Topic: Forum causing users to call deepbit.net (forum "bot"?) (Read 896 times)

I had not seen those links, but that would be a relief if it's that simple (and I'd look like an idiot).  But why would they continue to ping the deepnet IP even after the page is loaded?

Anyway, I hope you're right, and if so I certainly deserve to stay here in the newbie section

+1

Could it be some people's ”I'm mining at X Ghash/sec at deepbit.net” signature banners?

Cheers,

I'm a long-time lurker who has only bothered registering to pass on a piece of information that might interest forum users and moderators.  Someone on the forum is causing other users'machines to send packets to deepbit.net.  I noticed that whenever I was on the forum, my machine was connecting to 91.213.175.240.  Turns out this is a deepbit.net IP.    For those that don't know, deepbit.net is a bitcoin mining pool.  I've 100% isolated this behavior to the Bitcoin forum. It would appear that someone on the forum has is using some variation of CSRF, probably via a link or image tag in their signature, to cause other users' computers to call 91.213.175.240; I would assume to use their CPUs/GPUs to mine on their behalf.  I'm not knowledgeable enough about security issues to guess how exactly they are doing it, and I'm in the middle of a big work project and so don't time to track it down.  I would assume the script is only using our computers to mine on their behalf, but who knows?  I'm kind of surprised that no one else has posted about it.

I'm running windows and I've not yet tried to isolate this behavior on a linux machine, but I'd assume it would work there, too.  It's really amazing the level of sophistication that attackers use now against users.  Everyone be on guard.

Just to be clear, I don't think this is related to the forum owners, but rather to a member of the forum.


PS -- I don't mine and have no mining clients installed.
PPS -- This hasn't happened on the newbie section, but in the general section.