Jump to content
Sign in to follow this  
Alan Abbasi

CryptoJacking Prevention - Auto Updating List of All Mining Pools

Recommended Posts

Posted (edited)

"Cryptojacking (also called malicious cryptomining) is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies. "

I wanted to share this list with you guys.. if you block these domains on your network (we did it with opendns) you'll never have a problem with cryptojacking. https://zerodot1.gitlab.io/CoinBlockerLists/hosts

Microsoft should really come out with an update to automatically block these on their firewall by default, or something.

Edited by Alan Abbasi

Share this post


Link to post
Share on other sites

To follow up on this, note that the format of the file on the URL is literally the syntax of a Windows Host file (IP Address  - name). Inside Automate, create a script that will download the content of the website to a variable (Script Function: Shell: powershell -command "(Invoke-WebRequest -Method Get -Uri 'https://zerodot1.gitlab.io/CoinBlockerLists/hosts').content") and then append that to the computers existing host file. Schedule the script once a day/week/month/year or whatever and you're done. Self updating automatically blocking list of cryptomining domains solution created using Native Microsoft functionality and magic sauce from Automate :).

 

No I won't make the script for you, do some work for yourself :P

 

Share this post


Link to post
Share on other sites
Posted (edited)

That would be effective for say, one list to block such as https://zerodot1.gitlab.io/CoinBlockerLists/hosts

However if you are borrowing other lists from https://hosts-file.net/?s=Download , there could be a lot of false positives that customers want to whitelist.. which would be a bitch to fix.

Regardless, a plugin for a master hosts file that we can update and whitelist with.. that would be pretty sweet. Though I could see the host file reaching ~30MB in size when grabbing from multiple sources, quite hefty for an automate server to deliver.

Edited by Alan Abbasi

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...