Silent Crypto Miners Appearing on Websites

Discussion of news related to ad blocking.

Moderator: EasyList authors

Post Reply
gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Silent Crypto Miners Appearing on Websites

Post by gotitbro » Sun Sep 17, 2017 11:36 am

I just came across a website that was using a silent JavaScript miner (crypto miner) called Coinhive which was using a lot of CPU of my not so powerful device. These JavaScript mines seem to have gained popularity in recent times especially with news reports coming in that even The Pirate Bay has started using these miners (actually the same Coinhive one).

I get why websites are turning to these JS miners, to get some revenue with cryptocurrencies maybe because ads aren't performing that well. But that doesn't give them the right to use my machine as a node for their mining purposes without my consent. All they had to do was show a little popup asking my permission.

What do you think about these silent JS miners?

More Info: https://github.com/uBlockOrigin/uAssets/issues/690
TPB Report: https://torrentfreak.com/the-pirate-bay ... er-170916/

User avatar
Lanik
Site Owner
Site Owner
Posts: 1379
Joined: Thu Feb 15, 2007 7:44 am
Reputation: 22
Location: /dev/null

Post by Lanik » Mon Sep 18, 2017 3:41 am

gotitbro wrote:
Sun Sep 17, 2017 11:36 am
What do you think about these silent JS miners?
If someone is using my machine or resources for their own personal gain justified or not is not cool with me. Especially when it's done without my consent. Might as well be malware AFAIC.
"If it ain't broke don't fix it."

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Mon Sep 18, 2017 8:06 am

@Lanik Exactly, but here we have people who not only have no problem with TPB for doing so but also support it https://torrentfreak.com/the-pirate-bay ... qus_thread. When I asked for why this was so I got a response hat this is better than malicious ads.

It seems like a right justification but now that I think about it is it really? This seems worse than malicious ads to me I don't even have take any action here.

-Mark-
Postaholic
Postaholic
Posts: 281
Joined: Tue Jul 05, 2016 7:46 pm
Reputation: 13

Post by -Mark- » Mon Sep 18, 2017 1:14 pm

That's f*** invasive! Forcing visitor's resources downright for personal gains is unacceptable, needs to be firewalled.

Gorhill created a filterlist for that-https://raw.githubusercontent.com/uBloc ... tterns.txt

Adding that now :ubergeek:

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Tue Sep 19, 2017 8:40 am

@-Mark- That filter list still seems to be a work in progress something could still change drastically with it. And you're right its invasive it is beyond me why people are even supporting this.

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11840
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 96
Location: EasyList Forum

Post by smed79 » Thu Sep 21, 2017 2:07 pm

•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Sat Sep 23, 2017 10:45 pm

@smed79 That list seems to be fairly new. Is it correct to add it to the database without much testing?

Were you the one who added it on the ABP page?

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11840
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 96
Location: EasyList Forum

Post by smed79 » Sun Sep 24, 2017 1:26 am

gotitbro wrote:Were you the one who added it on the ABP page?
Why me? I have just found this list by accident at ABP sub page when I wanted to subscribe to Fanboy's Annoyances.
gotitbro wrote:Is it correct to add it to the database without much testing?
I don't understand what you mean by "without much testing"?

For any other question/issue ask at https://github.com/hoshsadiq/adblock-nocoin-list/issues
•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Sun Sep 24, 2017 1:31 am

@smed79 I thought you had some control over ABP's subscription page :p

What I meant with not much testing was that we don't know if its going to be an actively maintained list and handled properly, that is all.

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11840
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 96
Location: EasyList Forum

Post by smed79 » Sun Sep 24, 2017 1:49 am

You can follow the NoCoin repo on github and proposed to optimize the filters if you see something not handled properly.
•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Thu Oct 26, 2017 4:12 pm

How it all began: https://news.ycombinator.com/item?id=15246145

The above entry was posted on Hacker News (HN) on 14 September, 2017 by pr0gramm which operate the pr0gramm.com German imageboard. pr0gramm are the original creators of Coinhive as they have themselves told us on their webpage (have since removed this info and shifted the Coinhive website to coinhive.com from coin-hive.com). Coinhive as told by the creators originated from an experiment on the imageboard itself which itself was curiously completely opt-in and had to be run in a separate tab (miner.pr0gramm.com).

Just two days later on 15 September, 2017 it was reported that The Pirate Bay (TPB) has started using Coinhive and taking in account the time frame TPB probably got acquainted with Coinhive through the HN thread. Browser based cryptominers which were unheard of at the time got a lot of media exposure due to being used by the one of the most popular torrent sites. In no time there were multiple web based crypto miners available for anyone willing to use them even as plugins. The web mining segment is highly saturated as of now with many solutions available being used mostly on piracy and not so trustworthy websites.

I am not saying that Coinhive/pr0gramm were the first to implement browser based mining but they sure made it mainstream.

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11840
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 96
Location: EasyList Forum

Post by smed79 » Fri Oct 27, 2017 2:38 am

•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Fri Oct 27, 2017 10:00 am

Yes I read about that. Just goes onto show their "security". Thankfully the hacker didn't do something nefarious such as spreading malware just changed the settings to get the all Monero mined for the websites for himself.

He apparently found their password from the 2014 Kickstarter data leak. I can't believe they didn't change their passwords after that.

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11840
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 96
Location: EasyList Forum

Post by smed79 » Sat Oct 28, 2017 7:12 am

? WhoRunsCoinhive => http://www.whorunscoinhive.com/thelist
•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Sun Oct 29, 2017 4:29 pm

Nice website. I do not understand what they mean by "Coinhive Site Key". Is it the same as Google Analytics, FB website tags?

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11840
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 96
Location: EasyList Forum

Post by smed79 » Sun Oct 29, 2017 5:42 pm

e.g kickass.cd ==> http://i.imgur.com/AOw3on1.png (joztQmQ87OjS1....).

"the ‘site key’ is a unique identifier to indicate which beneficiary will be paid" - Coinhive’s documentation.
•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 747
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Sun Oct 29, 2017 7:32 pm

So, the site keys that are listed and contain multiple domains probably belong to one person/entity?
Eg: http://www.whorunscoinhive.com/coinhive_id/OT1CIcpkIOCO7yVMxcJiqmSWoDWOri06

Also when tried to search kickass.cd on the whorunscoinhive.com website it did not detect it :/

Post Reply