This info might be useful for those that don't totally block JavaScript in their browser, but want to be sure to block the new influx of JS-based miners (eg coinhive). I came across the list in a discussion of the new quad9 free DNS service (at 9.9.9.9, hence the name), which supposedly blocks the resolution of malware / botnets / "bad-guys" / etc, but is *not* blocking any of these sites serving out JS mining code. I'd be curious to know what anyone thinks of the quad9 DNS service.. I've not turned it on yet anywhere, but will probably play with it at home soon.. Anyway, the list of sites serving out mining JS lives at the following: https://github.com/Marfjeh/coinhive-block/blob/master/domains The fellow who maintains this list has a little makefile one level up that will add each host as 0.0.0.0 to your /etc/hosts file, if that's what you would like to do with such a list. Details: https://github.com/Marfjeh/coinhive-block/ John -- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On Fri, Nov 17, 2017 at 08:50:21AM -0500, John Newman wrote:
https://github.com/Marfjeh/coinhive-block/blob/master/domains
The fellow who maintains this list has a little makefile one level up that will add each host as 0.0.0.0 to your /etc/hosts file, if that's what you would like to do with such a list. Details:
Is blacklisting solution at all? Domains change. The page may refuse to display if the miner is not running.
On November 18, 2017 5:00:35 AM EST, Georgi Guninski <guninski@guninski.com> wrote:
On Fri, Nov 17, 2017 at 08:50:21AM -0500, John Newman wrote:
https://github.com/Marfjeh/coinhive-block/blob/master/domains
The fellow who maintains this list has a little makefile one level up that will add each host as 0.0.0.0 to your /etc/hosts file, if that's what you would like to do with such a list. Details:
Is blacklisting solution at all? Domains change. The page may refuse to display if the miner is not running.
It's definitely not a comprehensive or guaranteed solution, at all... As for domains changing, all you can do is keep your blacklist up-to-date, and of course it's totally a game of catch up. As for sites not working, I'd tend to say "fuck that site" =) But it sure seems like there should be a way to use NoScript or similar plugin with some custom code to trick some of the sites that depend on the mining code running into thinking their shit ran while in reality you basically no-op it. Im a piss-poor JS programmer myself, haven't ever had to use it for much ;)
The coinhive creator put out authedmine for those interested in using an opt-in JS miner in their websites. Seems like a fair use of a JS miner to me. https://authedmine.com/
-------- Original Message -------- Subject: blocking coinhive / JS miners Local Time: November 17, 2017 2:50 PM UTC Time: November 17, 2017 1:50 PM From: jnn@synfin.org To: cypherpunks@lists.cpunks.org
This info might be useful for those that don't totally block JavaScript in their browser, but want to be sure to block the new influx of JS-based miners (eg coinhive).
I came across the list in a discussion of the new quad9 free DNS service (at 9.9.9.9, hence the name), which supposedly blocks the resolution of malware / botnets / "bad-guys" / etc, but is not blocking any of these sites serving out JS mining code. I'd be curious to know what anyone thinks of the quad9 DNS service.. I've not turned it on yet anywhere, but will probably play with it at home soon..
Anyway, the list of sites serving out mining JS lives at the following:
https://github.com/Marfjeh/coinhive-block/blob/master/domains
The fellow who maintains this list has a little makefile one level up that will add each host as 0.0.0.0 to your /etc/hosts file, if that's what you would like to do with such a list. Details:
https://github.com/Marfjeh/coinhive-block/
John
GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
participants (3)
-
Georgi Guninski -
John Newman -
Michalis Kargakis