again the world developed a new "amazing" web feature.
"mining" in web browsers.
yesterday news sites reported that tpb starts using it on some parts of their site.
i also found an other site today that does the same (firefox had high cpu usage till i forbid javascript for "coin-hive.com")
i think this will be a real plague in the future.
is there any chance that noscript gets an anti mining option to prevent that firefox starts mining in the background?
Prevent "Mining" :)
Prevent "Mining" :)
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0
Re: Prevent "Mining" :)
https://www.tripwire.com/state-of-secur ... s-browser/
NoScript is a security tool, anything else it does is side-effect of its security. I'm not clear on whether in-browser coin mining is a security threat or just annoying.
If it is a security threat, then certainly NoScript should do something. In the mean time, since these mining scripts are third-party, you can Mark the mining sites as Untrusted.
NoScript is a security tool, anything else it does is side-effect of its security. I'm not clear on whether in-browser coin mining is a security threat or just annoying.
If it is a security threat, then certainly NoScript should do something. In the mean time, since these mining scripts are third-party, you can Mark the mining sites as Untrusted.
*Always* check the changelogs BEFORE updating that important software!
-
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Prevent "Mining" :)
Pirate bay has been experimenting with it but you can kill it with a blocker, just look for the code. Unless you script kill the whole site, NS can't help you with inline or post injected JS. Meaning, unless you mark as untrusted like @barbaz said, you allow it, you get what you get. NS doesn't think for you, just does what you say and protects you accordingly, the decision is yours. And, while NS sometimes will block things, that's the exception not the rule, meaning it wasn't build to be a content blocker. Now if the site you are using uses a cross domain to do it, then sure, mark that part as untrusted and as long as they don't lazy load a local copy on their own domain as a failover, which you have allowed, then you will be fine.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: NoScript Sightings
They have been mining to make some funds for the site, it's been known for a long time and over at uBlock it was already blocked with a specialized list that also kills others that have been discovered.morganism wrote:NoScript on Pirate Bay forum to disable a bitcoin mining script
https://pirates-forum.org/Thread-PIRATE ... SITE-MINER
Code: Select all
! uBlock Origin -- Resource-abuse filters
!
! To foil sites potentially abusing CPU/bandwidth resources without informed
! consent. Any such resource-abuse scripts MUST be opt-in, with complete
! informed consent from the visitor.
! https://github.com/uBlockOrigin/uAssets/issues/659
||edgeno.de^$script,third-party,domain=~edgemesh.com
/edgemesh.*.js$script,domain=~edgemesh.com|~edgeno.de
! https://github.com/uBlockOrigin/uAssets/issues/690
||coin-hive.com^$third-party
||coinhive.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/706
||jsecoin.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/725
||minemytraffic.com^$third-party
! https://github.com/jspenguin2017/uBlockProtector/issues/624#issuecomment-333700969
||kisshentai.net/Content/js/c-hive.js
! https://github.com/jspenguin2017/uBlockProtector/issues/636#issuecomment-334317456
||info^$script,third-party,domain=oload.info
! https://github.com/uBlockOrigin/uAssets/issues/742
||crypto-loot.com^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/746
||2giga.link^*hive$script
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/32
||ppoi.org^$third-party
||projectpoi.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/748
||webmine.cz^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/754
||coinerra.com^$third-party
||listat.biz^
||lmodr.biz^
||mataharirama.xyz^$third-party
||minero.pw^$third-party
||reasedoper.pw^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/762
||coin-have.com^$third-party
! https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/
||coinblind.com^
||coinnebula.com^
! https://github.com/uBlockOrigin/uAssets/issues/803
||safelinkconverter.com^$script,third-party
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NoScript Sightings
Of course coin-hive.com is already blocked by default, not being in the default whitelist, so nothing seems needed at this moment.GµårÐïåñ wrote: but perhaps Giorgio can use this list or his own information to build some internal blocking by default
Should some website also check whether the miner actually works and otherwise intentionally break some functionality to force you enabling it, we could devise some Surrogate Script as a work-around.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: NoScript Sightings
Thank you my friend for so quickly coming to take a look and dropping some knowledge, appreciate it because I know you are busy dealing with a lot of things.Giorgio Maone wrote:Should some website also check whether the miner actually works and otherwise intentionally break some functionality to force you enabling it, we could devise some Surrogate Script as a work-around.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Re: Prevent "Mining" :)
Merged discussion to here.
*Always* check the changelogs BEFORE updating that important software!
-