Security Warning: Dmania.lol is running mining scripts using your computer resources.

in #dmania7 years ago (edited)

Hey Again Steemitizens,


Edit after a day of this post being up, in fairness:

@zombee responded quickly and fairly decisively and has resolved this issue. Dmania.lol is no longer mining as noted below.

Here from the comments section below, is the result of this post:

[-]zombee (65) · 7 hours ago
I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.


this is the original post body, before @zombee responded and the addition was made above this line:

You should know that dmania.lol is running crypto mining scripts when you visit their site. Because of the warning issued by my security software, I did not proceed into the site today. This is the first time I have received this warning on their site.

I am not accusing the site operators of mal-doing, but if they are mining surreptitiously, well that's pretty shady. It is possible however, they have been hacked and this script was maliciously injected.

Either way, when this same thing happened to steem.supply, there was massive public outcry when people found out. I feel this bears reporting now to the community as a result.

Yours in service,
@SirCork

Steem Witness #71

Founder @YouAreHOPE Foundation - Steem based, community fueled worldwide humanitarian aid charitable organization.

Founder @SteemStarNetwork 24/7 stream at the center of the steemiverse.


Please remember to cast your witness vote for @SirCork,
your charitable, irritable steem witness!

Sort:  

Yep, they JS file is a minified bundle ... however this file needs to be able to be parsed. Therefore, all the minified functions exist inside the file with their original names. See the following screenshot:

Screen Shot 2018-03-21 at 2.34.59 PM.png

Hidden Mining Scripts are getting more and more... Don't forget about them

I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.

I think you’re a fucking scammy liar. @dmania is going DOWN.

You are actually helping the people by downvoting dmania, to get them more votes. Because the dmania comment will not be shown and people will think, its such a nice meme that they will upvote it :) You should rather downvote the posts of those people who you think are copy pasting.

Can you please give more info on which module was adding the miner? Was it a npm module? What's the name? I want to dig deeper in this

that site doesn't work, and you are running coinhive however it got there I don't know.

Where was the miner? How did it get there?

Thanks for responding. We have many confirmations it IS mining from @themarkymark, @netuoso, @andybets, @drakos and myself.

Find it and kill it, would be my suggestion.

Dmania is useless why would i share my rewards with your platform when i can just post a meme directly to steemit?

Because there is a chance of a 40$ upvote from the bot that you cant get if you post directly to steemit. But take in consideration that only quality memes can get the votes so you might want to post them to steemit after all. Your attitude is toxic, gtfo.

I find your reply to accra unpleasant and wrong. I too had wondered and now I know I must stay far from all posts using dmania, since you react so violently to a simple question. I suppose you are now going to flag me also...

@zombee does runicar really represent your attitude to questions being asked? I also think that responding this way, with sarcasm and flags, at the time you have just been found to be in the wrong, even if unwittingly, is not good marketing.

You really shouldn’t be using hundreds of libraries. It’s a bit wasteful from a resource standpoint, opens up the site to vulnerabilities, and makes updating a pain.

Thanks for the update. Crisis averted. Good work. Good response.

What virus software do you use? I'm impressed by that catch!

Cg

Avast as indicated in the screenshot. McAfee is already dead because the founder has transformed into a full-time shill. LOL

and you find out here? is making the corrections for this post, I think you should be more careful with this ,,,,, thanks to the friend @ sirirk for such important information ,,,

I appreciate your response and update @zombee, but can you also answer @heimindanger question? Thanks

Here's my little 100% UV
THANKS for the Quick Response!

@sircork

U, MY GOOD SIR, ROCK!

Not buying it, what was it included with?

I am now checking the code for that before every update so that won't happen again.

Will you share some details! So other small operators who care about it can also try to avoid these hidden miners!!

I go with the library theory. It is not the first time I see something like this happen, especially with crypto-related sites. It is vital to have the proper security software installed for detecting this kind of things.

we love you big chef. Let's vote for a party.

Damn @zombee after the bernie post one would think that you would make sure to keep a clean house. I think most DO THINK that you put that there knowingly too. This is not good. You're hurting your existence.

You need to refresh on Dmania.
It's the shanty town of steemit man.

The consensus of most users in these comments is that it's sloppy that it got there, but probably not intentional. That said, it is a case of trust but verify, so we'd still like to know what library and how to avoid this in other applications likely to be using the same libraries for this sort of steem connected site.

It seems intentional with a cop out excuse. The name of the external dep that did this ? Coinhive.

You're a good guy @sircock
lol kidding but I swear I thought that was your name at first glance.

And @netuoso you should be clear and let people know that you want @zombee to fail because you present an alternative on the meme creation front. Nothing wrong with wanting your competition to fail but you should be clear on that.

I second the latter paragraph on here. I love meme, reason why I prefer it as an alternative than any other shit posting. Writing on a daily basis without generating a return-of-effort is a soul-crushing experience. I don't care though who will dominate this meme arena as long as it is user-friendly and safe to use. Facebook on the other end is undergoing similar trust issue lately, Dmania should fix this shit because the competition is getting fierce day by day.

Modern-day interpretation to Plato's Allegory Of The Cave is badass.

platonism.jpg

If it's intentional, that would be a strange thing for a Steem-based site to do, considering that Steem is meant to turn the economic model of the web on its head.

It's happened before on steem.supply, IF it's intentional, my pfunky friend, it's greed, and in ancapistan, all are susceptible to greed. sigh

Blockchain advocates who do intentional shady practices on chain should listen to Bamboo's song Hallelujah.

I'm ashamed of what I become in the mirror, the face of my one true enemy.

Understood and agree.

Based on @ZomBee's response shortly after these comments I think it would be best to assume good faith for prominent Steem services.

As you will see in comments made after he responded, I agree.

What happened with steem supply?

In that case, the site operator ran a script like this, didn't disclose. Got caught, admitted it, put up a notice it was running, got more push back and just took it out in the end. All last year. I still vote for that site operator as a witness thanks to his solid response to public preference.

Solid is an overstatement, when I initially reported it he wasn’t all that nice about it.

@dragosroua is a great guy, like most people here he kind of stopped caring about the majority of steem stuff, not sure but just a feeling I'm getting, maybe I'm just guessing from my perspective. I haven't been active quite as much as before

It's not the first time

Since it's hogging the CPU, it looks like a hack to me.

Site owners have done it themselves as well voluntarily as it is free money.

Yeah, but I'd have thought a site owner would keep the CPU utilisation at a less noticeable level.

yeah, i would suspect intentional in this case.

Yes, cpu and gpu cycles are free, the earth can sustain an unlimited amount of computing cycles in the quest for moar crypto mining.

You know what he means. The cost is externalized away from the site operator, to him or her, it IS free.

"This is the first time I have received this warning on their site."

Maybe it is supposed to turn the economic model of STEEM on its head.

Anyway another reason not to use dmania.

Dmania probably got compromised and some hackers installed these mining scripts. I doubt they would start doing this without letting users know.

I tend to agree.

Yea, that's pretty awful!!

Confirmed on my end as well. Once I turn off security it eats up a single core.

That really shakes me to my single core. lol Thanks for the confirmation, fellow witness. Y'all vote for this cat, up his witness game a little, he's kind of a witness badass, after all.

ive put the link around some of the discord groups for you for the mods to filter down.

thanks for spreading the word.

Well in that case, that is clearly wrong by dmania to have done that.. i would love to hear @zombee explaining this..

Another rouge witness that hath gone greedy?

hard to say. maybe so, maybe not, but they seem to be responding to the cry to undo it.

Thanks for the info. I tend to believe that they were hacked. With lower prices, I would imagine it would be harder to defend an attack. This dip has left a lot of sites vulnerable. Any update on steem.supply? I really liked their service. Thanks again for the post! Resteem

Steem.supply is clean. I vote for it's operator as a witness myself, in part because of how he handled the pressure of being found with crypto mining scripts last year. The site is devoid of them now.

Thanks for the heads up @sircork! Super helpful