Author Topic: Coinhive threat warning  (Read 69990 times)

Offline Robert J Smith

  • Top Poster
  • *****
  • Posts: 5,820
    • View Profile
Re: Coinhive threat warning
« Reply #45 on: October 18, 2017, 11:46:02 AM »
Hi

Also using Chrome and AdBock in Windows 7, did the above but still getting "Web Attach JSCoinminer Download 6" & "Download 8" notification saying its been blocked by Norton when opening a screen with photos.

Not the solution for me, this needs to be resolved at site level and not just by attempting to block it on everyone's PC

May be a clue here.

Getting the same problem on an old laptop, I did a full system scan (takes a few hours) and no problem found. As an experiment I deactivated my AV and connected to Shipspotting for less than a minute, no pop up because no AV, reactivated my AV and did another full system scan and got the result below.

CPU normal without photos, 100% with.

I will be steering clear of all shipspotting pages with photos until this is resolved


Regards

Bob

« Last Edit: October 18, 2017, 12:49:37 PM by Robert J Smith »

Offline Brett Moore

  • Just can't stay away
  • ***
  • Posts: 83
  • Duncan Dock, Table Bay Harbour, Cape Town
    • View Profile
Re: Coinhive threat warning
« Reply #46 on: October 18, 2017, 05:58:09 PM »
Agree, it is time to resolve this, it is on your website and not readers/subscribers problem...it's taken too long now.

Offline Bob Scott

  • Home away from home
  • ****
  • Posts: 247
    • View Profile
Re: Coinhive threat warning
« Reply #47 on: October 18, 2017, 07:48:28 PM »
Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?
« Last Edit: October 18, 2017, 07:56:00 PM by Bob Scott »

Offline Hannes van Rijn

  • Top Poster
  • *****
  • Posts: 12,572
    • View Profile
    • http://www.shipspotting.com/userinfo.php?uid=20488
« Last Edit: October 19, 2017, 01:51:26 AM by Hannes van Rijn »

Offline CedricH

  • Photo Administrator
  • Top Poster
  • *****
  • Posts: 659
    • View Profile
Re: Coinhive threat warning
« Reply #49 on: October 19, 2017, 08:58:59 AM »
Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?

Hi Bob, you'd probably notice if this stuff was running. It uses all the available CPU power so your computer would bog down a bit or the fans would come on. It should be fine if you have Coinhive blocked in AdBlock or if you use a Chrome extension which blocks Coinhive as recommended by Cody. So normally no problems if you haven't already noticed it.

Kind regards
Cedric
Photo admin for the Passenger Vessels, RO/RO, Ship Interiors and Vehicle Carriers categories

Offline Bob Scott

  • Home away from home
  • ****
  • Posts: 247
    • View Profile
Re: Coinhive threat warning
« Reply #50 on: October 19, 2017, 09:51:31 AM »
Thanks, Cedric. Coinhive blocker now on

Offline Robert J Smith

  • Top Poster
  • *****
  • Posts: 5,820
    • View Profile
Re: Coinhive threat warning
« Reply #51 on: October 19, 2017, 12:57:41 PM »
Its the "coinminer" that giving me trouble, not "coinhive".

Any progress on this problem yet?

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Re: Coinhive threat warning
« Reply #52 on: October 19, 2017, 06:15:32 PM »
Coinhive and coinminer are variants of the same intrusion/ trojan (as per the horse and sneaks in via various dubious sources). Repeating myself from early reply in this topic read http://www.malwareremovalguides.info/trojan-bitcoinminer-removal-guide/ which gives a good synopsis of the  problem, its burrowing into your system and how to remove. Any trace left will re-infect.

Offline Robert J Smith

  • Top Poster
  • *****
  • Posts: 5,820
    • View Profile
Re: Coinhive threat warning
« Reply #53 on: October 20, 2017, 10:30:12 AM »
Thanks ChasB46
Your solution looks brilliant for cleaning infected PC's but I'm sure my AV is protecting mine. The problem is the continuous bombardment from this site of the coinminer that is being blocked by my AV, its very annoying getting the continuous pop ups telling me its been blocked.
This only happens on this site on pages with photographs and it needs to be resolved by the site.

Can we have an update as to what the site is doing to resolve this matter. Until the problem is dealt with I will stay clear of those affected pages.

Regards

Bob

Offline andrecas

  • Just can't stay away
  • ***
  • Posts: 117
    • View Profile
Re: Coinhive threat warning
« Reply #54 on: October 20, 2017, 02:10:00 PM »
Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites. Presumably the IT folks at Shipspotting  can/will fix in due course this

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Re: Coinhive threat warning
« Reply #55 on: October 20, 2017, 03:54:10 PM »
Andrecas and others being troubled by coinhive on this site. Its strange because I have nothing special on my computer ..Windows 7 +I use Opera, Bitdefender and an adblocker. I have no problems with pictures on the site. I have viewed / full page and downloaded some at random with no detriments. My CPU is maxing at 4%.
Today,interrogating my Bitdefender records it blocked https://coinhive.com/lib/coinhive.min.js on October 11th at 9.42am. Since then nothing strange and it didn't even bother flagging up that occurrence.
SUBSEQUENT
 Repeated on late-wife's laptop Windows 10 via wifi , Opera, ad blocker and Norton. DIFFERENT result . Tried to attach pdf but it "disappeared" so info below
As soon as I OPENED Shipspotting in browser Norton flagged up and blocked intrusion (added no further action required). Did not need to access any further into site ie photos or Forum.
CPU not affected maxing at 3%.

Might help webmaster...

Severity HIGH An intrusion attempt by tizermedias.com was blocked.

Attacking computer .. tizermedias.com (185.129.148.203.80)
Attacker URL ..tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 (this final number changes on re accessing Shipspotting)

Source address .. tizermedias.com(185.129.148.203)
Traffic description .. TCP.www-http

Network Traffic from  tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 matches\DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\ADMUNCHER\ADMUNCHER.EXE. To stop being notified for this type of traffic in the Actions panel click Stop Notifying.

I guess last sentence refers to Norton notification.
« Last Edit: October 20, 2017, 07:10:39 PM by ChasB46 »

Offline CedricH

  • Photo Administrator
  • Top Poster
  • *****
  • Posts: 659
    • View Profile
Re: Coinhive threat warning
« Reply #56 on: October 20, 2017, 07:24:20 PM »
Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites.

That padlock symbol is doesn't mean that much anymore and can't guarantee safety on its own. It just means traffic to and from the server is encrypted so anyone snooping in on network traffic is can't intercept the data being sent. An https site could have the same problem if its servers were also affected.
Photo admin for the Passenger Vessels, RO/RO, Ship Interiors and Vehicle Carriers categories

Offline Cody Williams

  • Top Poster
  • *****
  • Posts: 1,118
    • View Profile
    • ~Ydoc~ on Flickr
Re: Coinhive threat warning
« Reply #57 on: October 21, 2017, 02:17:35 PM »
Hi Everyone,

I'm sorry for all the trouble this is causing. When I find out more, I'll definitely let you all know.

Best Wishes
Cody

Offline Oldkayaker

  • Supporter
  • Home away from home
  • ****
  • Posts: 399
    • View Profile
    • Biking Benicia
Re: Malware warning - Coinhive
« Reply #58 on: October 22, 2017, 04:47:16 PM »
Hi
Has anyone looked at the source code?  There is a googlead code line that shows on a page with no ads.  Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning??? ??? ??? ??? ???

Offline Oldkayaker

  • Supporter
  • Home away from home
  • ****
  • Posts: 399
    • View Profile
    • Biking Benicia
Re: Coinhive threat warning
« Reply #59 on: October 22, 2017, 04:48:33 PM »
Hi
Has anyone looked at the source code?  There is a googlead code line that shows on a page with no ads.  Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning???  ??? ??? ??? ???

 

SMF spam blocked by CleanTalk