2018

HOW TO: Block Cryptocurrency Miners System-Wide

Ads are not only used to advertise products and services, but also to track your activity and behavior on the internet, steal your data and infect you with malware. The worst part? You don’t even have to click on ads to be affected by malware, tracking and ransomeware.

In the past uTorrent quietly installed cryptocurrency miners and The Pirate Bay was discovered to run browser-based miners. YouTube was recently caught displaying ads that covertly leach off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers.

There’s a few things you should take care immediately…

1. Use an Adblock plugin

I suggest using uBlock Origin in medium mode ( download link for Safari ).

On iOS and Android you can use Brave as your browser ( also available for macOS, Linux and Windows ). If you insist on using Safari on iOS, you will want to take care of some settings first.

On mobile devices if you use Brave, you don’t need an Adblocker for browsing. But you still need to block in-app ads. To do that you can use AdGuard Pro ( iOS and Android ).

Once installed, open AdGuard Pro and go to DNS Settings > Ad Custom… > and type in the following IP addresses

  • 176.103.130.130
  • 176.103.130.131

 

2. Hosts File

Now that your browser is taken care of by uBlock Origin, let’s block unwanted connections system-wide using the hosts file. You will need to edit this file manually, or use 3rd party software.

 

Where do you find the hosts file?

  • macOS: /etc/hosts  ( we’re going to use Gas Mask )
  • Linux:  /etc/hosts
  • Windows: C:\Windows\System32\drivers\etc\hosts ( NOTE: You may need to tell Windows Defender to ignore this path.  You may have to use Notepad and “Run as Administrator” )

 

 

How to block webminers using the hosts file?

You can either edit the hosts file manually ( copy-paste into the file ) or use a 3rd party software. We’re going to use Gas Mask on macOS.

1.  Download and install Gas Mask ( linked above )

2. Run Gas Mask

3.  In the menu bar, click on Gas Mask ( it should say “Original File” next to the gas mask icon ) and choose “Show Editor Window”

4. In Gas Mask’s editor window, click on add button ( top left corner ) and choose “Local” ( for some reason the list we’re going to use can’t be used as a remote source, hence it’s not going to update by itself. More on that later )

5. A new “Hosts File” file will be created. You can use it as “Hosts File” or rename it using a descriptive name. Example: “Webminer”.

6. Now all you have to do is copy-paste this list into your new Gas Mask hosts file. Once the list is pasted, click on “Save”.

NOTE: I mentioned above that for some reason you can’t use this list as a remote file. The only difference between a local and a remote file is that Gas Mask will update the remote file once updates are available. So my suggestion is to bookmark the link to the list and check it maybe once a week for changes. Right now the version is 1.40.

When the list will be updated, simply copy-paste the list again overwriting the outdated list in Gas Mask. ( don’t forget to save the list after changes are made )

7.  Before you close the editor, hit “cmd + ,” ( or go to the menu bar click on Gas Mask and select “Preferences” ) and select “Open at Login”.

 

8. Now you can close the editor. Click on the Gas Mask icon in the menu bar, and select “Combined Hosts File”. That means you will use your original hosts file, alongside the local and remote ones you add.

 

Reload the hosts file:

Because your OS caches DNS lookups, you will need to flush the DNS cache one the new hosts file is in place. You can do this by restarting your computer or manually flush the DNS cache. Here’s how:

 

macOS

1.  Open Terminal

2. type ” sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder ” ( no quotes ), hit Enter

3. Type in your password

 

Windows 

Open a command prompt with administrator privileges and run this command ” ipconfig /flushdns ” ( no quotes )

 

Linux

Open Terminal and run the command with root privileges:

  • Ubuntu/Debian: sudo /etc/rc.d/init.d/nscd restart
  • Fedora: sudo systemctl restart NetworkManager.service

Google for other distros…

 

FSM tries its best not to track you or allow third party services to track you. You may notice we don't use ads or social share buttons.

We don't ask for your email or any other personal info. Hell, we don't even have Google Analytics on the site. FSM tries to provide you with valuable info in a way that respects your privacy.

If you would like to support FSM consider donating with Bitcoin: 1Hfuq77gKKFJeNcq4EP4dQK3yDRWrFEwJR


Alternatively you can buy us a coffee. ( one time payment )