Page 1 of 1
Prevent "Mining" :)
Posted: Tue Sep 19, 2017 12:30 am
by thomaz
again the world developed a new "amazing" web feature.
"mining" in web browsers.
yesterday news sites reported that tpb starts using it on some parts of their site.
i also found an other site today that does the same (firefox had high cpu usage till i forbid javascript for "coin-hive.com")
i think this will be a real plague in the future.
is there any chance that noscript gets an anti mining option to prevent that firefox starts mining in the background?
Re: Prevent "Mining" :)
Posted: Tue Sep 19, 2017 1:19 am
by barbaz
https://www.tripwire.com/state-of-secur ... s-browser/
NoScript is a security tool, anything else it does is side-effect of its security. I'm not clear on whether in-browser coin mining is a security threat or just annoying.
If it is a security threat, then certainly NoScript should do something. In the mean time, since these mining scripts are third-party, you can Mark the mining sites as Untrusted.
Re: Prevent "Mining" :)
Posted: Tue Sep 19, 2017 2:09 am
by GµårÐïåñ
Pirate bay has been experimenting with it but you can kill it with a blocker, just look for the code. Unless you script kill the whole site, NS can't help you with inline or post injected JS. Meaning, unless you mark as untrusted like @barbaz said, you allow it, you get what you get. NS doesn't think for you, just does what you say and protects you accordingly, the decision is yours. And, while NS sometimes will block things, that's the exception not the rule, meaning it wasn't build to be a content blocker. Now if the site you are using uses a cross domain to do it, then sure, mark that part as untrusted and as long as they don't lazy load a local copy on their own domain as a failover, which you have allowed, then you will be fine.
Re: NoScript Sightings
Posted: Thu Nov 02, 2017 10:09 pm
by GµårÐïåñ
They have been mining to make some funds for the site, it's been known for a long time and over at uBlock it was already blocked with a specialized list that also kills others that have been discovered.
Code: Select all
! uBlock Origin -- Resource-abuse filters
!
! To foil sites potentially abusing CPU/bandwidth resources without informed
! consent. Any such resource-abuse scripts MUST be opt-in, with complete
! informed consent from the visitor.
! https://github.com/uBlockOrigin/uAssets/issues/659
||edgeno.de^$script,third-party,domain=~edgemesh.com
/edgemesh.*.js$script,domain=~edgemesh.com|~edgeno.de
! https://github.com/uBlockOrigin/uAssets/issues/690
||coin-hive.com^$third-party
||coinhive.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/706
||jsecoin.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/725
||minemytraffic.com^$third-party
! https://github.com/jspenguin2017/uBlockProtector/issues/624#issuecomment-333700969
||kisshentai.net/Content/js/c-hive.js
! https://github.com/jspenguin2017/uBlockProtector/issues/636#issuecomment-334317456
||info^$script,third-party,domain=oload.info
! https://github.com/uBlockOrigin/uAssets/issues/742
||crypto-loot.com^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/746
||2giga.link^*hive$script
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/32
||ppoi.org^$third-party
||projectpoi.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/748
||webmine.cz^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/754
||coinerra.com^$third-party
||listat.biz^
||lmodr.biz^
||mataharirama.xyz^$third-party
||minero.pw^$third-party
||reasedoper.pw^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/762
||coin-have.com^$third-party
! https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/
||coinblind.com^
||coinnebula.com^
! https://github.com/uBlockOrigin/uAssets/issues/803
||safelinkconverter.com^$script,third-party
NoScript by the virtue of its nature, already breaks them and exposes them to you (of course barring you have allowed the whole site already or do so which would open you up) but perhaps Giorgio can use this list or his own information to build some internal blocking by default, it could be theoretically possible, like much of the XSS and other protections we have. I'll ask him.
Re: NoScript Sightings
Posted: Thu Nov 02, 2017 10:52 pm
by Giorgio Maone
GµårÐïåñ wrote: but perhaps Giorgio can use this list or his own information to build some internal blocking by default
Of course coin-hive.com is already blocked by default, not being in the default whitelist, so nothing seems needed at this moment.
Should some website also check whether the miner actually works and otherwise intentionally break some functionality to force you enabling it, we could devise some
Surrogate Script as a work-around.
Re: NoScript Sightings
Posted: Thu Nov 02, 2017 11:00 pm
by GµårÐïåñ
Giorgio Maone wrote:Should some website also check whether the miner actually works and otherwise intentionally break some functionality to force you enabling it, we could devise some
Surrogate Script as a work-around.
Thank you my friend for so quickly coming to take a look and dropping some knowledge, appreciate it
because I know you are busy dealing with a lot of things.
Re: Prevent "Mining" :)
Posted: Thu Nov 02, 2017 11:04 pm
by barbaz
Merged discussion to here.