You are viewing a single comment's thread from:

RE: Security Warning: Dmania.lol is running mining scripts using your computer resources.

in #dmania7 years ago (edited)

I have definitely not installed any mining script on dMania and the site wasn't compromised.
It makes absolutely no sense that I would run a mining script on a small website like dMania. The rewards for that would be almost zero and I would lose all trust of the users.
That would endanger the whole project and everything I have worked for the last 6 months.

The only way that is possible is that some third party library has included a mining script somewhere. I am going to investigate and check if it's true.
dMania uses a lot of libraries that could potentially include a mining script with a new update without my knowledge. That's the only possible explanation and could potentially happen to any website.

Update
Apparently there was actually running a crypto miner on dMania without my knowledge. It was probably included in some external library in one of the last updates. I have updated all external libraries and the miner is gone.

I want to clarify that I had nothing to do with this. Projects like dMania use hundreds of libraries. Those libraries can potentially include a miner in a new update. I am now checking the code for that before every update so that won't happen again.

Update 2

Ok looks like the problem is not resolved. Atm I have no idea whats going on and how the miner gets onto the website. I took down dMania to protect the users until I fix it. ( dMania-bot is also down and won't upvote anything).

dMania will be online again when the problem is resolved.

Sort:  

Can you please give more info on which module was adding the miner? Was it a npm module? What's the name? I want to dig deeper in this

Thanks for responding. We have many confirmations it IS mining from @themarkymark, @netuoso, @andybets, @drakos and myself.

Find it and kill it, would be my suggestion.

Dmania is useless why would i share my rewards with your platform when i can just post a meme directly to steemit?

Because there is a chance of a 40$ upvote from the bot that you cant get if you post directly to steemit. But take in consideration that only quality memes can get the votes so you might want to post them to steemit after all. Your attitude is toxic, gtfo.

I find your reply to accra unpleasant and wrong. I too had wondered and now I know I must stay far from all posts using dmania, since you react so violently to a simple question. I suppose you are now going to flag me also...

@zombee does runicar really represent your attitude to questions being asked? I also think that responding this way, with sarcasm and flags, at the time you have just been found to be in the wrong, even if unwittingly, is not good marketing.

You really shouldn’t be using hundreds of libraries. It’s a bit wasteful from a resource standpoint, opens up the site to vulnerabilities, and makes updating a pain.

Thanks for the update. Crisis averted. Good work. Good response.

What virus software do you use? I'm impressed by that catch!

Cg

Avast as indicated in the screenshot. McAfee is already dead because the founder has transformed into a full-time shill. LOL

and you find out here? is making the corrections for this post, I think you should be more careful with this ,,,,, thanks to the friend @ sirirk for such important information ,,,

I appreciate your response and update @zombee, but can you also answer @heimindanger question? Thanks

Here's my little 100% UV
THANKS for the Quick Response!

@sircork

U, MY GOOD SIR, ROCK!

Not buying it, what was it included with?

I am now checking the code for that before every update so that won't happen again.

Will you share some details! So other small operators who care about it can also try to avoid these hidden miners!!

I go with the library theory. It is not the first time I see something like this happen, especially with crypto-related sites. It is vital to have the proper security software installed for detecting this kind of things.

Coin Marketplace

STEEM 0.24
TRX 0.25
JST 0.040
BTC 94402.77
ETH 3410.40
USDT 1.00
SBD 3.38