A few days ago, the staff in charge of maintaining the wordpress plug-in, wordfence echoed this News of the presence in this popular content manager of a plugin that had incorporated the use of Coinhive to obtain cryptocurrencies and had been removed from the list of plug-ins available in WordPress.
A cryptocurrency is a virtual currency, the best known is Bitcoin. This coin is obtained through a mathematical challenge that involves a high computational cost. This cryptocurrency mining requires a high use of the processing capacity of graphics cards and CPUs, which can make the initial investment so that obtaining this type of currency can be profitable, very high.
Coinhive takes into account this investment problem and offers a tool to be able to delegate this workload to others. This platform offers website administrators the possibility to incorporate a small script in them.
In this way, site visitors will report benefits for the simple fact of accessing it. If the website in which this financing strategy is incorporated has a very high volume of visitors, the calculation capacity and at the same time the benefits of this, increase greatly. Not only does it increase the consumption of our CPU resources, but by operating at more capacity than it should be running at that time, it increases our electricity consumption.
Given that at no time the user is asked for permission to start this consumption of resources, which are not essential for the proper functioning of the website, it makes the application of this type of script on websites, of dubious ethics.
Among the websites that have opted for the incorporation of this type of financing at the cost of the processing capacity of their visitors is the pirate bay, the popular file-sharing platform.
Considering blocking coinhive with web add-ons may imply a certain violation of our privacy, since most browser plug-ins require being able to read all of our traffic in order to identify requests to the coinhive service.
ET-Security allows you to block Coinhive and prevent misuse of our equipment
Our popular access control tool incorporates an Internet monitoring module. In this there is the possibility of blocking access to domains on the Internet so that they cannot be accessed. If we block access to the site that hosts the script that consumes our resources, we will prevent this from being executed.
It should be noted that from this moment on, replicas of this business model may emerge that are more complex or elaborate, thus making it difficult to block this type of malware.
The first step is to facilitate the ability to block coinhive and we will be attentive to the evolution of this type of data mining strategies to continue adapting to the constant evolution on the Internet. Our technical team can solve any doubt about Internet security and the application of access prevention to your equipment and websites through our contact page .