Author Topic: Coinhive threat warning  (Read 67510 times)

Offline Richard Paton

  • Top Poster
  • *****
  • Posts: 1,053
    • View Profile
Coinhive threat warning
« on: October 10, 2017, 05:27:10 PM »
Has anybody else been getting an anti virus alert for coinhive.com on this site when you click on it?

The warning beeps saying virus detected only happen on this site an no other.
« Last Edit: October 10, 2017, 07:02:04 PM by Richard Paton »

Offline andrecas

  • Just can't stay away
  • ***
  • Posts: 112
    • View Profile
Re: Coinhive threat warning
« Reply #1 on: October 10, 2017, 06:35:40 PM »
Just today I've been getting pop up screens from Malwarebytes (to which I subscribe to) indicating this "coinhive" site is being blocked. It makes me wonder (again) when this site will update (or implement) security features similar to other sites (such as marine Traffic), etc.

Offline simonwp

  • Home away from home
  • ****
  • Posts: 214
    • View Profile
Re: Coinhive threat warning
« Reply #2 on: October 10, 2017, 06:48:39 PM »
Yes I'm getting the same. Fortunately by anti-virus software is blocking it.

Offline Richard Paton

  • Top Poster
  • *****
  • Posts: 1,053
    • View Profile
Re: Coinhive threat warning
« Reply #3 on: October 10, 2017, 06:50:34 PM »
Glad to hear it's not just me then, having googled it it seems coinhive is a way for a website to generate revenue..

Coinhive is a cryptocurrency miner written in Javascript, which sends any coins mined by the browser to the owner of the web site.

Offline CedricH

  • Photo Administrator
  • Top Poster
  • *****
  • Posts: 657
    • View Profile
Re: Coinhive threat warning
« Reply #4 on: October 10, 2017, 08:23:52 PM »
I did notice very high CPU usage on this page, despite not seeing the ads with an adblocker.
Photo admin for the Passenger Vessels, RO/RO, Ship Interiors and Vehicle Carriers categories

Offline davidships

  • Webmaster
  • Top Poster
  • *****
  • Posts: 2,304
    • View Profile
Re: Coinhive threat warning
« Reply #5 on: October 10, 2017, 09:02:34 PM »
Yes Cedric.
That's what it does, apparently, though I don't pretend to understand it.
However this seems to touch on it - and in particular on the issue around it being set to maximise CPU usage:
https://www.reddit.com/r/beermoney/comments/751c8m/beware_the_coinhivecom_jsminerc/

I'm waiting for Cody to come back to me on this.
(Cedric, I am working offsite on the category question and will email you)

Offline Cody Williams

  • Top Poster
  • *****
  • Posts: 1,117
    • View Profile
    • ~Ydoc~ on Flickr
Re: Coinhive threat warning
« Reply #6 on: October 11, 2017, 05:47:54 AM »
Hi Everyone,

Remember when we had issues with the site being rerouted to ad-websites on some mobile devices a while back? That was caused by Tizermedias which was placed into our siteís directory Ė where all the files on our server are that make site work Ė by a hacker. So far Henrik hasnít been able to fully get rid of Tizermedias and so whatís happened now is that Tizermedias is now using Coin Hive to mine Bitcoin by using other peopleís computers to do the work Ė itís an extra source of revenue for them on top of ad-revenue.

When the site loads all of the scripts that make features like buttons work, show photos and ads et cetera; the Coin Hive script also gets run. From what I understand it's not malicious but I'll try to find out more about it.

Best Wishes
Cody

Offline CedricH

  • Photo Administrator
  • Top Poster
  • *****
  • Posts: 657
    • View Profile
Re: Coinhive threat warning
« Reply #7 on: October 11, 2017, 08:08:58 AM »
Thanks for the update Cody and David. I hope the issue gets resolved soon, CPU usage is so high that I can hardly scroll through pages after a while.

Kind regards
Cedric
Photo admin for the Passenger Vessels, RO/RO, Ship Interiors and Vehicle Carriers categories

Offline Phil English

  • Top Poster
  • *****
  • Posts: 3,492
    • View Profile
Re: Coinhive threat warning
« Reply #8 on: October 11, 2017, 08:25:45 AM »
I've also noticed that shipspotting has been making by CPU run at 100%. Consequently, everything else on my PC runs slower than it should. Nothing else is doing it, as soon as it close ss.com, my CPU goes down to <10%.

Brgds
Phil
« Last Edit: October 11, 2017, 08:27:23 AM by Phil English »

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 963
    • View Profile
Re: Coinhive threat warning
« Reply #9 on: October 11, 2017, 08:59:47 AM »
There are Coin Hive extensions that you can download for Chrome, Firefox, Opera etc. they not only stop it loading but clean your browser. Just "Google" .. eg search for Coin Hive blocker +Chrome etc.  Note the search works best if Coin and Hive are separated or as Coin-Hive.
see http://cryptomining-blog.com/tag/no-coin-browser-extension/ for extra info if required.

Once its loaded there will be an icon in your browser bar ... On and Off so make sure you turn it on.
« Last Edit: October 11, 2017, 09:04:41 AM by ChasB46 »

Offline Robert J Smith

  • Top Poster
  • *****
  • Posts: 5,793
    • View Profile
Re: Coinhive threat warning
« Reply #10 on: October 11, 2017, 12:16:46 PM »
Iím getting a lot of cache files being blocked by my anti-virus, is this the same problem? Files are all various f_XXXXXX numbers e.g. F_011356
Problem only on shipspotting.com on different browsers, all other sites are ok.

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 963
    • View Profile
Re: Coinhive threat warning
« Reply #11 on: October 11, 2017, 12:43:11 PM »
Although its not a virus, its a trojan via Java script. Searching Norton, Bitdefender, Kaspersky websites they have the tools to detect and remove. Need to run the Norton etc. system scan, to find and remove.
It would appear that antivirus does not detect until its actually within your browser.  Its downloaded with free software and via adverts so reinfects looking for any Bitcoins you may have in your "piggy bank".Then steals them. An adblocker will stop it infecting but Shipspotting may not like you using ad blockers as its part of their revenue. As I use an ad blocker within my browsers I do not see any ads on the site so cannot comment if one or more of the ads are infected. I'm assuming Shipspotting still displays ads.
Clear your browser cache but that will not stop "reinfection". Need to prevent the source/ads reinfecting.
See https://malwaretips.com/blogs/remove-coin-hive-miner/ for remedies.
« Last Edit: October 11, 2017, 01:01:39 PM by ChasB46 »

Offline Allan RO

  • Top Poster
  • *****
  • Posts: 2,667
    • View Profile
Re: Coinhive threat warning
« Reply #12 on: October 11, 2017, 01:52:30 PM »
my AVG free is picking it up and disposing.

Allan

Offline pieter melissen

  • Photo Corrections
  • Top Poster
  • *****
  • Posts: 507
    • View Profile
    • ultimatecarpage.com
Re: Coinhive threat warning
« Reply #13 on: October 11, 2017, 02:11:32 PM »
my AVG free is picking it up and disposing.

Allan

so does mine but it is quite irritating, and I have a feeling that even though it has been picked up it has not been disposed of as it still manages to slow my computer.
« Last Edit: October 11, 2017, 02:13:20 PM by pieter melissen »

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 963
    • View Profile
Re: Coinhive threat warning
« Reply #14 on: October 11, 2017, 02:38:31 PM »
Unless its TOTALLY removed then it will keep coming back when you restart computer. Try https://www.malwarebytes.com/adwcleaner/ and run as Administrator ..its free. Stay away from ads on sites. You do not even have to look at the infected ads.