Bitcoin Forum
December 07, 2016, 06:38:12 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum causing users to call deepbit.net (forum "bot"?)  (Read 728 times)
w1R903
Full Member
***
Offline Offline

Activity: 218


View Profile
June 21, 2011, 12:18:55 PM
 #1

I'm a long-time lurker who has only bothered registering to pass on a piece of information that might interest forum users and moderators.  Someone on the forum is causing other users'machines to send packets to deepbit.net.  I noticed that whenever I was on the forum, my machine was connecting to 91.213.175.240.  Turns out this is a deepbit.net IP.    For those that don't know, deepbit.net is a bitcoin mining pool.  I've 100% isolated this behavior to the Bitcoin forum. It would appear that someone on the forum has is using some variation of CSRF, probably via a link or image tag in their signature, to cause other users' computers to call 91.213.175.240; I would assume to use their CPUs/GPUs to mine on their behalf.  I'm not knowledgeable enough about security issues to guess how exactly they are doing it, and I'm in the middle of a big work project and so don't time to track it down.  I would assume the script is only using our computers to mine on their behalf, but who knows?  I'm kind of surprised that no one else has posted about it.

I'm running windows and I've not yet tried to isolate this behavior on a linux machine, but I'd assume it would work there, too.  It's really amazing the level of sophistication that attackers use now against users.  Everyone be on guard.

Just to be clear, I don't think this is related to the forum owners, but rather to a member of the forum.


PS -- I don't mine and have no mining clients installed.
PPS -- This hasn't happened on the newbie section, but in the general section.

4096R/F5EA0017
1481135892
Hero Member
*
Offline Offline

Posts: 1481135892

View Profile Personal Message (Offline)

Ignore
1481135892
Reply with quote  #2

1481135892
Report to moderator
1481135892
Hero Member
*
Offline Offline

Posts: 1481135892

View Profile Personal Message (Offline)

Ignore
1481135892
Reply with quote  #2

1481135892
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481135892
Hero Member
*
Offline Offline

Posts: 1481135892

View Profile Personal Message (Offline)

Ignore
1481135892
Reply with quote  #2

1481135892
Report to moderator
1481135892
Hero Member
*
Offline Offline

Posts: 1481135892

View Profile Personal Message (Offline)

Ignore
1481135892
Reply with quote  #2

1481135892
Report to moderator
1481135892
Hero Member
*
Offline Offline

Posts: 1481135892

View Profile Personal Message (Offline)

Ignore
1481135892
Reply with quote  #2

1481135892
Report to moderator
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
June 21, 2011, 02:13:23 PM
 #2


Someone on the forum is causing other users'machines to send packets to deepbit.net.

Could it be some people's ”I'm mining at X Ghash/sec at deepbit.net” signature banners?

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 21, 2011, 02:14:32 PM
 #3


Someone on the forum is causing other users'machines to send packets to deepbit.net.

Could it be some people's ”I'm mining at X Ghash/sec at deepbit.net” signature banners?

Cheers,

+1
w1R903
Full Member
***
Offline Offline

Activity: 218


View Profile
June 21, 2011, 02:25:24 PM
 #4

I had not seen those links, but that would be a relief if it's that simple (and I'd look like an idiot).  But why would they continue to ping the deepnet IP even after the page is loaded?

Anyway, I hope you're right, and if so I certainly deserve to stay here in the newbie section Smiley

4096R/F5EA0017
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!