wyxchari Posted January 29, 2018 Share Posted January 29, 2018 (edited) Hi. I have just discovered that there are internet pages that use your processor 100% by javascript to generate money without your permission for the web. Example of javascript mining web: http://www.elitegol.me It is not dangerous, simply while visiting that website the processor is set to 100% and consumes more electricity. The latest versions of Firefox and Chrome are already protected, but the latest versions for Windows XP that are Firefox 52.6.0esr and Chrome 49.0.2623.112m are not. Web to test Windows XP browsers: https://cryptojackingtest.com To block the mining, extensions can be placed. One that I have tried and it works well in FF and Chrome for XP is called: Mining blocker Edited January 30, 2018 by wyxchari Link to comment Share on other sites More sharing options...
bluebolt Posted January 29, 2018 Share Posted January 29, 2018 I'm using Firefox 52.6.0esr, and the cryptojacking test says I'm protected. I wonder if that's because my install is spoofed to version 76. Link to comment Share on other sites More sharing options...
Tangy Posted January 29, 2018 Share Posted January 29, 2018 The one I have been using is called NO COIN. I did that test and I am protected. Link to comment Share on other sites More sharing options...
heinoganda Posted January 29, 2018 Share Posted January 29, 2018 Even my outdated Google Chrome 44.0.2403.130 seems to be still immune. Link to comment Share on other sites More sharing options...
mixit Posted January 30, 2018 Share Posted January 30, 2018 (edited) My observations : Your browser version doesn't really matter, all you need to get "You're protected" is somehow blocking coinhive.com and coin-hive.com. This can be done in any browser by running a regular adblocker like uBlock Origin, etc., I don't see much need for specialized addons. While raising awareness is commendable in itself, the cryptojackingtest.com site seems to be more about advertising Opera (specifically its built-in adblocker) than serious testing for cryptojacking protection. In my opinion, actually mining cryptocurrency on the site (instead of just checking if it could be done) is a pretty questionable move, even if they claim to donate the proceeds. Edit: If Opera were the ones behind this site, I don't see why they'd register this domain anonymously - this is starting to look like a clever ruse to use people to mine a bit under the guise of an awareness campaign. Apparently the site is referenced in Opera's official blog so it should be legit. It's still weird that they'd use a domain privacy service instead of registering the domain with their official contact information. Edited January 30, 2018 by mixit 1 Link to comment Share on other sites More sharing options...
wyxchari Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) 8 hours ago, Tangy said: The one I have been using is called NO COIN. I did that test and I am protected. That I tried it in my Firefox 52.6.0esr and it blocked well but the icon stays blocked with an exclamation mark even if I keep surfing. That's why you can "Mining blocker." The malicious javascript file is called "/adsensebase.js" for "elitegol.me" in case you want to block in Adblock but any web page can change its name and it does not have to be hosted in a certain web. Edited January 30, 2018 by wyxchari Link to comment Share on other sites More sharing options...
mixit Posted January 30, 2018 Share Posted January 30, 2018 (edited) @wyxchari You are correct, domains and especially script file names can always be changed. And since Mining Blocker simply blocks the following sites: '*://coinhive.com/lib*','*://coin-hive.com/lib*','*://cnhv.co/lib*','*://coinhive.com/captcha*','*://coin-hive.com/captcha*','*://cnhv.co/captcha*','*://*/miner.pr0gramm.com/*','*://miner.pr0gramm.com/*','*://*/coin-have.com/*','*://coin-have.com/*','*://*/hashforcash.us/*','*://hashforcash.us/*','*://*/hashforcash.com/*','*://hashforcash.com/*','*://*/coinerra.com/*','*://coinerra.com/*','*://*/pr0gramm.com/*','*://pr0gramm.com/*','*://minecrunch.co/web/*','*://mine-crunch.co/web/*','*://jsecoin.com/server*','*://*.jsecoin.com/server*','*://*.35.190.24.124.com/server*','*://load.jsecoin.com/*','*://*.load.jsecoin.com/*','*://server.jsecoin.com/*','*://*.server.jsecoin.com/*','*://static.reasedoper.pw/*','*://mataharirama.xyz/*','*://listat.biz/*','*://crypto-loot.com/lib*','*://cryptoloot.com/lib*','*://gus.host/*','*://*/gus.host/*','*://xbasfbno.info/*','*://*/xbasfbno.info/*','*://azvjudwr.info/*','*://*/azvjudwr.info/*','*://jyhfuqoh.info/*','*://*/jyhfuqoh.info/*','*://jroqvbvw.info/*','*://*/jroqvbvw.info/*','*://projectpoi.com/*','*://*/projectpoi.com/*','*://kdowqlpt.info/*','*://*/kdowqlpt.info/*','*://ppoi.org/*','*://*/ppoi.org/*','*://inwemo.com/*','*://*/inwemo.com/*','*://lmodr.biz/*','*://mine-my-traffic.com/*','*://minemytraffic.com/*','*://coinblind.com/lib/*','*://coinnebula.com/lib/*','*://coinlab.biz/*','*://deepc.cc/*','*://*/coinlab.biz/*','*://gridcash.net/*','*://*/gridcash.net/*','*://socketminer.com/*','*://*/socketminer.com/*','*://ad-miner.com/*','*://*/ad-miner.com/*','*://cloudcoins.co/*','*://*/cloudcoins.co/*','*://webmine.cz/*','*://*/webmine.cz/*','*://hashunited.com/*','*://*/hashunited.com/*','*://mineralt.io/*','*://*/mineralt.io/*','*://authedmine.com/*','*://*/authedmine.com/*','*://easyhash.io/*','*://*/easyhash.io/*','*://webminepool.com/*','*://*/webminepool.com/*','*://monerise.com/*','*://*/monerise.com/*','*://coinpirate.cf/*','*://*/coinpirate.cf/*','*://crypto-webminer.com/*','*://*/crypto-webminer.com/*','*://webmine.pro/*','*://*/webmine.pro/*','*://*/monad.network/*','*://monerominer.rocks/scripts/*','*://cdn.cloudcoins.co/javascript/*','*://minero.pw/miner.min.js*' and any script URLs containing any of the following strings: 'CoinHive','Coin-Hive','jsecoin','mataharirama','minecrunch','coin-have','hashforcash','coinerra','reasedoper','minemytraffic','lmodr','cryptoloot','crypto-loot','listat','monero.worker','scrypt.worker','scrypt.asm','neoscrypt.asm','gus.host','xbasfbno','azvjudwr','jyhfuqoh','miner.pr0gramm','jroqvbvw','projectpoi','kdowqlpt','ppoi','minemytraffic','inwemo','minero','coinblind','coinnebula','coinlab','cloudcoins','deepc','monerominer','gridcash','monad','ad-miner','socketminer','cloudcoins','webmine','mineralt','authedmine','hashunited','webminepool','monerise','coinpirate','crypto-webminer','c-hive','cryptonight' and any scripts containing: 'miner','CoinHive','Coin-Hive','Coin-Have','hashforcash','coinerra','jsecoin','mataharirama','minecrunch','reasedoper','minemytraffic','cryptoloot','crypto-loot','inwemo','minero','CoinBlind','coinnebula','minemytraffic','cryptonight','coinlab','cloudcoins','monerominer','deepMiner','gridcash','monad','ad-miner','socketminer','cloudcoins','webmine','mineralt','authedmine','webminepool','monerise','coinpirate','crypto-webminer','c-hive','CRLT.Anonymous','hashunited' It would seem pretty easy to bypass it by renaming (also easy to get something useful blocked because of false positives). Since Mining Blocker has only 7,898 installs versus 13,424,117 for Adblock Plus and 5,111,703 for uBlock Origin, I'd rather rely on blocker extensions with massive user base, because their blocklists are likely to be up to date more quickly. Also, with Mining Blocker you currently have to update the extension itself just to get an updated blocklist. The only "feature" Mining Blocker has is that upon installation it attempts to stop any mining scripts already running - useful if for some reason you don't like to restart the browser. (I looked at Mining Blocker because I was curious what interesting tricks they might use to detect mining scripts, not to be contrary with you. Based on these results, I'm afraid most of the "specialized" anti-mining extensions would similarly turn out to be not terribly useful subsets of full-blown adblocker functionality.) Edited January 30, 2018 by mixit Link to comment Share on other sites More sharing options...
wyxchari Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) 48 minutes ago, mixit said: Mining Blocker ... Adblock plus... You're right. I use BOTH because "Adblock plus" with updated lists did not block "elitegol.me" in which I usually enter a lot. I can add custom filters and in fact I have about 500 additions. For me it is easy to see advertising on a website, give the contextual menu to inspect the element, copy the html and paste it into the custom filters. The problem is that it is not practical that in each web that enters, consult the use of CPU to know if there is mined. As Adblock plus, at the moment it does not work for me, I use ALSO "Mining blocker" which is specialized, although I know that in the background it does the same as Adblock plus. Greetings. Edited January 30, 2018 by wyxchari Link to comment Share on other sites More sharing options...
mixit Posted January 30, 2018 Share Posted January 30, 2018 Well, It's certainly possible that the big guns don't always cover everything, I just figure they'd generally get more input because of how many users they have. I think you'd get the same result if you added the Mining Blocker rules to ABP. It's slow enough as is even without using another blocker on top of it (had to move to uBO myself for better speed, even though I prefer ABP's interface). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now