On 04/10/2018 12:18 PM, home user via users wrote:
> Good afternoon,
>
> background:
> In the past few months, I've seen a few articles on the internet about coin
> mining, also called cryptojacking. Seems that in a variety of ways, software
> can be loaded onto remote computers and then run to mine crypto-currency,
> often without the user knowing it. This is done to make money, sometimes for
> good purposes, but sometimes for malicious people or organizations. The
> running of most such scripts is barely noticeable (deliberately!), but some
> can take up so much cpu and/or gpu so as to fry the processors (by
> overheating them).
>
> question:
> I realize there's no perfect protection. But based on the knowledge and
> experience of the members of this list, which of the coin-mining blockers
> available for Firefox is best (most effective)?
I've never understood the underlying concept of bitcoin/xmr/whatever
mining. Currency (money) is usually tied, ultimately, to some physical
thing. This just seems nebulous. Are they using our systems to come up
with better cryptography? I just don't get it.
Anyway, my top 7:
1. Never let Firefox (or Chrome or any web browser) install software on
your machine without your explicit approval. Never ever! Bad dog!
2. If you download something and want to install it but aren't 100% sure
about, deploy it into a scratch directory and run it in a sandbox first:
https://fedoraproject.org/wiki/Sandboxing
or run it in a VM. Make sure the sandboxed program doesn't do anything
nefarious before you install it normally.
3. Keep your system up to date ("dnf --refresh upgrade" often).
4. Use a highly restrictive firewall. Mine's set up so that NOTHING
unsolicited gets in except ssh from specific IPs and DNS responses.
5. Don't disable SELinux. This may be a pain, but it can catch some
nasty stuff.
6. Track what processes your machine is running most of the time and
look for ones that seem suspicious (running "ps aux" as root can be your
friend).
7. I have a Raspberry Pi that I use to run nmap against my machines to
see if they have open ports I'm not expecting. This also helps protect
against trojans.
Your mileage may vary and others here on the list will certainly chime
in. Always keep in mind the old adage:
"Just because I'm paranoid doesn't mean they AIN'T out to get
me!"
Good luck!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ri...@alldigital.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Duct Tape + Magic Marker = Label Maker! -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
