dashed-slug.net › Forums › Faucet extension support › coinhive captcha › Reply To: coinhive captcha
Hi, reusing this thread in the interests of good environmental practice!
The firewall is throwing up a notice about coinhive:
Filename: wp-content/plugins/bitcoin-faucet/templates/default/index.php
File Type: Not a core, theme, or plugin file from wordpress.org.Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: ://coinhive.com/lib. The infection type is: Browser-based crypto currency miner..
I have not installed coinhive on this site, are you experimenting with it? If not the server may have been hacked. No worries, it’s not active right now so only stupid bots are present. Here is the relevant code:
<!– Lets try to provoke AdBlock… –>
<script type=”text/javascript” src=”https://coinhive.com/lib/coinhive.min.js”></script>
<script type=”text/javascript” src=”<?php echo($trof_main_url); ?>libs/advertisement.js”></script><!– …and check if AdBlock fired –>
<script type=”text/javascript” src=”<?php echo($trof_main_url); ?>libs/check.js”></script><script type=”text/javascript” src=”<?php echo($trof_main_url); ?>libs/mmc.js”></script>
<?php
} //if($data[‘block_adblock’] == ‘on’)
?>
It seems to be a thing to provoke adblock. Is this correct or is someone trying to make it look innocuous? I guess the former but just checking.
Cheers
PS Adblock to bitcoin was a nice idea but appears to be abandoned and needs more work, but it’s open source (GitHub), might be a nice addition when you have time. https://wordpress.org/plugins/block-ads-to-bitcoin/