therube
join:2004-11-11
Randallstown, MD

1 edit

therube to wutsinterweb

Member

to wutsinterweb
quote:
I cleared my settings/history and installed coin mining blockers
What settings did you clear?
URLs to these "coin mining blockers"?
quote:
it would keep running the cores hard even after shutting down Firefox until reboot
Very odd.
Was it keeping "firefox" open in those instances (firefox as a process, or is there something else living in your system outside of the browser?

What version of FF?

If this is JavaScript & browser based, not sure how anything is going to continue running once you close your browser?

Did you check Task Manager to see what was eating CPU?

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN
·Frontier Communi..

Blackbird

Premium Member

Most of the mining hijackers are JavaScript code-injections into website code. In some cases, these may/can interfere with the browser fully closing its processes upon exit. A number of cases exist where the code injection occurred in the ads and web analytics programs referred to within website code. Others involve injections into web-based/linked extension programs.

One recent article discussing some of this is: »theregister.co.uk/20 ··· _script/

Another involving code embedded intentionally into the site code is:
»motherboard.vice.com/en_ ··· appy-ads

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb to Krisnatharok

Premium Member

to Krisnatharok
I don't do sketchy like pron, don't do that. You are accusing without proof.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN
·Frontier Communi..

Blackbird

Premium Member

said by wutsinterweb:

I don't do sketchy like pron, don't do that. You are accusing without proof.

It matters because a visited site is how the mining exploits are relayed (intentionally or otherwise) onto the user's system. There are reputable, less-than-reputable, and disreputable (eg: pron) that are known to have been involved in this to date.

Krisnatharok
PC Master Race
Premium Member
join:2009-02-11
Earth Orbit
804.3 1031.9

Krisnatharok to wutsinterweb

Premium Member

to wutsinterweb
said by wutsinterweb:

I don't do sketchy like pron, don't do that. You are accusing without proof.

After some digging, here are the most likely culprits. Do you know if you visited any of the sites below?

The Pirate Bay: »bgr.com/2017/09/18/pirat ··· er-coin/
Politifact and Showtime: »wired.com/story/cryp ··· browser/ and »theverge.com/2017/9/ ··· coinhive

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb

Premium Member

All three, for starters. But I rarely ever do wares any longer and absolutely do NOT do pron of any type at all. It does nothing for me and I don't like being accused of it.

dean corso
join:2007-09-07

dean corso to wutsinterweb

Member

to wutsinterweb
Would NoScript prevent coin mining or do I need another add-on designed to deter mining specifically?

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

1 edit

wutsinterweb

Premium Member

i hadn't been running ns, i had ghostery but it was disabled. my understanding is you may want something specific.

Edit: Ok, back on my system, here's what I did, I cleared my history and everything else that could be cleared in firefox and installed no coin and another anti mining add on.

It's been over a day, maybe longer now, and my CPU cycles are very light for a change.

I lecture those I know to stay away from pron sites, but that isn't enough now. I stopped that crap long ago, very long ago, I find that stuff disgusting. But even "legit" sites can attack you now, well, that's always been the case, just not so common.

Too bad I don't know of a way to check my old cell phone for this too, it might explain why the darn thing goes dead after only 3 hour use or 6 of stand by (well, not dead, but I have to turn it off).

therube
join:2004-11-11
Randallstown, MD

therube to Blackbird

Member

to Blackbird
quote:
It matters because a visited site
Not IMO.
There is no such thing as a "good" site (even here ).
Any site can be hacked.
And the porn end alone can't be it either, cause I do porn (& all kind of "sketchy" sites) 24-7.

dean corso
join:2007-09-07

dean corso to wutsinterweb

Member

to wutsinterweb
said by wutsinterweb:

I lecture those I know to stay away from pron sites, but that isn't enough now. I stopped that crap long ago, very long ago, I find that stuff disgusting.

You mean two days ago when you noticed your system was being mined?

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb

Premium Member

i haven't view any pron for over 15 or so years. its gross, sex is gross.
wutsinterweb

wutsinterweb to dean corso

Premium Member

to dean corso
said by dean corso:

said by wutsinterweb:

I lecture those I know to stay away from pron sites, but that isn't enough now. I stopped that crap long ago, very long ago, I find that stuff disgusting.

You mean two days ago when you noticed your system was being mined?

Oh what fun it is to accuse others of things they did not do and make them feel bad for something they shouldn't feel bad. Oh what fun to be so sadistic.

Since you put me in a corner, let me explain that I have zero sex drive due to health conditions and as a result it's been near 2 decades that pron has zero appeal to me. Hell, when sex scenes happen in game of thrones I leave the room.

Anything else you care to accuse me of? Did you get off good?

ashrc4
Premium Member
join:2009-02-06
australia
68.3 22.8

ashrc4 to wutsinterweb

Premium Member

to wutsinterweb
It's a little OT but males should 21 times a month or 0.7 times a day according to NHS study.
»mirror.co.uk/news/uk ··· 10763402
doppler
join:2003-03-31
Blue Point, NY

doppler

Member

said by ashrc4:

It's a little OT but males should 21 times a month or 0.7 times a day according to NHS study.
»mirror.co.uk/news/uk ··· 10763402

That's only the admitted number. Polls are only as good as the sample size.

Mark12547
Premium Member
join:2015-10-06
Salem, OR
ARRIS TG862

Mark12547 to Blackbird

Premium Member

to Blackbird
said by Blackbird:

coin-hive.com
crypto-loot.com
crypto-loot.eu
jsecoin.com
minemytraffic.com

The latest version of uBlock Origin for Firefox has a "uBlock filters – Resource abuse​​​​​" list that includes rules for most of the above. (I didn't see crypto-loot.eu in the list.)

Krisnatharok
PC Master Race
Premium Member
join:2009-02-11
Earth Orbit
804.3 1031.9

Krisnatharok to wutsinterweb

Premium Member

to wutsinterweb
said by wutsinterweb:

All three, for starters. But I rarely ever do wares any longer and absolutely do NOT do pron of any type at all. It does nothing for me and I don't like being accused of it.

Well there you go.

And thou dost protesteth too much, methinks.

wutsinterweb
End Citizen's United
Premium Member
join:2014-08-26
USA

wutsinterweb

Premium Member

It's funny how accusors play that game. Make someone uncomfortable, it's not too different from sexual harassment. A full scan of all my drives and flash media and you would only see photos and videos of my loved ones. I protest because you are trying to make me squirm for no reason, I thought better of you than that.

Krisnatharok
PC Master Race
Premium Member
join:2009-02-11
Earth Orbit
804.3 1031.9

Krisnatharok

Premium Member

said by wutsinterweb:

It's funny how accusors play that game. Make someone uncomfortable, it's not too different from sexual harassment. A full scan of all my drives and flash media and you would only see photos and videos of my loved ones. I protest because you are trying to make me squirm for no reason, I thought better of you than that.

Geeze dude, that response is as old as the internet itself when someone complains about malware on their PC you tell them to stop downloading the porn! You are reading WAY too much into this and are way too thin-skinned about what was an offhanded comment said in jest.

It's fairly clear that coin miner hijack scrypts aren't relegated to ONLY sketchy sites (porn or warez) as the linked articles indicated. You don't even need to prove anything here, and the fact that you are making such a big deal of it is indicative of ... something. What, I dunno.

chmod
Premium Member
join:2000-12-12
Lockport, IL

chmod to wutsinterweb

Premium Member

to wutsinterweb
laser for miter saw comcast cable box drop off how to set aprilaire humidifier direct tv dvr receivers fx time warner cable time warner cable channel lineup printable linksys firmware upgrade wrt54gs smoke detector beeps every 5 minutes concrete efflorescence cleaner home depot dd wrt repeater games like silent hill u verse wireless gateway usps truck delivery hours abc family fios ny centurylink bill pay phone number motorola cable modem with phone jack how to get rid of underground yellow jackets cost to replace washing machine pump cheapest car insurance in ontario tivo time warner cable centurylink bill pay number single vs double bevel miter saw 2 stage cooling thermostat gas price converter us to canadian fios early termination fee charter netgear router login how many copyright infringement notices comcast sprint cards at walmart saddle valve open position verizon fios customer service number va home depot lawn mower return policy