Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
I've done a bit of reading on this and from what I can glean these are the mining sites being used:
jsecoin.com coin-hive.com MINEMYTRAFFIC.COM crypto-loot.com crypto-loot.eu
I've added these to my hosts file and to uBlockOrigin.
Not to say there won't be more of these sites popping up with the money that can be made.
Hope this Helps
Felemur last edited by Felemur
Turns out uBlock Origin DOES block these mining sites, so if you use it, nothing to edit or add to the scripts:
https://themerkle.com/ublock-origin-dev ... g-scripts/
dLeon last edited by
I follow Gorhil uBlock0 Github, I successfully miss the talk.
But, judging how popular this issue becomes. It's not surprising if famous subscriptions like Easylist or Easyprivacy list will also follow suit.
Some more information came out this morning in the "Help Net Security Newsletter" (https://www.helpnetsecurity.com/2017/11/08/drive-by-cryptocurrency-mining/) including the following link to WordPress add-ons (https://wordpress.org/plugins/search/hive-miner/). Both use the "monero" e-currency and CoinHive.
Also from Bleeping Computer (https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/):
" Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios."
Disabling JS is unfortunately not an option as so many sites are dependent on scripts to display properly.
Even if on "Opts-in" to avoid ads, the crypto-mining service will cost users in higher electric bills. This will vary of course on where you are. In my location I suspect it would mean an $8 to $12 increase per month.
dLeon last edited by dLeon
ABP rule style block?
But... seem those 2 not yet known nor wildly use yet.
I think it's a karma for us who like to block ads and or tracker ads that cut sites revenue for whatever reasons. Now they got 10x more nastier way. If this also got blocked somehow, best bet they give 100x more nastier.
Blackbird last edited by
I think it's a karma for us who like to block ads and or tracker ads that cut sites revenue for whatever reasons. ...
I doubt karma has much to do with it. The sites that aren't hacked to crypto-mine are doing it simply because they can. Not many websites are "labors of love"... most of them seek to monetize their sites, and just like renting out adspace on their webpages, this is simply one more way to do it. Since every service has a cost to provide it, this is yet another consequence of the "free Internet" revenue model that's become the norm in today's world. As long as that model dominates the scene, this sort of thing will only increase... and I don't yet see other revenue models for sites gaining much success (eg: subscriptions).
retoree last edited by
@dleon just check uBlock filters. All this domains you talking about already in the list.