ShipSpotting.com
Login: Lost Password? SIGN UP
Ship Photo Search
Advanced Search
Pages: 1 2 3 [4] 5 6
  Print  
Author Topic: Coinhive threat warning  (Read 8092 times)
0 Members and 1 Guest are viewing this topic.
Robert J Smith
Top Poster
*****
Offline Offline

Posts: 5,557


View Profile
« Reply #45 on: October 18, 2017, 11:46:02 am »

Hi

Also using Chrome and AdBock in Windows 7, did the above but still getting "Web Attach JSCoinminer Download 6" & "Download 8" notification saying its been blocked by Norton when opening a screen with photos.

Not the solution for me, this needs to be resolved at site level and not just by attempting to block it on everyone's PC

May be a clue here.

Getting the same problem on an old laptop, I did a full system scan (takes a few hours) and no problem found. As an experiment I deactivated my AV and connected to Shipspotting for less than a minute, no pop up because no AV, reactivated my AV and did another full system scan and got the result below.

CPU normal without photos, 100% with.

I will be steering clear of all shipspotting pages with photos until this is resolved


Regards

Bob

« Last Edit: October 18, 2017, 12:49:37 pm by Robert J Smith » Report to moderator   Logged
Brett Bachmann
Just popping in

Offline Offline

Posts: 13

Duncan Dock, Table Bay Harbour, Cape Town


View Profile WWW
« Reply #46 on: October 18, 2017, 05:58:09 pm »

Agree, it is time to resolve this, it is on your website and not readers/subscribers problem...it's taken too long now.
Report to moderator   Logged
Bob Scott
Just can't stay away
***
Offline Offline

Posts: 139



View Profile
« Reply #47 on: October 18, 2017, 07:48:28 pm »

Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?
« Last Edit: October 18, 2017, 07:56:00 pm by Bob Scott » Report to moderator   Logged
Hannes van Rijn
Top Poster
*****
Offline Offline

Posts: 12,542



View Profile WWW
« Reply #48 on: October 19, 2017, 01:49:31 am »

I recive this message from my virus scan. Mailware or virus Huh?

Schadelijke website geblokkeerd
http://tizermedias.com/odessa/?54vFcZ&se_referrer=http://forum.shipspotting.com/index.php?action=post;topic=15952.0;num_replies=0&default_keyword=My%20Uploaded%20Photos%20-%20ShipSpotting.com%20-%20Ship%20Photos%20and%20Ship%20Tracker&r=8992
« Last Edit: October 19, 2017, 01:51:26 am by Hannes van Rijn » Report to moderator   Logged
Cedric Hacke
Photo Administrator
Top Poster
*****
Offline Offline

Posts: 621



View Profile
« Reply #49 on: October 19, 2017, 08:58:59 am »

Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?

Hi Bob, you'd probably notice if this stuff was running. It uses all the available CPU power so your computer would bog down a bit or the fans would come on. It should be fine if you have Coinhive blocked in AdBlock or if you use a Chrome extension which blocks Coinhive as recommended by Cody. So normally no problems if you haven't already noticed it.

Kind regards
Cedric
Report to moderator   Logged

Photo admin for the Passenger Vessels, RO/RO, Ship Interiors and Vehicle Carriers categories
Bob Scott
Just can't stay away
***
Offline Offline

Posts: 139



View Profile
« Reply #50 on: October 19, 2017, 09:51:31 am »

Thanks, Cedric. Coinhive blocker now on
Report to moderator   Logged
Robert J Smith
Top Poster
*****
Offline Offline

Posts: 5,557


View Profile
« Reply #51 on: October 19, 2017, 12:57:41 pm »

Its the "coinminer" that giving me trouble, not "coinhive".

Any progress on this problem yet?
Report to moderator   Logged
ChasB46
Top Poster
*****
Offline Offline

Posts: 814


View Profile
« Reply #52 on: October 19, 2017, 06:15:32 pm »

Coinhive and coinminer are variants of the same intrusion/ trojan (as per the horse and sneaks in via various dubious sources). Repeating myself from early reply in this topic read http://www.malwareremovalguides.info/trojan-bitcoinminer-removal-guide/ which gives a good synopsis of the  problem, its burrowing into your system and how to remove. Any trace left will re-infect.
Report to moderator   Logged
Robert J Smith
Top Poster
*****
Offline Offline

Posts: 5,557


View Profile
« Reply #53 on: October 20, 2017, 10:30:12 am »

Thanks ChasB46
Your solution looks brilliant for cleaning infected PC's but I'm sure my AV is protecting mine. The problem is the continuous bombardment from this site of the coinminer that is being blocked by my AV, its very annoying getting the continuous pop ups telling me its been blocked.
This only happens on this site on pages with photographs and it needs to be resolved by the site.

Can we have an update as to what the site is doing to resolve this matter. Until the problem is dealt with I will stay clear of those affected pages.

Regards

Bob
Report to moderator   Logged
andrecas
Quite a regular
**
Offline Offline

Posts: 57


View Profile
« Reply #54 on: October 20, 2017, 02:10:00 pm »

Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites. Presumably the IT folks at Shipspotting  can/will fix in due course this “coin” whatever you want to call it problem,  rendering this site safe (padlocked), to not only view photos but upload as well.  Presently, I cannot access site on my PC without Malware and Norton programs working overtime (constant pop up screens) blocking subject problem. No issues encountered when visiting Marine Traffic etc.,  or any other site for that matter. This is happening only on Shipspotting...?!
Report to moderator   Logged
ChasB46
Top Poster
*****
Offline Offline

Posts: 814


View Profile
« Reply #55 on: October 20, 2017, 03:54:10 pm »

Andrecas and others being troubled by coinhive on this site. Its strange because I have nothing special on my computer ..Windows 7 +I use Opera, Bitdefender and an adblocker. I have no problems with pictures on the site. I have viewed / full page and downloaded some at random with no detriments. My CPU is maxing at 4%.
Today,interrogating my Bitdefender records it blocked https://coinhive.com/lib/coinhive.min.js on October 11th at 9.42am. Since then nothing strange and it didn't even bother flagging up that occurrence.
SUBSEQUENT
 Repeated on late-wife's laptop Windows 10 via wifi , Opera, ad blocker and Norton. DIFFERENT result . Tried to attach pdf but it "disappeared" so info below
As soon as I OPENED Shipspotting in browser Norton flagged up and blocked intrusion (added no further action required). Did not need to access any further into site ie photos or Forum.
CPU not affected maxing at 3%.

Might help webmaster...

Severity HIGH An intrusion attempt by tizermedias.com was blocked.

Attacking computer .. tizermedias.com (185.129.148.203.80)
Attacker URL ..tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 (this final number changes on re accessing Shipspotting)

Source address .. tizermedias.com(185.129.148.203)
Traffic description .. TCP.www-http

Network Traffic from  tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 matches\DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\ADMUNCHER\ADMUNCHER.EXE. To stop being notified for this type of traffic in the Actions panel click Stop Notifying.

I guess last sentence refers to Norton notification.
« Last Edit: October 20, 2017, 07:10:39 pm by ChasB46 » Report to moderator   Logged
Cedric Hacke
Photo Administrator
Top Poster
*****
Offline Offline

Posts: 621



View Profile
« Reply #56 on: October 20, 2017, 07:24:20 pm »

Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites.

That padlock symbol is doesn't mean that much anymore and can't guarantee safety on its own. It just means traffic to and from the server is encrypted so anyone snooping in on network traffic is can't intercept the data being sent. An https site could have the same problem if its servers were also affected.
Report to moderator   Logged

Photo admin for the Passenger Vessels, RO/RO, Ship Interiors and Vehicle Carriers categories
Cody Williams
Webmaster
Top Poster
*****
Offline Offline

Posts: 1,112



View Profile WWW
« Reply #57 on: October 21, 2017, 02:17:35 pm »

Hi Everyone,

I'm sorry for all the trouble this is causing. When I find out more, I'll definitely let you all know.

Best Wishes
Cody
Report to moderator   Logged

I can be contacted at cody@shipspotting.com
Oldkayaker
Supporter
Home away from home
****
Offline Offline

Posts: 356


View Profile WWW
« Reply #58 on: October 22, 2017, 04:47:16 pm »

Hi
Has anyone looked at the source code?  There is a googlead code line that shows on a page with no ads.  Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning??? Huh Huh Huh Huh
Report to moderator   Logged
Oldkayaker
Supporter
Home away from home
****
Offline Offline

Posts: 356


View Profile WWW
« Reply #59 on: October 22, 2017, 04:48:33 pm »

Hi
Has anyone looked at the source code?  There is a googlead code line that shows on a page with no ads.  Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning???  Huh Huh Huh Huh
Report to moderator   Logged
Pages: 1 2 3 [4] 5 6
  Print  
 
Jump to:  


Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.054 seconds with 20 queries.
Copyright © 2010 All rights reserved