This info might be useful for those that don't totally block JavaScript in their browser, but want to be sure to block the new influx of JS-based miners (eg coinhive). I came across the list in a discussion of the new quad9 free DNS service (at 9.9.9.9, hence the name), which supposedly blocks the resolution of malware / botnets / "bad-guys" / etc, but is *not* blocking any of these sites serving out JS mining code. I'd be curious to know what anyone thinks of the quad9 DNS service.. I've not turned it on yet anywhere, but will probably play with it at home soon.. Anyway, the list of sites serving out mining JS lives at the following: https://github.com/Marfjeh/coinhive-block/blob/master/domains The fellow who maintains this list has a little makefile one level up that will add each host as 0.0.0.0 to your /etc/hosts file, if that's what you would like to do with such a list. Details: https://github.com/Marfjeh/coinhive-block/ John -- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On November 18, 2017 5:00:35 AM EST, Georgi Guninski <guninski@guninski.com> wrote:
It's definitely not a comprehensive or guaranteed solution, at all... As for domains changing, all you can do is keep your blacklist up-to-date, and of course it's totally a game of catch up. As for sites not working, I'd tend to say "fuck that site" =) But it sure seems like there should be a way to use NoScript or similar plugin with some custom code to trick some of the sites that depend on the mining code running into thinking their shit ran while in reality you basically no-op it. Im a piss-poor JS programmer myself, haven't ever had to use it for much ;)
The coinhive creator put out authedmine for those interested in using an opt-in JS miner in their websites. Seems like a fair use of a JS miner to me. https://authedmine.com/
participants (3)
-
Georgi Guninski -
John Newman -
Michalis Kargakis