|
13-12-2017, 06:36 PM | #21 |
Arofanatic
Join Date: Jul 2015
Posts: 312
|
I am free tech support for family and friends T_T
try a netstat -a -o | grep coinhive to see the process ID. Should be able to find the responsible process and kill it, or at least track down what is running the miner. I actually caught on to this only after my network monitoring tools reported my own PC as a source of bitcoin mining traffic. That said, you are definitely no stranger to computers if you have grep installed on your windows machine! |
13-12-2017, 06:38 PM | #22 | |
Arofanatic
Join Date: Jul 2015
Posts: 312
|
Quote:
Probably a good time to change all passwords and rebuild the system if you can. If this was a hack - and it likely is one - who knows what other back doors have been inserted. |
|
13-12-2017, 09:21 PM | #23 |
Dragon
Join Date: Apr 2006
Posts: 1,714
|
huat ar
ok le My IT shd stop sendin me emails to warn me liao... |
14-12-2017, 01:49 AM | #24 |
Administrator
Join Date: Sep 2000
Posts: 1,421
|
The CoinHive injection happened on the 8th Dec from examining the web server logs. The perpetrator modified an empty section of the forum template with the Coinhive miner codes via the forum admin control panel leaving a trail in the logs.
I believe the fault is mine as a weak/old password was used for my main forum account which I haven't been actively using. Other than the administration control panel, I do not see signs of forced entry via other means (shell/Database w/ differing password and credentials). To prevent a repeat, I've changed the method of access to the Admin controls and also added an additional layer of authentication to only those who have rights. Sorry for the trouble everyone and thanks to those who reported it. I will re-enable the Chatroom as it was not the cause afterall. |
14-12-2017, 03:19 AM | #25 |
Arofanatic
Join Date: Oct 2006
Posts: 168
|
I cant attached photo in chatter box. is it the cause of the "coinhive.com"?
|
14-12-2017, 08:10 AM | #26 | |
Arofanatic
Join Date: Oct 2005
Posts: 120
|
Quote:
the other PID belongs to killerserver.exe Uninstalled and reinstalled Teamview but it still returns. it seems i can trap the connection to within localhost but cant get rid of the virus, where is it hiding? Avast and Malwarebytes freeware cant detect it |
|
14-12-2017, 10:02 AM | #27 |
Prof SK Ong
Join Date: Jan 2009
Posts: 10,641
|
Wah
My orpit no IT department but also can block AF. Can't use wifi. Lucky got mobile data.
__________________
Just because it's a bad idea doesn't mean it won't be a good time. Use imgur for your photos sharing https://play.google.com/store/apps/d...m.imgur.mobile |
14-12-2017, 10:39 AM | #28 | |
Arofanatic
Join Date: Oct 2005
Posts: 120
|
Quote:
shld be false alarm |
|
14-12-2017, 11:53 AM | #29 |
Dragon
Join Date: Apr 2006
Posts: 1,714
|
|
16-12-2017, 04:49 AM | #30 |
Arofanatic
Join Date: Oct 2006
Posts: 168
|
having problem posting picture with IE but not Firefox
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Display Modes | |
|
|