ShipSpotting.com Forum
Shipspotters all over the world => Site related news, functions and modules => Topic started by: Richard Paton on October 10, 2017, 05:27:10 PM
-
Has anybody else been getting an anti virus alert for coinhive.com on this site when you click on it?
The warning beeps saying virus detected only happen on this site an no other.
-
Just today I've been getting pop up screens from Malwarebytes (to which I subscribe to) indicating this "coinhive" site is being blocked. It makes me wonder (again) when this site will update (or implement) security features similar to other sites (such as marine Traffic), etc.
-
Yes I'm getting the same. Fortunately by anti-virus software is blocking it.
-
Glad to hear it's not just me then, having googled it it seems coinhive is a way for a website to generate revenue..
Coinhive is a cryptocurrency miner written in Javascript, which sends any coins mined by the browser to the owner of the web site.
-
I did notice very high CPU usage on this page, despite not seeing the ads with an adblocker.
-
Yes Cedric.
That's what it does, apparently, though I don't pretend to understand it.
However this seems to touch on it - and in particular on the issue around it being set to maximise CPU usage:
https://www.reddit.com/r/beermoney/comments/751c8m/beware_the_coinhivecom_jsminerc/
I'm waiting for Cody to come back to me on this.
(Cedric, I am working offsite on the category question and will email you)
-
Hi Everyone,
Remember when we had issues with the site being rerouted to ad-websites on some mobile devices a while back? That was caused by Tizermedias which was placed into our site
-
Thanks for the update Cody and David. I hope the issue gets resolved soon, CPU usage is so high that I can hardly scroll through pages after a while.
Kind regards
Cedric
-
I've also noticed that shipspotting has been making by CPU run at 100%. Consequently, everything else on my PC runs slower than it should. Nothing else is doing it, as soon as it close ss.com, my CPU goes down to <10%.
Brgds
Phil
-
There are Coin Hive extensions that you can download for Chrome, Firefox, Opera etc. they not only stop it loading but clean your browser. Just "Google" .. eg search for Coin Hive blocker +Chrome etc. Note the search works best if Coin and Hive are separated or as Coin-Hive.
see http://cryptomining-blog.com/tag/no-coin-browser-extension/ for extra info if required.
Once its loaded there will be an icon in your browser bar ... On and Off so make sure you turn it on.
-
I
-
Although its not a virus, its a trojan via Java script. Searching Norton, Bitdefender, Kaspersky websites they have the tools to detect and remove. Need to run the Norton etc. system scan, to find and remove.
It would appear that antivirus does not detect until its actually within your browser. Its downloaded with free software and via adverts so reinfects looking for any Bitcoins you may have in your "piggy bank".Then steals them. An adblocker will stop it infecting but Shipspotting may not like you using ad blockers as its part of their revenue. As I use an ad blocker within my browsers I do not see any ads on the site so cannot comment if one or more of the ads are infected. I'm assuming Shipspotting still displays ads.
Clear your browser cache but that will not stop "reinfection". Need to prevent the source/ads reinfecting.
See https://malwaretips.com/blogs/remove-coin-hive-miner/ for remedies.
-
my AVG free is picking it up and disposing.
Allan
-
my AVG free is picking it up and disposing.
Allan
so does mine but it is quite irritating, and I have a feeling that even though it has been picked up it has not been disposed of as it still manages to slow my computer.
-
Unless its TOTALLY removed then it will keep coming back when you restart computer. Try https://www.malwarebytes.com/adwcleaner/ and run as Administrator ..its free. Stay away from ads on sites. You do not even have to look at the infected ads.
-
Robert re your f_0113ad file ..this is the file reference to one of the files sitting in your browser cache. Depending how often you clean your cache you might have a few in number or thousands. They are small but lots accumulate wasted disc space. Your Norton might just have been cleaning your cache as these files are generally useless as they are kept in a temporary storage area in memory or on disk that holds the most recently downloaded Web pages. Just speeds up you going back to a recent or much older web page ( doesn't go back to the website ) at the expense of your memory or disc space.
Doesn't mean its found virus / trojan ..that would be flagged up.
-
Thanks for your comments.
I've done a complete system scan with no problems found.
Cleared the cache on all browsers.
Still get the f_xxx files being removed, very annoying.
Also get "Web Attach JSCoinminer Download 6" & "Download 8" notification of stopped & removed by my anti virus when I connect to Shipspotting, no other sites.
This has got to be a Shipspotting issue
REgards
Bob
-
Also get
Database Error: Got error 28 from storage engine
File: /www/www/smf1/Sources/Subs-Post.php
Line: 1410
when posting the above although the post is successful
-
In spite system update and regular cleansing of cache, anti virus components still constantly blocking "coinhive". Happening only on Shipspotting and none of the other sites visited...
-
Everytime I log into shipspotting I get pop up saying Norton has blocked an attack by web attack JS Coinminer Download 8.. I am using adblocker and have cleared my file history and cache but as soon as I click on shipspotting the pop up is back..
-
Virus scan (McAfee and Malwarebytes) finds nothing, Chrome cleared and reset but still get this issue from home page. Malwarebytes blocks multiple outward events while processor goes full ahead. :( Adblock plus in use.
Only happens on photo pages.
-
Whilst coinhive is not malicious it seems to be embedded into this website, and as such it's a pest.
To me this site is now compromised with adware, and that's a real shame.
I still get the pop up to, not all the time but occasionally, this is despite having the coinhive blocker working. :(
Will there be a plan to rid the site of this?, or will we just have to accept it as the norm from now on?
-
Coin_hive is designed not to be found and removed; and further injects an in-browser Miner Trojan. Its now being used by cyber-criminals and "injected" with a tweaked Java script.
Once its "allowed" in its not only in your browser (the usual route in) but hides itself within your system. You can detect when its "onboard" with extremely high CPU and graphics use, thus diminishing the life of your motherboard through stress. Once the miner starts it does not stop ..why your CPU hits 100%. There is protection with some adblockers and very recently updated antivirus programmes BUT if its already in your system its designed to be hidden and guards itself against removal.
If you are tech savvy you need to delve/search into your system looking for variations of coin-hive ( there are many derivations now) and also into your registry (dangerous if you do not know what you are doing).
Your best chance .... Q. When did you last make a backup of your system or system restore point? If you have one prior to when you first noticed the problem, roll your system back. Then install the ad blockers you failed to use previously before browsing. Of course you do regularly make system backups?
-
Chas yes i have backup points before the problem arose, so will try that suggestion as a solution.
Thanks for your input and advice, it's much appreciated.
-
Richard,wish you all success with system restore. See previous postings re advisory software to install before hitting the browser too hard. eg Adblock Plus or similar, Coin Hive blockers specific for Firefox, Opera, Chrome etc; and Admuncher. Personally I would start by downloading and installing Admuncher. Then the others as browser use would be less intensive just downloading one file and that would protect while searching for others. Direct source https://www.admuncher.com ... saves you using browser to search etc.
-
Because I am under constant attack with this Coin-thing and Odessa.htm-warnings, I will stop using this website, posting pictures and end my work as photo-editor for some time.
I hope that I can return to the website after the admin/webmaster/ICT-master or who ever can send me a solution for this plague, suitable for a digital nitwit like me.
Regards, Pieter Inpyn
-
I have reset my system to an earlier restore point, run McAfee and Malwarebytes checks (nothing found) confirmed AdBlock Plus still working. I will not however open any photo pages until it has been confirmed that this issue has been resolved. There isn't an issue with this forum page if accessed directly, the issue only seems to be on any page with images (main page, photos, and your own photo pages) so I suspect somehow embedded in image viewing code?
Hope this helps.
Patrick
-
Firstly I have no association with the programmes used in this remedial work. Its going to take time on your part but the programmes are free (download from reputable sources). Hitman Pro is free for 30 day trial. https://malwaretips.com/blogs/remove-coin-hive-miner/ . The longer coin hive is in your system the more it buries itself into more & more places.
-
Hi all,
I would just like to say that the problems some of you are experiencing is caused by bad ads added by our third party ad agencies. We are working on finding the exact source, to be able to block this out.
The Error from database is now gone. It is not related to the coinhive problem.
Regards,
Henrik
-
Thanks Hendrik for you update and all the input you put into it.
regards
Frans
-
I recive this warning ,of this site: This website has been reported as harmful.
We recommend not visiting this website.
http://tizermedias.com/odessa/?54vFcZ&se_referrer=http://forum.shipspotting.com/index.php?action=post;topic=15939.0;num_replies=29&default_keyword=My%20Uploaded%20Photos%20-%20ShipSpotting.com%20-%20Ship%20Photos%20and%20Ship%20Tracker&r=7308
Is there a virus in this site ????
-
I have noticed slowing of the site as well, plus when this site is opened, some other programs are also slowing down.
-
Simple check: processor usage jumps to 100% as soon as the site opens.
This is theft, you know. :)
I am outta here until they sort it out.
-
A reminder - I think that it is mentioned somewhere below that the problem is only related to www.shipspotting.com addresses and not to the different domain that runs this Forum.
We do not recommend that members ignore the 99% CPU usage caused by this if your anti-virus or other security software doen't fix it, at least temporarily. I suggest members, especially those who have no temporary fix for the main site and wish to withdraw from general activity for the moment, keep in touch with progress via this forum and access it directly by bookmarking http://forum.shipspotting.com/index.php (http://forum.shipspotting.com/index.php)
We are in the hands of Henrik at the moment and I am sure that he will post an update here as soon as possible.
best wishes to all
David
-
To see if you have Coin-hive aboard give Zemana a try. https://www.zemana.com/download .If you do not want to load the programme into your system there is a portable version available. Its free for 14 days and does remove any nasties it finds without you having to pay in that time span (some "free for 30 days etc" ones scan but ask for cash before removing). I've been a regular user of Malwarebytes and SuperAntispyware but trialling Zemana found extra nasties and removed them. In reviews it does zap coin-hive so if you suspect your infected give it a try. To prevent reinfection initiate a good adblocker.
As Shipspotting is reliant on ads, once the site has been cleared of the coin-hive intrusion, you can support the site by allowing its ads etc.
NOTE ... Zemana will do an initial scan of most likely areas of infection but not the whole drive . To search whole drive drag and drop your 'C' drive etc. into the box on its start-up page.
-
Just a quick point, I have run AdBlock plus for quite some time but still suffered with this trojan - however all scans with McAfee and Malwarebytes found no issues on my system.
-
How do you know that its coin-hive (Manero) causing your problem if its not been detected? Malwarebytes is blocking 5 million "attacks" a day.
-
How do you know that its coin-hive (Manero) causing your problem if its not been detected? Malwarebytes is blocking 5 million "attacks" a day.
Because malwarebytes blocks the outgoing connection to coin-hive sites....
-
Hi
FYI...about the site...my malware protection keeps giving me a warning about one of the sponsors or addresses that shows up on the Shipspotting home page.
-
Yes, getting the same malware warning about coinhive.com
-
How to Block Coin-Hive
Hi Everyone,
I think I may have found a solution. You can add the extension, No Coin for your browser:
No Coin for:
-
Thanks Cody, I can get as far as clicking on the icon, (Adblock ultimate 2.28) but nowhere the "options" button appears. Where do I go wrong?
-
Sorry Pieter, I meant this AdBlock (https://getadblock.com/) extension.
-
OK, I did that, but I had to retyp the link in Domain, not in the URL box, because when I did that the "flash" extension that was there reappered after typing the URL (Copy-paste did not work there).
The results are that I do not get a message from AVG anymore that the connection with coinhave was discontinued, so I hopefully can assume that it was established. In other words cody, your suggestion works. Thanks a lot.
-
Hi all ,
I am using Chrome and AdBlock too
In my case correct code is : https://coinhive.com/lib/coinhive.min.js
and the problem is solved !
Brgds Sini
-
Hi
Also using Chrome and AdBock in Windows 7, did the above but still getting "Web Attach JSCoinminer Download 6" & "Download 8" notification saying its been blocked by Norton when opening a screen with photos.
Not the solution for me, this needs to be resolved at site level and not just by attempting to block it on everyone's PC
May be a clue here.
Getting the same problem on an old laptop, I did a full system scan (takes a few hours) and no problem found. As an experiment I deactivated my AV and connected to Shipspotting for less than a minute, no pop up because no AV, reactivated my AV and did another full system scan and got the result below.
CPU normal without photos, 100% with.
I will be steering clear of all shipspotting pages with photos until this is resolved
Regards
Bob
-
Agree, it is time to resolve this, it is on your website and not readers/subscribers problem...it's taken too long now.
-
Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?
-
I recive this message from my virus scan. Mailware or virus ????
Schadelijke website geblokkeerd
http://tizermedias.com/odessa/?54vFcZ&se_referrer=http://forum.shipspotting.com/index.php?action=post;topic=15952.0;num_replies=0&default_keyword=My%20Uploaded%20Photos%20-%20ShipSpotting.com%20-%20Ship%20Photos%20and%20Ship%20Tracker&r=8992
-
Sorry, but I am no computer nerd and don't really understand all this Coinhive stuff. I have always used Windows 10 and Chrome with an AdBlocker and have never noticed anything unusual when uploading photos. Would I be best to refrain from posting pics until this thing is sorted out?
Hi Bob, you'd probably notice if this stuff was running. It uses all the available CPU power so your computer would bog down a bit or the fans would come on. It should be fine if you have Coinhive blocked in AdBlock or if you use a Chrome extension which blocks Coinhive as recommended by Cody. So normally no problems if you haven't already noticed it.
Kind regards
Cedric
-
Thanks, Cedric. Coinhive blocker now on
-
Its the "coinminer" that giving me trouble, not "coinhive".
Any progress on this problem yet?
-
Coinhive and coinminer are variants of the same intrusion/ trojan (as per the horse and sneaks in via various dubious sources). Repeating myself from early reply in this topic read http://www.malwareremovalguides.info/trojan-bitcoinminer-removal-guide/ which gives a good synopsis of the problem, its burrowing into your system and how to remove. Any trace left will re-infect.
-
Thanks ChasB46
Your solution looks brilliant for cleaning infected PC's but I'm sure my AV is protecting mine. The problem is the continuous bombardment from this site of the coinminer that is being blocked by my AV, its very annoying getting the continuous pop ups telling me its been blocked.
This only happens on this site on pages with photographs and it needs to be resolved by the site.
Can we have an update as to what the site is doing to resolve this matter. Until the problem is dealt with I will stay clear of those affected pages.
Regards
Bob
-
Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites. Presumably the IT folks at Shipspotting can/will fix in due course this
-
Andrecas and others being troubled by coinhive on this site. Its strange because I have nothing special on my computer ..Windows 7 +I use Opera, Bitdefender and an adblocker. I have no problems with pictures on the site. I have viewed / full page and downloaded some at random with no detriments. My CPU is maxing at 4%.
Today,interrogating my Bitdefender records it blocked https://coinhive.com/lib/coinhive.min.js on October 11th at 9.42am. Since then nothing strange and it didn't even bother flagging up that occurrence.
SUBSEQUENT
Repeated on late-wife's laptop Windows 10 via wifi , Opera, ad blocker and Norton. DIFFERENT result . Tried to attach pdf but it "disappeared" so info below
As soon as I OPENED Shipspotting in browser Norton flagged up and blocked intrusion (added no further action required). Did not need to access any further into site ie photos or Forum.
CPU not affected maxing at 3%.
Might help webmaster...
Severity HIGH An intrusion attempt by tizermedias.com was blocked.
Attacking computer .. tizermedias.com (185.129.148.203.80)
Attacker URL ..tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 (this final number changes on re accessing Shipspotting)
Source address .. tizermedias.com(185.129.148.203)
Traffic description .. TCP.www-http
Network Traffic from tizermedias.com/odessa/?54vfcZ&se_referrer=&default_keyword=Home-Shipspotting.com-Ship Photos and Ship Tracker&r=6722 matches\DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\ADMUNCHER\ADMUNCHER.EXE. To stop being notified for this type of traffic in the Actions panel click Stop Notifying.
I guess last sentence refers to Norton notification.
-
Marine Traffic, Vessel tracker, FleetMon, etc., offer some sense/form of security with the ubiquitous padlock symbol displayed when visiting their sites.
That padlock symbol is doesn't mean that much anymore and can't guarantee safety on its own. It just means traffic to and from the server is encrypted so anyone snooping in on network traffic is can't intercept the data being sent. An https site could have the same problem if its servers were also affected.
-
Hi Everyone,
I'm sorry for all the trouble this is causing. When I find out more, I'll definitely let you all know.
Best Wishes
Cody
-
Hi
Has anyone looked at the source code? There is a googlead code line that shows on a page with no ads. Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning??? ??? ??? ??? ???
-
Hi
Has anyone looked at the source code? There is a googlead code line that shows on a page with no ads. Maybe it is that code line or some other errant code line that is triggering the Coinhive malware warning??? ??? ??? ??? ???
-
Hello
I use MalwareBytes : If you don't want it to pop up , I did so :
Malware + setting + exclusion : Put in the following if you use Microsoft Edge .
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
-
Hello again .
If you use I.E. 11
Malware + setting + exclusion.
C:\Program Files (x86)\ Internet Explorer\iexplore.exe
-
I am constantly receiving a warning from Avast anti virus program stating that the connection has been suspended with comhive.com as infested with JS: Miner-C
-
Any news?
In the meantime, immediately upon opening the site, I got reported to my company's IT department for breach of security by visiting malware sites.
This was something I definitely could live without.
However, one hour before that, my home computer did not show any increase in processor activity after visiting the site - and it would jump to 100% immediately yesterday.
So, what's the news? :)
-
Well I abstained from visiting this site on my laptop for almost two weeks and only checked this forum on my mobile.
Tried it today and 100% cpu-usage....
Installed malwarebytes on my mac and it found some files, though not sure it has to do something with coin-hive.
Anyway still have 100% cpu-usage after opening this website. Only when I disable JavaScript it has a normal cpu-usage.
When doing the test (opening this website) after running malwarebytes and have a cpu-usage of 100% malwarebytes found no malicious files....
Anyway it's about time the malicious ads are removed the website, really don't know why this have to take such a long time.
Cheers,
Roy
-
Coin-hive and its variants use Javascript. As you have found turning off Javascript returns the CPU to "normal". If Shipspotting members can live without Javascript turn it off in your browser options. If you occasionally need to use it then get a browser addon that sits in browser bar and can be turned off/on with a mouse click.
-
David and I have been trying to get some news. As soon as we receive some, we'll let you know.
In the meantime, the browser extension "No Coin" seems to be work quite well at blocking it.
My apologise for the length of time this is taking to resolve this problem.
Cody
-
I have been away for a number of days, but since my return Tuesday morning I have experienced no problems any more with the site, the fan stayed quiet and the CPU worked like it should be. Apparently something has changed.
-
Until I reinstalled Malwarebytes after a 2 month absence, I did not get any messages. Now I regularity do - from Malwarebytes, stating that Coinhive has been blocked.
I have never noticed any slowing of my CPU
I usually use Chrome as my browser, occasionally Firefox which gives the same result
Good luck Cody and David. I hope you get appropriate advice from Henrik
Clyde
-
I have uninstalled Malwarebytes and am now relying on AVG CloudCare AntiVirus.
The pop up windows about blocking no longer appear
I have the No Coin browser extension as earlier advised by Cody
Clyde
-
Turning off java for the site in Chrome settings appears to have resolved the issue for me for now, Malewarebytes no longer popping up every few seconds and no processor overload.
-
Hi ,using Firefox my antivirus was constantly advising me that Coinhive has been blocked.
Irritant! After adding the browser extension" No coin",thanks Cody Williams!,no problem at all
Cheers
-
No worries, guys. I'm glad I've been able to help.
Best Wishes
Cody
-
Had no problems up to today, now am riddled with coinminer 6&8. Have removed Java and installed no coin, it tells me page is infected,but won't remove or block it. Nortons tells me it is being blocked,not sure wherther it is safe to use the site or not. Norton tells me that it is Shipspotting that is attacking my computer...
-
Well, that's disappointing..
I loaded "No Coin" yesterday although it only mask's the site problem and it worked fine, today "coinminer 6&8" back as bad as ever..
Pop ups still say "Norton" is blocking them plus "No Coin" saying this site is unsafe.
Hope the Tech's sort this asap. I will only check progress by logging on directly to the forum page where's there's no photos so no pop ups.
Regards
Bob
-
Subject threat warning first surfaced more than 2 weeks ago. Since I am no
-
Just been on for half an hour, no high CPU running and no reports from Norton they have removed "coin miner" threat every 10 seconds. First time of normal running for a while, maybe...
-
Im using old XP and Avast is my Anti Virus.
I use Firefox to browse this site.
Never a problem of any kind ever.
Maybe I'm just lucky.
-
Has something been done to solve this? I've just tried the site and for the first time in over a week, I'm not being bombarded with coin-hive warnings???? Anyone else finding the same???
-
Trouble seems to be over.
Since 2 days no more warnings on my computer.
Many thanks Hendrik and team to solve the problem
regards
Frans
-
Well done to whomever fixed the Coinhive bug, thanks. :D :D :D
-
And a thank you from myself as well to whoever fixed the problem.
Ian Thomas
-
Up until this morning was reviewing forum info via mobile. Logged onto site today using PC and the Malware/Norton pop up screens have ceased. From what I am reading in forum it appears the "coin" threat has been removed. Thank you to Webmasters/IT group for their role in dealing with this matter.
-
Indeed there is some progress which is very good.
Cpu usage is no longer jumping to 98/100%, though it is still higher then when I disable JavaScript.
Don't know if that has something to do advertisements.
Cheers,
Roy
-
Thank you to all involved in clearing the bitcoin problem,
Anthony Legg
-
Hi all,
We have had many things to deal with the last month. It finally seems we start to have an OK status again.
We have been moving the servers, and at the same time the mining problem and mobile redirects have appeared in multiple ways. Status right now is that we will have no more downtime due to the server move.
The coinhive and mobile redirects have been removed completely from the site. It's clear that none of these have been "real" viruses, so your computers as a visitors should not be affected. As soon as you close the web browser or browser tab - it should all be gone.
Thank you to all of you that have been reporting messages from browsers and warning messages from anti-malware software etc. It's a big help, especially since some of these things only appears once per 24 hours, and also only in specific countries.
Regards,
Henrik