Notice: Project no longer maintained. See: this issue
To block the Malware domains of CoinHive or related JS bitcoin miners.
This does not block AuthedMine.com because they ask for permission. This is only for the rogue implementations of it.
We believe that using a JavaScript Bitcoin miner on your site without end-users explicit permission is Malware.
Fortunately, CoinHive realized how webmasters were implementing their miners without ever asking the end-user. They concluded:
We're a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what's going on, let alone asking for their permission. We believe there's so much more potential for our solution, but we have to be respectful to our end users.
We hope we can convince website owners to integrate the miner in a way that is more meaningful and honest to their users. ...
In September 2017, The PirateBay secretly added the JS miner without any user disclosure. Adding secret miners makes your site behave as a malware.
While it may seem like a great solution for the dying ads market, it's sad that the webmasters implemented it like a malware, without considering the end-user.
- Program's that supports hostfile format such as
adaway,ublock orgin,DNS66you can use:https://raw.githubusercontent.com/Marfjeh/coinhive-block/master/hostfile.txt - Or you prefer to use a adblock-filter list:
https://raw.githubusercontent.com/Marfjeh/coinhive-block/master/adblock.txt
Those lists gets updated on every commit, so you dont need to change them anymore after release.
If you believe this is a false-positive which can happen, please make an issue about this.
and we will resolve this ASAP.
Make also sure that your webhost isnt compromised.
We suggest asking the end-user for opt-in before operation. It's the user's choice whether they wish to participate. If they don't, please respect their decision.
AuthedMine.com adds a pop-up asking for permission to authorize it. That's why we won't block AuthedMine.
AntiMalwareBytes has also taken steps to block JS Miners stating:
Why are we blocking it?
We do not claim that CoinHive is malicious, or even necessarily a bad idea. The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.
The reason we block CoinHive is because there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems. A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl.
Some of the domains in this repo are from gitlab.com/ZeroDot1/CoinBlockerLists Big shoutout to these guys. They're not just blocking JS miners, but every crypto-pool to make mining inside your network impossible. Very neat stuff for SysAdmins!
To compile the files yourself: Several ways are listed below:
git clone https://github.com/Marfjeh/coinhive-block.git
cd coinhive-block
sudo make
sudo make installgit clone https://github.com/Marfjeh/coinhive-block.git
cd coinhive-block/compilers/src
python make.py
cd ../../
copy /b %windir%/drivers/etc/hosts + hostfile %windir%/drivers/etc/hosts git clone https://github.com/Marfjeh/coinhive-block.git or git clone [email protected]:Marfjeh/coinhive-block.git
cd coinhive-block/compilers/bin
compile.exe
cd ../../
copy /b %windir%/drivers/etc/hosts + hostfile %windir%/drivers/etc/hosts - Clone the repository
[email protected]:Marfjeh/coinhive-block.git - Change directory to the coin-hice block folder
cd coinhive-block - Add new domains to the
domainsand start contributing! - Make a pull-request.
This project is released under the MIT License