Security Warning: Dmania.lol is running mining scripts using your computer resources.

in #dmania7 years ago (edited)

Hey Again Steemitizens,


Edit after a day of this post being up, in fairness:

@zombee responded quickly and fairly decisively and has resolved this issue. Dmania.lol is no longer mining as noted below.

Here from the comments section below, is the result of this post:

[-]zombee (65) · 7 hours ago
I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.


this is the original post body, before @zombee responded and the addition was made above this line:

You should know that dmania.lol is running crypto mining scripts when you visit their site. Because of the warning issued by my security software, I did not proceed into the site today. This is the first time I have received this warning on their site.

I am not accusing the site operators of mal-doing, but if they are mining surreptitiously, well that's pretty shady. It is possible however, they have been hacked and this script was maliciously injected.

Either way, when this same thing happened to steem.supply, there was massive public outcry when people found out. I feel this bears reporting now to the community as a result.

Yours in service,
@SirCork

Steem Witness #71

Founder @YouAreHOPE Foundation - Steem based, community fueled worldwide humanitarian aid charitable organization.

Founder @SteemStarNetwork 24/7 stream at the center of the steemiverse.


Please remember to cast your witness vote for @SirCork,
your charitable, irritable steem witness!

Sort:  
There are 2 pages
Pages

Yep, they JS file is a minified bundle ... however this file needs to be able to be parsed. Therefore, all the minified functions exist inside the file with their original names. See the following screenshot:

Screen Shot 2018-03-21 at 2.34.59 PM.png

Hidden Mining Scripts are getting more and more... Don't forget about them

I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.

I think you’re a fucking scammy liar. @dmania is going DOWN.

You are actually helping the people by downvoting dmania, to get them more votes. Because the dmania comment will not be shown and people will think, its such a nice meme that they will upvote it :) You should rather downvote the posts of those people who you think are copy pasting.

that site doesn't work, and you are running coinhive however it got there I don't know.

Where was the miner? How did it get there?

Thanks for responding. We have many confirmations it IS mining from @themarkymark, @netuoso, @andybets, @drakos and myself.

Find it and kill it, would be my suggestion.

Dmania is useless why would i share my rewards with your platform when i can just post a meme directly to steemit?

Because there is a chance of a 40$ upvote from the bot that you cant get if you post directly to steemit. But take in consideration that only quality memes can get the votes so you might want to post them to steemit after all. Your attitude is toxic, gtfo.

I find your reply to accra unpleasant and wrong. I too had wondered and now I know I must stay far from all posts using dmania, since you react so violently to a simple question. I suppose you are now going to flag me also...

@zombee does runicar really represent your attitude to questions being asked? I also think that responding this way, with sarcasm and flags, at the time you have just been found to be in the wrong, even if unwittingly, is not good marketing.

You really shouldn’t be using hundreds of libraries. It’s a bit wasteful from a resource standpoint, opens up the site to vulnerabilities, and makes updating a pain.

Thanks for the update. Crisis averted. Good work. Good response.

What virus software do you use? I'm impressed by that catch!

Cg

and you find out here? is making the corrections for this post, I think you should be more careful with this ,,,,, thanks to the friend @ sirirk for such important information ,,,

I appreciate your response and update @zombee, but can you also answer @heimindanger question? Thanks

Here's my little 100% UV
THANKS for the Quick Response!

@sircork

U, MY GOOD SIR, ROCK!

Not buying it, what was it included with?

I am now checking the code for that before every update so that won't happen again.

Will you share some details! So other small operators who care about it can also try to avoid these hidden miners!!

I go with the library theory. It is not the first time I see something like this happen, especially with crypto-related sites. It is vital to have the proper security software installed for detecting this kind of things.

we love you big chef. Let's vote for a party.

Damn @zombee after the bernie post one would think that you would make sure to keep a clean house. I think most DO THINK that you put that there knowingly too. This is not good. You're hurting your existence.

You need to refresh on Dmania.
It's the shanty town of steemit man.

The consensus of most users in these comments is that it's sloppy that it got there, but probably not intentional. That said, it is a case of trust but verify, so we'd still like to know what library and how to avoid this in other applications likely to be using the same libraries for this sort of steem connected site.

It seems intentional with a cop out excuse. The name of the external dep that did this ? Coinhive.

You're a good guy @sircock
lol kidding but I swear I thought that was your name at first glance.

And @netuoso you should be clear and let people know that you want @zombee to fail because you present an alternative on the meme creation front. Nothing wrong with wanting your competition to fail but you should be clear on that.

 7 years ago  Reveal Comment

If it's intentional, that would be a strange thing for a Steem-based site to do, considering that Steem is meant to turn the economic model of the web on its head.

It's happened before on steem.supply, IF it's intentional, my pfunky friend, it's greed, and in ancapistan, all are susceptible to greed. sigh

Based on @ZomBee's response shortly after these comments I think it would be best to assume good faith for prominent Steem services.

As you will see in comments made after he responded, I agree.

What happened with steem supply?

In that case, the site operator ran a script like this, didn't disclose. Got caught, admitted it, put up a notice it was running, got more push back and just took it out in the end. All last year. I still vote for that site operator as a witness thanks to his solid response to public preference.

Solid is an overstatement, when I initially reported it he wasn’t all that nice about it.

@dragosroua is a great guy, like most people here he kind of stopped caring about the majority of steem stuff, not sure but just a feeling I'm getting, maybe I'm just guessing from my perspective. I haven't been active quite as much as before

It's not the first time

Since it's hogging the CPU, it looks like a hack to me.

Site owners have done it themselves as well voluntarily as it is free money.

Yeah, but I'd have thought a site owner would keep the CPU utilisation at a less noticeable level.

yeah, i would suspect intentional in this case.

Yes, cpu and gpu cycles are free, the earth can sustain an unlimited amount of computing cycles in the quest for moar crypto mining.

You know what he means. The cost is externalized away from the site operator, to him or her, it IS free.

"This is the first time I have received this warning on their site."

Maybe it is supposed to turn the economic model of STEEM on its head.

Anyway another reason not to use dmania.

Dmania probably got compromised and some hackers installed these mining scripts. I doubt they would start doing this without letting users know.

I tend to agree.

Yea, that's pretty awful!!

Confirmed on my end as well. Once I turn off security it eats up a single core.

That really shakes me to my single core. lol Thanks for the confirmation, fellow witness. Y'all vote for this cat, up his witness game a little, he's kind of a witness badass, after all.

ive put the link around some of the discord groups for you for the mods to filter down.

thanks for spreading the word.

Well in that case, that is clearly wrong by dmania to have done that.. i would love to hear @zombee explaining this..

Another rouge witness that hath gone greedy?

hard to say. maybe so, maybe not, but they seem to be responding to the cry to undo it.

Thanks for the info. I tend to believe that they were hacked. With lower prices, I would imagine it would be harder to defend an attack. This dip has left a lot of sites vulnerable. Any update on steem.supply? I really liked their service. Thanks again for the post! Resteem

Steem.supply is clean. I vote for it's operator as a witness myself, in part because of how he handled the pressure of being found with crypto mining scripts last year. The site is devoid of them now.

Thanks for the heads up @sircork! Super helpful

We must have a very good antivirus to get noticed about these. Yesterday I saw a niche way of phishing and made a post about it. Looks like this was introduced unknowingly , but more and more greedy hackers are now eying steem block chain for sure.

Upvoted and Resteemed! Helping get the message out there. Thanks!

there has been A LOT of crazy phishing and bad links/scams and this kinda stuff......thanks @sircork for the warning
for the amount of money that is being 'played' with and the decentralized nature of what most of us stand for then any potential hidden things should be known

GO TEAM GOOD! ;)

Ok. I'm officially blocking you @sircork in order to avoid completely tarnishing your reputation with me. It drops every time I bump into one of your posts and read it. I know you don't get that. And that's okay. And I'm sure this isn't a loss for you. Totally a move to keep my own version of my own sanity. Really. Don't spend any of your brain skillz wondering about it.

I've never heard of you? So consider no brain cycles lost? But if you stand alone in the crowd of hundreds commenting on and supporting this post, I suppose that is on you, and not on me, or all of us? Have a pleasant day.

So. It seems that Busy.org tells me a couple of very nice things in my notifications

  1. It tells me when someone replies to me, even if I have them muted. Which it seems is a very good thing.
  2. It sends me a notification each time a reply is edited. I realized this when I had 4 notifications all pointing to this reply.

So, I decided to use my elementary level skillz and asked phist what was really going on. .... It's a shame you seem to be at a loss for words ... So let me help you out with something you really should know. But, I've noticed your research skillz are a little bit lacking.

And it might help 100's people understand why I said exactly what I said. Although I'm fully aware a great many others don't need to see this.

https://phist.steemdata.com/history?identifier=https%3A%2F%2Fsteemit.com%2Fdmania%2F%40sircork%2Fsecurity-warning-dmania-lol-is-running-mining-scripts-using-your-computer-resources%23%40sircork%2Fre-marillaanne-re-sircork-security-warning-dmania-lol-is-running-mining-scripts-using-your-computer-resources-20180322t145430522z

Edited to adjust formatting.

Edited to move to the correct slot ...

So your objection is that he edited his response to be less cutting, less biting, and more professional? You would rather he respond less pleasantly to someone who comes out of nowhere and talk some smack with no visible motivation?

I generally attempt to avoid scatology on Steemit, but that is some fucked up bullshit, bitch.

Now, I could go back and edit that to soften the blow, to make the message less potent, but I'm not nearly the pleasant fellow that @sircork is. He holds himself to a far higher standard of behavior and public discourse than I really care for, so you will only receive one notification about this reply.

If you read it with some derisive laughter injected right here, you will be well on board with my intent.

I look forward to the pointless, mindless response in which you tell me that I have been muted for your own well-being, because your tiny brain is incapable of dealing with the full force of superior cognition. I look forward to the tiny little animal whine that will underline those words.

I doubt that SC is at a loss for words, but if he is I've picked up a few off the floor, dusted them off, and lobbed them gently to you. Hopefully you can make use of them. Learning how to properly use an ellipsis wouldn't hurt either.

snort

Welp, I couldn't have summarized it better myself.

Astounding, you discovered I bit my tongue and after a few edits I decided not to completely embarrass you.

So what's your point. I've still never heard of you and your original comment makes no sense on a post so well received by essentially everyone on the platform, so are you like, my first stalker or something cool and psychotic like that, or just bored and obsessed with me?

Yes, Dear. I know you don't understand. You can't.

Now, You've been trying to bait a reply from this nobody for over 24 hours.

You've now gotten two. It's okay to let go.

My god, you are delusional. You can't bait a reply with a fucking REPLY, you incredibly bizarre stranger from out of no where with no fucking rational reason for being here at all.

Unleash the @berniesanders ..

Damn it. I caved. Lol

Daily Struggle dmania.jpg

In all seriousness, I really want dMania to step up their game because of the potential. It would have likely been a simple security audit that would have revealed something like this.

On that note, does anybody have any good recommendations for software that would find all these code embedded miners?

Lmao.. but actually not a bad advice.. bernie and zombee recently had exchanged a few heated words regarding dmania. I am sure bernie would love to exchange another blow with him..

is it risky to install mining script

it is if you own a prominent block chain connected service site as shown on this page of comments.

Almost everything is running mining scripts today :>

If you are using Firefox, you won't get this alert. That happens only in Chrome.
But Firefox needs 50% of CPU on DMania so it is running this script without alert from my Avast...

That's what my scriptblocker is showing in FF:
Unbenannt.PNG

I knew I never liked DMania for a reason when some people got a ton for a shit meme that was not even theirs, thanks for posting @sircork resteemed ;)

same here

Omg! How can dmania make use of their users!

It's not clear that they intended to or not. For now, the site is down while it's removed.

Another reason why i dont welcome dmania on steem.

Can't say it's their fault, yet... but I don't understand the idea of dmania or zappl really. I can make the same posts on condenser or busy or chain, while enjoying all the full capabilities at the same time?

But who would upvote all the memes?

We need meme upvote governance now! Ban something!

Major topic on the next G20 summit, regulate all memes!

Seems shitty to attack and insinuate blame because... "You don't understand".

Which is what this seems like. There are browsers and apps to prevent crypto mining from your browser. I would recommend everyone in Crypto who doesn't want to share their computing power should research and install a tool to prevent it.

I can’t believe you’re defending this. How are you involved in dmania?

Hey Bernie, Thanks for asking.

  1. I think memes are an acquired taste, creative and funny.
  2. I received a couple of their votes, which keeps the user-experience fun.
  3. Even with a few fails in their methods, they are distributing steem to a better variety of people with an acceptable rate of "bad votes". It is more entertaining than watching the select few trade places on trending. They have continued to review and change their bot's behavior as they see results.
  4. I was delegating to the bot which is another way to earn Steem, as an investor I am sure you can respect that. I stopped because I fell down the list of it being a good investment.

To be clear, I don't know any of the developers or those running the projects. There isn't anything better or worse about this project that dlive, dtube, etc. They are taking votes from SteemIt Inc's stake and at least spreading it around to some new people, something steemit, Inc has never been able to figure out how to do.

Bring on the new platforms!

Show me an attack and blame on my part. I provided information, important information, but thanks for jumping to conclusions?

reread your title.

My title is a factual sentence. Your false allegation is projection. Reread your logic class.

My response was an overreaction as well. Everyone will have to pick and choose what they trust and what they support. Anyway, I'm not interested in additional drama. I shouldn't have had a knee jerk reaction.

...or from steemit itself @sircork. Tsk Tsk

To ¡Show! ..a button!! }:)

steemit is a condenser site also. ;)

¡Exactly! now click on that green text and start laughing!! :)

Why am I not surprised by more blunders from DMania!?

Because you got brain skillz?

Because I see many hidden things in my crystal ball.

Thank You @SirCork for the "Heads-Up"...

The non-nerds like me, need people like You to keep us out of trouble...

By the way, how have You been... Good, I hope.

Thanks Again SC...

Cheers !!

Doing well, SA, hope you're sailing smooth waters.

Everything is pretty much as expected...

March Madness is not only about College Basketball... but also includes 1,000's of Spring Breakers descending upon the shores of Florida... Smilesssssssss

Fortunately, my sailboat I live on is docked in a very expensive, semi-private cul-de-sac street that is rarely visited, even though it is very close to the Beach.

Oh... AND lots of security cameras on my street... lol

Cheers !!

Hey @sacred-agent ! I have a sailboat also.. a 38' Duhler that I sail to Bahama's . I lived on it for a while also years ago.... I love sailing!

@FollowBTCNews... Very Nice... Your 38' Duhler is nice sailboat, I have a Duhler docked right next to mine...

I just double-checked that I have voted for You as Witness... Sailors are almost always Very Good People...

Hope everything is going well on Your side of the computer.

Cheers !!

didn't see that coming.

Thank you sir for this prompt alert. It is worth millions in bank.

I'll split your savings with you then ;)

I will be willing to share with you. Lol

People really need to see this, before things get worse. And a proper clarification should be made

@sircork thanks for the information

You're welcome!

Thanks for alerting us on time. Whether good or bad, that act by Dmania is quite suspicious.

@eurogee

It's just someone being greedy, at the expense of your computing power, but it's a bit shady...

thank you for providing very useful information and this is very helpful for me.
may I translate your post and post it so that people in my place will be easier to read it.

Dmania ?
I thought this was good site/app t use..

Maybe so, maybe not. Depends on the official response to this situation for now.

DM me let me know what you find out please.

Well the story is here. Consider this your dm ;)

@sircock thanks for the fore-warning, it's possible they were hacked or otherwise, however the matter should be looked into

I concur.

That is pretty shady you got a warning popup since dmania is part of Steemit. Thanks for the heads up ✌

That is incorrect. Dmania is not part of steemit. Steemit inc makes steemit.com, a random user named @zombee makes dmania.lol - they have absolutely nothing to do with each other, unless there are some delegations I'm not currently aware of, and I have not checked.

Oh ok, thanks for the clarification. Didn't know that.

Dmania receives a fairly large delegation from Steemit inc

Turns out they get them from a lot of influential people... who would all be none too pleased if this was not an incident of malicious mal-ware, but rather a purposeful installation. I just can't see that being true though, with the stakes this high and the catch too easy...

http://www.steemreports.com/delegation-info/?account=dmania

I pretty sure ned delegates to dmania

Yes, they have a large delegation.

Thanks for the heads up ! Voted as a witness :)

Thank you very much!

Thanks for the warning. That is messed up, however it happened.

Hopefully people see this and it cuts back on the million memes a day on Steemit. Resteemed!!

I wish I could say this is shocking... But nothing really shocks me anymore, we focus so much on the trending bs (I agree btw) that some of the worse abuse of power gets to happen right under our noses.

I want to give memers the benefit of the doubt, but I seriously have a hard time finding value on this whole dmania debacle.

I've done some logical contortionism and even then I fall short of understanding the reason for the delegation. Some may dislike Bernie's approach to things and I totally get it, but he is not wrong on this one in the slightest, at least in my opinion.

I will wait anxiously for zombee's reply, but I doubt any will be satisfied with it, if it actually happens.

If this is something that only runs when you have their web page open, then I don't really see what the problem is. As far as I'm concerned, this is an alternative to advertising and a better one. It would be the polite thing to do to notify visitors this is happening though.

Regardless of the background if they do it on purpose or have been hacked - Thx for the headsup, resteemed!

Maybe that's why ALL the D series runs so fucakbly slow?

How did i miss this drama.

WTF..this will definately be the death of dmania! At first some community members were complaining of plagiarism....and now this.....!!!
So let people now use decentmemes.com

It is indeed true... The response should be swift and decisive, this kind of practices should not be tolerated by platforms using the STEEM blockchain.

IF

No if. They were running a script. My adblocker caught it. I went into the browser developer console (F12) and saw it running.

Now they disabled it, the website is clean again.

I'm using uMatrix so that takes care of this problem.

I'm also going to post a link to a site to test if the user is safe, for people who aren't sure:
https://cryptojackingtest.com/

Hi @sircork after seeing your post I quickly logged out from dmania.lol and what I found my processor cooled down to 5% before logged out it was using 95% processing power thanks a lot @sircork you make my day happy
Thanks
@maujmasti

Dont like Dmania. Too many meme posts. I've unfollowed everyone using them to spam posts.

Useful information! Thanks for the alert. I am a mac user. Is an antivirus or internet security system a solution?

I'm not a mac user, but my comprehensive windows security suite caught it.

I have been telling the fellow script kiddies for decades that memes would be bad for our health.

Another CoinHive-liked trojan...

There are 2 pages
Pages