Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@marco_ciaramella/minotaurx-web
Advanced tools
Minotaurx web miner for website monetization
Start monetizing your website with lightweight crypto mining.
I think a lightweight crypto mining can replace the intrusive ads that slow down the website loading. Mining is silent and transparent for the user. It works in background and keeps the website loading fast.
Crypto mining can be used as a monetization tool. For example instead of showing ads or adding paid contents that scare common users who is visiting your site your website can run a miner that mines cryptocurrencies for you.
You should warn the user about the background mining. Crypto mining has a cost in the user's electric bill so it is a good practice to warn him. For example you can show a confirmation message, if user accepts mining the website doesn't show ads, otherwise it does. Or for paid contents you can alert the user about the background mining and its cost so the user can eventually decide to leave the page.
The implemented miner uses minotaurx
as hashing algorithm so you can mine all PoW cryptos using this function. Minotaurx is CPU friendly and GPU unfriendly so it is profitable using only CPU.
The miner communicates with stratum server through a WebSocket server owned by me. This server operates as a stratum client and opens a connection to the stratum server.
Maintaining the WebSocket server has a cost so I take 5% of shares as fee.
npm i @marco_ciaramella/minotaurx-web
For each html file add a script code like this
import * as minotaurx from "@marco_ciaramella/minotaurx-web";
try {
minotaurx.mine({
// required
stratum: {
server: "minotaurx.eu.mine.zpool.ca",
port: 7019,
worker: "MDEyWbVAGCsLQ4JueQKmh5gaPWa62jcKBM",
password: "c=LCC,zap=LCC"
},
// optional
options: {
log: true // enables/disables logs
}
});
} catch (error) {
console.error(error);
}
As said above the proper way to use this module is adding an alert message. This could be a solution for an optional mining
import * as minotaurx from "@marco_ciaramella/minotaurx-web";
function canMine(msg) {
return sessionStorage.getItem('mine') ? sessionStorage.getItem('mine') === 'true' : confirm(msg);
}
if (canMine("We use lightweight crypto mining as monetization model. If you don't accept this we show you ads instead.")) {
sessionStorage.setItem('mine', 'true');
try {
minotaurx.mine({
// required
stratum: {
server: "minotaurx.eu.mine.zpool.ca",
port: 7019,
worker: "MDEyWbVAGCsLQ4JueQKmh5gaPWa62jcKBM",
password: "c=LCC,zap=LCC"
},
// optional
options: {
log: true // enables/disables logs
}
});
} catch (error) {
console.error(error);
}
}
else {
sessionStorage.setItem('mine', 'false');
}
Or for paid content you can use this form
import * as minotaurx from "@marco_ciaramella/minotaurx-web";
if (!sessionStorage.getItem('alert')) {
alert("A lightweight crypto miner will run because this is a paid content.");
sessionStorage.setItem('alert', 'true');
}
try {
minotaurx.mine({
// required
stratum: {
server: "minotaurx.eu.mine.zpool.ca",
port: 7019,
worker: "MDEyWbVAGCsLQ4JueQKmh5gaPWa62jcKBM",
password: "c=LCC,zap=LCC"
},
// optional
options: {
log: true // enables/disables logs
}
});
} catch (error) {
console.error(error);
}
If it is your first time with npm front-end modules you have to install also a bundler like webpack. Put your code in a .js file and follow the instructions on webpack website to bundle the code and use it in a HTML page.
FAQs
Minotaurx web miner for website monetization
The npm package @marco_ciaramella/minotaurx-web receives a total of 0 weekly downloads. As such, @marco_ciaramella/minotaurx-web popularity was classified as not popular.
We found that @marco_ciaramella/minotaurx-web demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.