The Sewing Place

Coinhive issue

Francesca

Coinhive issue
« on: October 06, 2017, 11:06:07 AM »
I thought I would make a separate thread as way of an announcement to explain what happened where some users saw their virus software flagging TSP as having issues.

One of our add-on providers was comprised and we had a script called Coin Hive added to our site without our knowledge. Coin Hive is a legitimate script, which uses your CPU power to mine "bitcoins" which are a type of currency. Essentially, the script is using your computer power to process lots and lots of mathematical sums which can be converted into money.

Coin Hive is legitimate, but it was added behind our backs and therefore is malicious. Coin Hive isn't going to steal personal information, install software etc it's just using your processing power unbeknownst to you (and us).

We are in the process of removing the script from the site, and then the next stage will be finding out exactly how it was added to prevent it happening in the future.

Hope that helps to explain! Here is an interesting article:
https://www.theregister.co.uk/2017/09/25/showtime_hit_with_coinmining_script/

It's also quite useful to know as there has been a lot of discussion about this sort of thing becoming the norm in the future. In essence, instead of seeing banner adverts everywhere, a bitcoin miner would simply use a little of your computer's processing power to mine some bitcoins which would pay for things in place of advertising, so it's interesting to read up on!

Francesca

Re: Coinhive issue
« Reply #1 on: October 06, 2017, 11:26:22 AM »
The Coin Hive script has now been totally removed from the site.

Please navigate your browsers to view-source:http://thesewingplace.org.uk/ and perform a hard refresh of your browser to get the latest changes.

Iminei

Re: Coinhive issue
« Reply #2 on: October 07, 2017, 08:25:33 AM »
Thank you sooo much Fran ... Bravo!!!
The Imperfect Perfectionist sews again

BrendaP

Re: Coinhive issue
« Reply #3 on: October 07, 2017, 09:33:35 AM »

Please navigate your browsers to view-source:http://thesewingplace.org.uk/ and perform a hard refresh of your browser to get the latest changes.

My browser (Firefox using Mac) wouldn't load http://view-source:http://thesewingplace.org.uk  but going to the homepage http://thesewingplace.org.uk/index.php then "Tools" -> "Web Developer" -> "page Source" took me there and I did the hard refresh.


Brenda.  My machines are: Caroline a Singer 201K-3 born in 1940, Thirza a Featherweight 221K born 1949, Azilia a Singer 201K born 1957 and and Vera, a Husqvarna 350 SewEasy about 20 years old. Also Bernina 1150 overlocker and Elna 444 Coverstitcher.
http://paternoster.orpheusweb.co.uk/

Kenora

Re: Coinhive issue
« Reply #4 on: October 07, 2017, 11:59:22 AM »
I noticed the fan on my pc running like crazy over the last couple of days so I investigated and found the only site that caused this was TSP on Chrome (using over 85% of the CPU's power). It's stopped doing it now but I've done the hard refresh anyway. :)
Minding my P's & Q's in Portreath