ShipSpotting.com Forum

Shipspotters all over the world => Site related news, functions and modules => Topic started by: Richard Paton on October 10, 2017, 05:27:10 pm



Title: Coinhive threat warning
Post by: Richard Paton on October 10, 2017, 05:27:10 pm
Has anybody else been getting an anti virus alert for coinhive.com on this site when you click on it?

The warning beeps saying virus detected only happen on this site an no other.


Title: Re: Coinhive threat warning
Post by: andrecas on October 10, 2017, 06:35:40 pm
Just today I've been getting pop up screens from Malwarebytes (to which I subscribe to) indicating this "coinhive" site is being blocked. It makes me wonder (again) when this site will update (or implement) security features similar to other sites (such as marine Traffic), etc.


Title: Re: Coinhive threat warning
Post by: simonwp on October 10, 2017, 06:48:39 pm
Yes I'm getting the same. Fortunately by anti-virus software is blocking it.


Title: Re: Coinhive threat warning
Post by: Richard Paton on October 10, 2017, 06:50:34 pm
Glad to hear it's not just me then, having googled it it seems coinhive is a way for a website to generate revenue..

Coinhive is a cryptocurrency miner written in Javascript, which sends any coins mined by the browser to the owner of the web site.


Title: Re: Coinhive threat warning
Post by: Cedric Hacke on October 10, 2017, 08:23:52 pm
I did notice very high CPU usage on this page, despite not seeing the ads with an adblocker.


Title: Re: Coinhive threat warning
Post by: davidships on October 10, 2017, 09:02:34 pm
Yes Cedric.
That's what it does, apparently, though I don't pretend to understand it.
However this seems to touch on it - and in particular on the issue around it being set to maximise CPU usage:
https://www.reddit.com/r/beermoney/comments/751c8m/beware_the_coinhivecom_jsminerc/

I'm waiting for Cody to come back to me on this.
(Cedric, I am working offsite on the category question and will email you)


Title: Re: Coinhive threat warning
Post by: Cody Williams on October 11, 2017, 05:47:54 am
Hi Everyone,

Remember when we had issues with the site being rerouted to ad-websites on some mobile devices a while back? That was caused by Tizermedias which was placed into our site’s directory – where all the files on our server are that make site work – by a hacker. So far Henrik hasn’t been able to fully get rid of Tizermedias and so what’s happened now is that Tizermedias is now using Coin Hive to mine Bitcoin by using other people’s computers to do the work – it’s an extra source of revenue for them on top of ad-revenue.

When the site loads all of the scripts that make features like buttons work, show photos and ads et cetera; the Coin Hive script also gets run. From what I understand it's not malicious but I'll try to find out more about it.

Best Wishes
Cody


Title: Re: Coinhive threat warning
Post by: Cedric Hacke on October 11, 2017, 08:08:58 am
Thanks for the update Cody and David. I hope the issue gets resolved soon, CPU usage is so high that I can hardly scroll through pages after a while.

Kind regards
Cedric


Title: Re: Coinhive threat warning
Post by: Phil English on October 11, 2017, 08:25:45 am
I've also noticed that shipspotting has been making by CPU run at 100%. Consequently, everything else on my PC runs slower than it should. Nothing else is doing it, as soon as it close ss.com, my CPU goes down to <10%.

Brgds
Phil


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 11, 2017, 08:59:47 am
There are Coin Hive extensions that you can download for Chrome, Firefox, Opera etc. they not only stop it loading but clean your browser. Just "Google" .. eg search for Coin Hive blocker +Chrome etc.  Note the search works best if Coin and Hive are separated or as Coin-Hive.
see http://cryptomining-blog.com/tag/no-coin-browser-extension/ for extra info if required.

Once its loaded there will be an icon in your browser bar ... On and Off so make sure you turn it on.


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 11, 2017, 12:16:46 pm
I’m getting a lot of cache files being blocked by my anti-virus, is this the same problem? Files are all various f_XXXXXX numbers e.g. F_011356
Problem only on shipspotting.com on different browsers, all other sites are ok.


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 11, 2017, 12:43:11 pm
Although its not a virus, its a trojan via Java script. Searching Norton, Bitdefender, Kaspersky websites they have the tools to detect and remove. Need to run the Norton etc. system scan, to find and remove.
It would appear that antivirus does not detect until its actually within your browser.  Its downloaded with free software and via adverts so reinfects looking for any Bitcoins you may have in your "piggy bank".Then steals them. An adblocker will stop it infecting but Shipspotting may not like you using ad blockers as its part of their revenue. As I use an ad blocker within my browsers I do not see any ads on the site so cannot comment if one or more of the ads are infected. I'm assuming Shipspotting still displays ads.
Clear your browser cache but that will not stop "reinfection". Need to prevent the source/ads reinfecting.
See https://malwaretips.com/blogs/remove-coin-hive-miner/ for remedies.


Title: Re: Coinhive threat warning
Post by: Allan RO on October 11, 2017, 01:52:30 pm
my AVG free is picking it up and disposing.

Allan


Title: Re: Coinhive threat warning
Post by: pieter melissen on October 11, 2017, 02:11:32 pm
my AVG free is picking it up and disposing.

Allan

so does mine but it is quite irritating, and I have a feeling that even though it has been picked up it has not been disposed of as it still manages to slow my computer.


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 11, 2017, 02:38:31 pm
Unless its TOTALLY removed then it will keep coming back when you restart computer. Try https://www.malwarebytes.com/adwcleaner/ and run as Administrator ..its free. Stay away from ads on sites. You do not even have to look at the infected ads.


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 11, 2017, 02:56:02 pm
Robert re your f_0113ad file ..this is the file reference to one of the files sitting in your browser cache. Depending how often you clean your cache you might have a few in number or thousands. They are small but lots accumulate wasted disc space. Your Norton might just have been cleaning your cache as these files are generally useless as they are kept in a temporary storage area in memory or on disk that holds the most recently downloaded Web pages. Just speeds up you going back to a recent or much older web page ( doesn't go back to the website ) at the expense of your memory or disc space.
Doesn't mean its found virus / trojan ..that would be flagged up.


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 12, 2017, 12:12:42 pm
Thanks for your comments.
I've done a complete system scan with no problems found.
Cleared the cache on all browsers.
Still get the f_xxx files being removed, very annoying.
Also get "Web Attach JSCoinminer Download 6" & "Download 8" notification of stopped & removed by my anti virus when I connect to Shipspotting, no other sites.

This has got to be a Shipspotting issue

REgards

Bob


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 12, 2017, 12:14:12 pm
Also get

Database Error: Got error 28 from storage engine
File: /www/www/smf1/Sources/Subs-Post.php
Line: 1410

when posting the above although the post is successful



Title: Re: Coinhive threat warning
Post by: andrecas on October 12, 2017, 01:03:14 pm
In spite system update and regular cleansing of cache, anti virus components still constantly blocking "coinhive". Happening only on Shipspotting and none of the other sites visited...


Title: Re: Coinhive threat warning
Post by: Graham Darling on October 12, 2017, 05:57:56 pm
Everytime I log into shipspotting I get pop up saying Norton has blocked an attack by web attack JS Coinminer Download 8..  I am using adblocker and have cleared my file history and cache but as soon as I click on shipspotting the pop up is back..


Title: Re: Coinhive threat warning
Post by: Patrick Hill on October 12, 2017, 06:07:40 pm
Virus scan (McAfee and Malwarebytes) finds nothing, Chrome cleared and reset but still get this issue from home page. Malwarebytes blocks multiple outward events while processor goes full ahead. :( Adblock plus in use.

Only happens on photo pages.


Title: Re: Coinhive threat warning
Post by: Richard Paton on October 12, 2017, 06:12:56 pm
Whilst coinhive is not malicious it seems to be embedded into this website, and as such it's a pest.

To me this site is now compromised with adware, and that's a real shame.

I still get the pop up to, not all the time but occasionally, this is despite having the coinhive blocker working.  :(

Will there be a plan to rid the site of this?, or will we just have to accept it as the norm from now on?



Title: Re: Coinhive threat warning
Post by: ChasB46 on October 12, 2017, 08:21:21 pm
Coin_hive is designed not to be found and removed; and further injects an in-browser Miner Trojan. Its now being used by cyber-criminals and "injected" with a tweaked Java script.
Once its "allowed" in its not only in your browser (the usual route in) but hides itself within your system. You can detect when its "onboard" with extremely high CPU and graphics use, thus diminishing the life of your motherboard through stress. Once the miner starts it does not stop ..why your CPU hits 100%. There is protection with some adblockers and very recently updated antivirus programmes BUT if its already in your system its designed to be hidden and guards itself against removal.
If you are tech savvy you need to delve/search  into your system looking for variations of coin-hive ( there are many derivations now) and also into your registry (dangerous if you do not know what you are doing).
Your best chance .... Q. When did you last make a backup of your system or system restore point?   If you have one prior to when you first noticed the problem, roll your system back. Then install the ad blockers you failed to use previously before browsing. Of course you do regularly make system backups?


Title: Re: Coinhive threat warning
Post by: Richard Paton on October 12, 2017, 08:39:26 pm
Chas yes i have backup points before the problem arose, so will try that suggestion as a solution.

Thanks for your input and advice, it's much appreciated.


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 12, 2017, 09:44:23 pm
Richard,wish you all success with system restore. See previous postings re advisory software to install before hitting the browser too hard. eg Adblock Plus or similar, Coin Hive blockers specific for Firefox, Opera, Chrome etc; and Admuncher. Personally I would start by downloading and installing Admuncher. Then the others as browser use would be less intensive just downloading one file and that would protect while searching for others. Direct source https://www.admuncher.com ... saves you using browser to search etc.


Title: Re: Coinhive threat warning
Post by: Pieter Inpyn on October 14, 2017, 09:11:24 am
Because I am under constant attack with this Coin-thing and Odessa.htm-warnings, I will stop using this website, posting pictures and end my work as photo-editor for some time.
I hope that I can return to the website after the admin/webmaster/ICT-master or who ever can send me a solution for this plague, suitable for a digital nitwit like me.
Regards,  Pieter Inpyn


Title: Re: Coinhive threat warning
Post by: Patrick Hill on October 14, 2017, 09:57:36 am
I have reset my system to an earlier restore point, run McAfee and Malwarebytes checks (nothing found) confirmed AdBlock Plus still working. I will not however open any photo pages until it has been confirmed that this issue has been resolved. There isn't an issue with this forum page if accessed directly, the issue only seems to be on any page with images (main page, photos, and your own photo pages) so I suspect somehow embedded in image viewing code?

Hope this helps.

Patrick


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 14, 2017, 11:12:16 am
Firstly I have no association with the programmes used in this remedial work. Its going to take time on your part but the programmes are free (download from reputable sources). Hitman Pro is free for 30 day trial. https://malwaretips.com/blogs/remove-coin-hive-miner/  . The longer coin hive is in your system the more it buries itself into more & more places.


Title: Re: Coinhive threat warning
Post by: Henrik Soderberg on October 14, 2017, 07:54:03 pm
Hi all,

I would just like to say that the problems some of you are experiencing is caused by bad ads added by our third party ad agencies. We are working on finding the exact source, to be able to block this out.

The Error from database is now gone. It is not related to the coinhive problem.

Regards,
Henrik


Title: Re: Coinhive threat warning
Post by: Pilot Frans on October 14, 2017, 11:43:20 pm
Thanks Hendrik for you update and all the input you put into it.

regards
Frans


Title: Re: Coinhive threat warning
Post by: Hannes van Rijn on October 15, 2017, 03:00:13 pm
I recive this warning ,of this site: This website has been reported as harmful.
We recommend not visiting this website.

http://tizermedias.com/odessa/?54vFcZ&se_referrer=http://forum.shipspotting.com/index.php?action=post;topic=15939.0;num_replies=29&default_keyword=My%20Uploaded%20Photos%20-%20ShipSpotting.com%20-%20Ship%20Photos%20and%20Ship%20Tracker&r=7308

Is there a virus in this site ????


Title: Re: Coinhive threat warning
Post by: Peter Lenderink on October 15, 2017, 09:08:59 pm
I have noticed slowing of the site as well, plus when this site is opened, some other programs are also slowing down.


Title: Re: Coinhive threat warning
Post by: lappino on October 16, 2017, 02:05:05 am
Simple check: processor usage jumps to 100% as soon as the site opens.

This is theft, you know. :)

I am outta here until they sort it out.


Title: Re: Coinhive threat warning
Post by: davidships on October 16, 2017, 02:34:38 am
A reminder - I think that it is mentioned somewhere below that the problem is only related to www.shipspotting.com addresses and not to the different domain that runs this Forum.

We do not recommend that members ignore the 99% CPU usage caused by this if your anti-virus or other security software doen't fix it, at least temporarily.  I suggest members, especially those who have no temporary fix for the main site and wish to withdraw from general activity for the moment, keep in touch with progress via this forum and access it directly by bookmarking http://forum.shipspotting.com/index.php (http://forum.shipspotting.com/index.php)

We are in the hands of Henrik at the moment and I am sure that he will post an update here as soon as possible.

best wishes to all

David





Title: Re: Coinhive threat warning
Post by: ChasB46 on October 16, 2017, 10:11:14 am
To see if you have Coin-hive aboard give Zemana a try. https://www.zemana.com/download .If you do not want to load the programme into your system there is a portable version available. Its free for 14 days and does remove any nasties it finds without you having to pay in that time span (some "free for 30 days etc" ones scan but ask for cash before removing). I've been a regular user of Malwarebytes and SuperAntispyware but trialling Zemana found extra nasties and removed them. In reviews it does zap coin-hive so if you suspect your infected give it a try. To prevent reinfection initiate a good adblocker.
As Shipspotting is reliant on ads, once the site has been cleared of the coin-hive intrusion, you can support the site by allowing its ads etc.  
NOTE ... Zemana will do an initial scan of most likely areas of infection but not the whole drive . To search whole drive drag and drop your 'C' drive etc. into the box on its start-up page.


Title: Re: Coinhive threat warning
Post by: Patrick Hill on October 16, 2017, 07:23:05 pm
Just a quick point, I have run AdBlock plus for quite some time but still suffered with this trojan - however all scans with McAfee and Malwarebytes found no issues on my system.


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 16, 2017, 08:24:02 pm
How do you know that its coin-hive (Manero) causing your problem if its not been detected? Malwarebytes is blocking 5 million "attacks" a day.


Title: Re: Coinhive threat warning
Post by: Patrick Hill on October 16, 2017, 08:44:49 pm
How do you know that its coin-hive (Manero) causing your problem if its not been detected? Malwarebytes is blocking 5 million "attacks" a day.

Because malwarebytes blocks the outgoing connection to coin-hive sites....


Title: Malware warning - Coinhive
Post by: Oldkayaker on October 17, 2017, 04:40:44 pm
Hi
FYI...about the site...my malware protection keeps giving me a warning about one of the sponsors or addresses that shows up on the Shipspotting home page.


Title: Re: Coinhive threat warning
Post by: Oldkayaker on October 17, 2017, 04:42:50 pm
Yes, getting the same malware warning about coinhive.com


Title: Re: Coinhive threat warning
Post by: Cody Williams on October 18, 2017, 01:31:22 am
How to Block Coin-Hive

Hi Everyone,

I think I may have found a solution. You can add the extension, No Coin for your browser:

No Coin for:
• Chrome (https://chrome.google.com/webstore/detail/no-coin/gojamcfopckidlocpkbelmpjcgmbgjcl)
• Firefox (https://addons.mozilla.org/en-US/firefox/addon/no-coin/?src=search)
• Opera (https://addons.opera.com/en/extensions/details/no-coin/?display=en)

Alternatively you can block Coin-Hive within Ad-Block itself. Here’s how you can do that:

1. Click on the Ad-block icon in your browser and select Options.
2. Click on the Customise tab at the top of the page.
3. Click block an ad by its URL.
4. In the text field that appears, enter the URL from the code box below.

Code:
https://coinhive.com/lib/coinhive.min.js

And that should hopefully block it.

Best Wishes
Cody

EDIT: Corrected link


Title: Re: Coinhive threat warning
Post by: pieter melissen on October 18, 2017, 06:01:48 am
Thanks Cody, I can get as far as clicking on the icon, (Adblock ultimate 2.28) but nowhere the "options" button appears. Where do I go wrong?


Title: Re: Coinhive threat warning
Post by: Cody Williams on October 18, 2017, 06:15:17 am
Sorry Pieter, I meant this AdBlock (https://getadblock.com/) extension.





Title: Re: Coinhive threat warning
Post by: pieter melissen on October 18, 2017, 06:38:25 am
OK, I did that, but I had to retyp the link in Domain, not in the URL box, because when I did that the "flash" extension that was there reappered after typing the URL (Copy-paste did not work there).
The results are that I do not get a message from AVG anymore that the connection with coinhave was discontinued, so I hopefully can assume that it was established. In other words cody, your suggestion works. Thanks a lot.


Title: Re: Coinhive threat warning
Post by: sisko111 on October 18, 2017, 08:22:21 am
Hi all ,
I am using Chrome and AdBlock too
In my case correct code is : https://coinhive.com/lib/coinhive.min.js
and the problem is solved !
Brgds Siniša


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 18, 2017, 11:46:02 am
Hi

Also using Chrome and AdBock in Windows 7, did the above but still getting "Web Attach JSCoinminer Download 6" & "Download 8" notification saying its been blocked by Norton when opening a screen with photos.

Not the solution for me, this needs to be resolved at site level and not just by attempting to block it on everyone's PC

May be a clue here.

Getting the same problem on an old laptop, I did a full system scan (takes a few hours) and no problem found. As an experiment I deactivated my AV and connected to Shipspotting for less than a minute, no pop up because no AV, reactivated my AV and did another full system scan and got the result below.

CPU normal without photos, 100% with.

I will be steering clear of all shipspotting pages with photos until this is resolved


Regards

Bob



Title: Re: Coinhive threat warning
Post by: Brett Bachmann on October 18, 2017, 05:58:09 pm
Agree, it is time to resolve this, it is on your website and not readers/subscribers problem...it's taken too long now.


Title: Re: Coinhive threat warning
Post by: Bob Scott on October 18, 2017, 07:48:28 pm
Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?


Title: Re: Coinhive threat warning
Post by: Hannes van Rijn on October 19, 2017, 01:49:31 am
I recive this message from my virus scan. Mailware or virus ????

Schadelijke website geblokkeerd
http://tizermedias.com/odessa/?54vFcZ&se_referrer=http://forum.shipspotting.com/index.php?action=post;topic=15952.0;num_replies=0&default_keyword=My%20Uploaded%20Photos%20-%20ShipSpotting.com%20-%20Ship%20Photos%20and%20Ship%20Tracker&r=8992


Title: Re: Coinhive threat warning
Post by: Cedric Hacke on October 19, 2017, 08:58:59 am
Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?

Hi Bob, you'd probably notice if this stuff was running. It uses all the available CPU power so your computer would bog down a bit or the fans would come on. It should be fine if you have Coinhive blocked in AdBlock or if you use a Chrome extension which blocks Coinhive as recommended by Cody. So normally no problems if you haven't already noticed it.

Kind regards
Cedric


Title: Re: Coinhive threat warning
Post by: Bob Scott on October 19, 2017, 09:51:31 am
Thanks, Cedric. Coinhive blocker now on


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 19, 2017, 12:57:41 pm
Its the "coinminer" that giving me trouble, not "coinhive".

Any progress on this problem yet?


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 19, 2017, 06:15:32 pm
Coinhive and coinminer are variants of the same intrusion/ trojan (as per the horse and sneaks in via various dubious sources). Repeating myself from early reply in this topic read http://www.malwareremovalguides.info/trojan-bitcoinminer-removal-guide/ which gives a good synopsis of the  problem, its burrowing into your system and how to remove. Any trace left will re-infect.


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 20, 2017, 10:30:12 am
Thanks ChasB46
Your solution looks brilliant for cleaning infected PC's but I'm sure my AV is protecting mine. The problem is the continuous bombardment from this site of the coinminer that is being blocked by my AV, its very annoying getting the continuous pop ups telling me its been blocked.
This only happens on this site on pages with photographs and it needs to be resolved by the site.

Can we have an update as to what the site is doing to resolve this matter. Until the problem is dealt with I will stay clear of those affected pages.

Regards

Bob


Title: Re: Coinhive threat warning
Post by: andrecas on October 20, 2017, 02:10:00 pm
Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites. Presumably the IT folks at Shipspotting  can/will fix in due course this “coin” whatever you want to call it problem,  rendering this site safe (padlocked), to not only view photos but upload as well.  Presently, I cannot access site on my PC without Malware and Norton programs working overtime (constant pop up screens) blocking subject problem. No issues encountered when visiting Marine Traffic etc.,  or any other site for that matter. This is happening only on Shipspotting...?!


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 20, 2017, 03:54:10 pm
Andrecas and others being troubled by coinhive on this site. Its strange because I have nothing special on my computer ..Windows 7 +I use Opera, Bitdefender and an adblocker. I have no problems with pictures on the site. I have viewed / full page and downloaded some at random with no detriments. My CPU is maxing at 4%.
Today,interrogating my Bitdefender records it blocked https://coinhive.com/lib/coinhive.min.js on October 11th at 9.42am. Since then nothing strange and it didn't even bother flagging up that occurrence.
SUBSEQUENT
 Repeated on late-wife's laptop Windows 10 via wifi , Opera, ad blocker and Norton. DIFFERENT result . Tried to attach pdf but it "disappeared" so info below
As soon as I OPENED Shipspotting in browser Norton flagged up and blocked intrusion (added no further action required). Did not need to access any further into site ie photos or Forum.
CPU not affected maxing at 3%.

Might help webmaster...

Severity HIGH An intrusion attempt by tizermedias.com was blocked.

Attacking computer .. tizermedias.com (185.129.148.203.80)
Attacker URL ..tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 (this final number changes on re accessing Shipspotting)

Source address .. tizermedias.com(185.129.148.203)
Traffic description .. TCP.www-http

Network Traffic from  tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 matches\DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\ADMUNCHER\ADMUNCHER.EXE. To stop being notified for this type of traffic in the Actions panel click Stop Notifying.

I guess last sentence refers to Norton notification.


Title: Re: Coinhive threat warning
Post by: Cedric Hacke on October 20, 2017, 07:24:20 pm
Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites.

That padlock symbol is doesn't mean that much anymore and can't guarantee safety on its own. It just means traffic to and from the server is encrypted so anyone snooping in on network traffic is can't intercept the data being sent. An https site could have the same problem if its servers were also affected.


Title: Re: Coinhive threat warning
Post by: Cody Williams on October 21, 2017, 02:17:35 pm
Hi Everyone,

I'm sorry for all the trouble this is causing. When I find out more, I'll definitely let you all know.

Best Wishes
Cody


Title: Re: Malware warning - Coinhive
Post by: Oldkayaker on October 22, 2017, 04:47:16 pm
Hi
Has anyone looked at the source code?  There is a googlead code line that shows on a page with no ads.  Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning??? ??? ??? ??? ???


Title: Re: Coinhive threat warning
Post by: Oldkayaker on October 22, 2017, 04:48:33 pm
Hi
Has anyone looked at the source code?  There is a googlead code line that shows on a page with no ads.  Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning???  ??? ??? ??? ???


Title: Re: Malware warning - Coinhive
Post by: Bjørn Knudsen on October 22, 2017, 09:11:15 pm
Hello
I use MalwareBytes : If you don't want it to pop up , I did so :

Malware + setting + exclusion : Put in the following if you use Microsoft Edge .

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


Title: Re: Malware warning - Coinhive
Post by: Bjørn Knudsen on October 22, 2017, 09:23:37 pm
Hello again .

If you use I.E. 11

Malware + setting + exclusion.

C:\Program Files (x86)\ Internet Explorer\iexplore.exe


Title: Re: Coinhive threat warning
Post by: Tomislav Raymondi on October 23, 2017, 11:44:01 am
I am constantly receiving a warning from Avast anti virus program stating that the connection has been suspended with comhive.com as infested with JS: Miner-C

Regards

Tomi.


Title: Re: Coinhive threat warning
Post by: lappino on October 24, 2017, 06:25:02 am
Any news?

In the meantime, immediately upon opening the site, I got reported to my company's IT department for breach of security by visiting malware sites.

This was something I definitely could live without.

However, one hour before that, my home computer did not show any increase in processor activity after visiting the site - and it would jump to 100% immediately yesterday.

So, what's the news? :)


Title: Re: Coinhive threat warning
Post by: MO Roy on October 24, 2017, 06:08:04 pm
Well I abstained from visiting this site on my laptop for almost two weeks and only checked this forum on my mobile.
Tried it today and 100% cpu-usage....
Installed malwarebytes on my mac and it found some files, though not sure it has to do something with coin-hive.
Anyway still have 100% cpu-usage after opening this website. Only when I disable JavaScript it has a normal cpu-usage.
When doing the test (opening this website) after running malwarebytes and have a cpu-usage of 100% malwarebytes found no malicious files....

Anyway it's about time the malicious ads are removed the website, really don't know why this have to take such a long time.

Cheers,
Roy


Title: Re: Coinhive threat warning
Post by: ChasB46 on October 24, 2017, 07:54:34 pm
Coin-hive and its variants use Javascript. As you have found turning off Javascript returns the CPU to "normal". If Shipspotting members can live without Javascript turn it off in your browser options. If you occasionally need to use it then get a browser addon that sits in browser bar and can be turned off/on with a mouse click.


Title: Re: Coinhive threat warning
Post by: Cody Williams on October 25, 2017, 04:28:57 am
David and I have been trying to get some news. As soon as we receive some, we'll let you know.

In the meantime, the browser extension "No Coin" seems to be work quite well at blocking it.

My apologise for the length of time this is taking to resolve this problem.

Cody


Title: Re: Coinhive threat warning
Post by: pieter melissen on October 25, 2017, 06:50:40 am
I have been away for a number of days, but since my return Tuesday morning I have experienced no problems any more with the site, the fan stayed quiet and the CPU worked like it should be. Apparently something has changed.


Title: Re: Coinhive threat warning
Post by: Clyde Dickens on October 25, 2017, 10:27:05 am
Until I reinstalled Malwarebytes after a 2 month absence, I did not get any messages.  Now I regularity do - from Malwarebytes, stating that Coinhive has been blocked.

I have never noticed any slowing of my CPU

I usually use Chrome as my browser, occasionally Firefox which gives the same result

Good luck Cody and David.  I hope you get appropriate advice from Henrik

Clyde


Title: Re: Coinhive threat warning
Post by: Clyde Dickens on October 25, 2017, 12:14:21 pm
I have uninstalled Malwarebytes and am now relying on AVG CloudCare AntiVirus.

The pop up windows about blocking no longer appear

I have the No Coin browser extension as earlier advised by Cody

Clyde


Title: Re: Coinhive threat warning
Post by: Patrick Hill on October 25, 2017, 04:26:49 pm
Turning off java for the site in Chrome settings appears to have resolved the issue for me for now, Malewarebytes no longer popping up every few seconds and no processor overload.


Title: Re: Coinhive threat warning
Post by: victor radio74 on October 25, 2017, 04:47:10 pm
Hi ,using Firefox my antivirus was constantly advising me that Coinhive has been blocked.
Irritant! After adding the browser extension" No coin",thanks Cody Williams!,no problem at all
Cheers 


Title: Re: Coinhive threat warning
Post by: Cody Williams on October 26, 2017, 09:00:44 am
No worries, guys. I'm glad I've been able to help.

Best Wishes
Cody


Title: Re: Coinhive threat warning
Post by: Anthony Legg on October 26, 2017, 09:34:11 am
Had no problems up to today, now am riddled with coinminer 6&8. Have removed Java and installed no coin, it tells me page is infected,but won't remove or block it. Nortons tells me it is being blocked,not sure wherther it is safe to use the site or not. Norton tells me that it is Shipspotting that is attacking my computer...


Title: Re: Coinhive threat warning
Post by: Robert J Smith on October 26, 2017, 11:09:24 am
Well, that's disappointing..

I loaded "No Coin" yesterday although it only mask's the site problem and it worked fine, today "coinminer 6&8" back as bad as ever..

Pop ups still say "Norton" is blocking them plus "No Coin" saying this site is unsafe.

Hope the Tech's sort this asap. I will only check progress by logging on directly to the forum page where's there's no photos so no pop ups.

Regards

Bob


Title: Re: Coinhive threat warning
Post by: andrecas on October 26, 2017, 05:14:31 pm
Subject threat warning first surfaced more than 2 weeks ago. Since I am no “techie”, I spoke with a tech guy at local computer store to try and get a better understand of this “coin” virus and ways to try and circumvent. Members tweaking their computers to block pop up screens etc., will not make this infection go away. Changing settings etc., are merely band-aid (temporary) fixes, lending to an element of false security and continued vulnerability.  Forgive me for repeating what others have said but, this “coin” problem needs to be remedied by the site itself. I would be interested in learning what progress the IT folks at Shipspotting are making in resolving this problem, rendering site safe to view/upload photos.


Title: Re: Coinhive threat warning
Post by: Brent on October 26, 2017, 05:44:50 pm
Just been on for half an hour, no high CPU running and no reports from Norton they have removed "coin miner" threat every 10 seconds. First time of normal running for a while, maybe...


Title: Re: Coinhive threat warning
Post by: tvtech on October 26, 2017, 06:13:15 pm
Im using old XP and Avast is my Anti Virus.

I use Firefox to browse this site.

Never a problem of any kind ever.

Maybe I'm just lucky.


Title: Re: Coinhive threat warning
Post by: simonwp on October 27, 2017, 01:25:53 pm
Has something been done to solve this? I've just tried the site and for the first time in over a week, I'm not being bombarded with coin-hive warnings???? Anyone else finding the same???


Title: Re: Coinhive threat warning
Post by: Pilot Frans on October 27, 2017, 02:10:09 pm
Trouble seems to be over.
Since 2 days no more warnings on my computer.

Many thanks Hendrik and team to solve the problem

regards
Frans


Title: Re: Coinhive threat warning
Post by: Oldkayaker on October 27, 2017, 04:17:02 pm
Well done to whomever fixed the Coinhive bug, thanks. :D :D :D


Title: Re: Coinhive threat warning
Post by: Ian Thomas on October 27, 2017, 05:18:48 pm
And a thank you from myself as well to whoever fixed the problem.

Ian Thomas


Title: Re: Coinhive threat warning
Post by: andrecas on October 27, 2017, 06:09:25 pm
Up until this morning was reviewing forum info via mobile. Logged onto site today using PC and the Malware/Norton pop up screens have ceased. From what I am reading in forum it appears the "coin" threat has been removed. Thank you to Webmasters/IT group for their role in dealing with this matter.


Title: Re: Coinhive threat warning
Post by: MO Roy on October 27, 2017, 09:45:06 pm
Indeed there is some progress which is very good.
Cpu usage is no longer jumping to 98/100%, though it is still higher then when I disable JavaScript.
Don't know if that has something to do advertisements.
Cheers,
Roy


Title: Re: Coinhive threat warning
Post by: Anthony Legg on October 28, 2017, 07:30:07 am
Thank you to all involved in clearing the bitcoin problem,

Anthony Legg


Title: Re: Coinhive threat warning
Post by: Henrik Soderberg on November 02, 2017, 05:04:49 pm
Hi all,

We have had many things to deal with the last month. It finally seems we start to have an OK status again.

We have been moving the servers, and at the same time the mining problem and mobile redirects have appeared in multiple ways. Status right now is that we will have no more downtime due to the server move.

The coinhive and mobile redirects have been removed completely from the site. It's clear that none of these have been "real" viruses, so your computers as a visitors should not be affected. As soon as you close the web browser or browser tab - it should all be gone.

Thank you to all of you that have been reporting messages from browsers and warning messages from anti-malware software etc. It's a big help, especially since some of these things only appears once per 24 hours, and also only in specific countries.

Regards,
Henrik