Contacts and Messages 

Block the script on the page. How to disable JavaScript in different browsers. How to protect yourself from browser mining

Cryptocurrency miners on websites have become a real problem. Recently even The Pirate Bay such a monetization option. The first services like Coinhive have appeared, which encourage website owners to install miners and earn money without banners and advertising. According to their calculations, a typical website visitor on an average laptop generates 30 hashes per second. For The Pirate Bay with an average session time of 5 minutes and a monthly audience of 315 million people, this gives 30x300x315000000 = 2,835,000 megahashes per month.

If you treat people humanely and load the processor at only 30%, then there are 850,000 megahashes left. Coinhive pays website owners 0.00015 XMR per million hashes, so The Pirate Bay could earn 127.5 XMR ($12,000) per month and completely kill his reputation in the eyes of users.

Unfortunately, more and more sites are choosing this monetization option. Sometimes mining scripts penetrate websites without the knowledge of the owners themselves. One such story was recently told by one of the Habr users. He accidentally discovered the miner on a small Russian website selling pet products.

Even worse, attackers have begun to embed hidden miners directly into browser extensions so that they can run continuously, stealing computing resources from computers. For example, the SafeBrowse extension with a miner was distributed through the official Chrome Web Store for several days before it was removed. Two extensions with miners have been released for Firefox.

Naturally, we are not happy about this prospect. From the point of view of an ordinary person, the main problem is how to protect yourself from these miners so that they do not load the processor, slow down the computer and devour electricity.

Users of the ad blocker uBlock Origin have been discussing the issue on GitHub for several weeks and maintain a list of malicious domains to block. Unfortunately, recently miner scripts have started randomly changing domains, so you won't be able to block scripts that easily unless you disable JavaScript in your browser altogether.


A mining script that uses random domains is difficult to block with standard blockers

However, scripts with random domains are still rare. You can protect yourself from most mining scripts by blocking at least the most popular domains in hosts - and keeping the list up to date, adding new domains as they are discovered. Recently, a free program Anti-WebMiner appeared that does just this: its authors add to the list of mining domains on GitHub, and the program itself adds these domains to the hosts file.

This can also be done manually. The list currently includes 16 domains, including that of the aforementioned Coinhive, although it bills itself as a legitimate service for website owners:

# Anti-WebMiner Start 1.0 43011
0.0.0.0 azvjudwr.info
0.0.0.0 cnhv.co
0.0.0.0 coin-hive.com
0.0.0.0 gus.host
0.0.0.0 jroqvbvw.info
0.0.0.0 jsecoin.com
0.0.0.0 jyhfuqoh.info
0.0.0.0 kdowqlpt.info
0.0.0.0 listat.biz
0.0.0.0 lmodr.biz
0.0.0.0 mataharirama.xyz
0.0.0.0 minecrunch.co
0.0.0.0 minemytraffic.com
0.0.0.0 miner.pr0gramm.com
0.0.0.0 reasedoper.pw
0.0.0.0 xbasfbno.info
# Anti-WebMiner End

Although no one bothers you to edit hosts manually, with this utility updating the list of domains and making changes to hosts is faster and more convenient.

You can also manually enter a list of “banned” domains into the ad blocking program you use.

There are other options for blocking mining scripts. For example, the No Coin extension for Chrome (source code on GitHub).


The No Coin extension detected a mining script on the site

This extension monitors activity on each site and alerts you if a mining script is detected on it. This approach even helps against scripts with random domains. Plus, here you can whitelist the site if you really want to donate some CPU time to it. For example, many users The Pirate Bay in the comments to the news about testing a mining script, they expressed the opinion that they would not mind helping their favorite site with their CPU time. Over the past year, this torrent tracker collected only $3,500 in donations, and through a mining script it can collect $12,000 per month without people having to part with money (at least not directly). People download warez, free music and movies here, so why not give something back.

Another minerBlock extension for Chrome works on the same principle as No Coin. It is also distributed as open source, so you don’t have to worry that the miner blocker itself is quietly mining cryptocurrency.

But still, the most reliable way to block mining scripts is to install an extension that generally blocks the execution of any scripts, like NoScript for Firefox.

In order to disable JavaScript in Chrome go to settings by clicking the button with three lines in the upper right corner of the browser window. Scroll to the bottom of the settings page and click below. You will find the section "Personal data", where you need to click on "Content Settings":

In chapter "JavaScript" set the checkbox to value "Prohibit execution...". Click the button "Ready".

How to disable JavaScript in Mozilla Firefox

Enter in the browser address bar:

about:config

In this way you can open a list of settings. Use search to find an item javascript.enabled. Left click on it and click "Switch":

How to disable JavaScript in Yandex

Users of the Yandex browser, which is similar to Chrome in many ways, should also start with the three-bar settings button in the top right corner. Click there "Show advanced settings". Find the "Privacy Protection" section, where you click "Content Settings":

Having entered this section, move the switch to the item "Disable JavaScript on all sites". To confirm changes, click "Ready":

How to disable JavaScript in Apple Safari

If you're using Safari, open Settings and go to "Safety". Further, in the section "Web content", uncheck the item "Enable JavaScript":

How to disable JavaScript in Internet Explorer

Open settings by clicking on the gear button in the upper right corner of the browser. Go to section "Browser Options" and then to the tab "Safety". Select zone "Internet" and press the button "Another":

Find a section "Active Scenarios" and select the option "Disable". The same must be done in the paragraph below, "Run Java Application Scripts":


Good day, dear subscribers, as well as guests of my educational blog. Today I will tell you in detail how to correctly enable and disable JavaScript in Firefox, explain why this feature exists and who might find it useful.

In this article I will look at two options for disabling/enabling JS using settings and a special plugin called NoScript. Well, now let's move on to analyzing the material!

Who may need to disable the scripting language

Today, all existing browsers support and work correctly with it. However, this was not always the case. Quite recently, JS support was a novelty, and its inclusion had to be done manually through special settings parameters.

As you know, JavaScript significantly expands functionality, allowing you to process certain events and user actions, among which the most commonly used are processing orders and purchases, registration forms, logins, etc.

However, in addition to the important and useful functionality with the help of this language, some “bad” people have the opportunity to introduce code that may turn out to be malicious. In this case, to combat such sites, the function of disabling script support was implemented both for specific services and for everything.

Apart from this, advanced users or developers use the JS disable feature for their own purposes. For example, for debugging web applications.

In such cases, it is worth knowing how you can enable or disable scripting language support at the right time.

Let's dig into the browser settings

Starting with version 23, its developers decided to remove the button that disables JavaScript from the settings. Alex Leamy, one of the designers of this product, explains this decision by saying that it is outdated functionality that is not needed by modern ordinary users.

In addition, setting the described flag affected the display of many sites (they were either displayed incorrectly, or program code was displayed instead of pages).

Therefore, when setting up your browser, initially find out which version you have installed. To do this, launch Firefox and open the link http://yandex.ru/internet/, which will send you to the Yandex Internetometer.

If the product version is 22 or lower, then follow these steps:

If a situation arises when JS is needed, then simply check the box next to the named item.

If you installed version later than 22, the steps will change slightly:

  1. Insert the special command “ about:config»;
  2. A warning window will open. In it, click on the button “I promise I will be careful!”;
  3. In the window that opens, find the search text field and write in it “ javascript.enabled»;
  4. In the found setting, change the state by right-clicking on the search result and selecting “Toggle”.

To enable scripting language support, simply repeat the steps above.

Now let's savor the buns

Well, now I suggest you get acquainted with a plugin like NoScript. This is the most popular add-on for modern browsers. It allows you to disable JavaScript on pages of untrusted websites and block malicious scripts from running.

To install this plugin and configure it, you must perform the following steps:

This concludes the instructions for setting up the Firefox browser. I hope that my publication helped solve the problems that arose. And if this is the case, then subscribe to blog updates and don’t forget to repost. Bye bye!

Best regards, Roman Chueshov

Works in Chrome, Firefox, Edge, Safari, IE10+ etc, basically in any browser that supports userscript managers. Exceptions are some of the oldest browsers that do not support the API we use, the script may not be fully functional there.

  • Advanced pop-up detection

PopupBlocker doesn't apply the filtering rules approach to pop-up detection. Instead, it adds an additional layer on top of the browser"s native APIs that are used to create pop-ups. This way, these APIs can only be called when caused by a manual input, and not by pop-up/pop-under scripts. That allows to block pop-ups even on websites that try to bypass regular ad blockers by using WebRTC or varying the ad servers.

  • Restores the expected click behavior

Self-explanatory but important: if a click would cause a pop-up to show, not only the pop-up is blocked, but also the initial click is processed as it would be without the pop-up.

  • Invisible to other scripts

Other scripts on the page can not detect that PopupBlocker is being used, other than by actually trying to open a pop-up. This prevents any possible circumvention of PopupBlocker.

Installation

PopupBlocker is being developed by the same team that develops AdGuard , and AdGuard for Windows can serve as a userscript manager. If you are an AdGuard user, go to Settings – Extensions – Add Extension and add the PopupBlocker .js file there. This way you can use it in literally any browser.

On the other hand, PopupBlocker is an independent project, you can use it with any other userscript manager like Greasemonkey, Tampermonkey or Violentmonkey. Make sure one of them is installed in your browser to be able to use the PopupBlocker, and then hit the green button at the top of the page.

You can also find all PopupBlocker versions, including beta-versions and all past versions,

Good day, dear friends, acquaintances, readers, admirers and other individuals.

Many of you, I hope, remember that one of the key holes in a is allowed scripts in the browser.

I have already written more than one article on this topic. For example, in Firefox, the NoScript extension allows you to patch such a vulnerability, and in Google Chrome such a solution as . But after the latter ceased to be supported, I had to find an analogue for it, which, in fact, I want to share with you.

Blocking and allowing scripts in Google Chrome using ScriptBlock

Actually, there is nothing complicated here. Go ahead and click on the “Install” button, and then on the “Add” button.

After installation, you will see a corresponding icon at the top, by clicking on it (after going to any of the sites), you will see a list of allowed and blocked scripts, as well as the ability to manage them.

Let me remind you how to take off with this:

  • If on any site we have something that doesn’t work (for example, ), then you will need to click on the plugin button (that same triangle in the upper right corner) and, first of all, allow the script (by clicking the “Allow” button in corresponding line) with a name that exactly matches the name of the site address;
  • That is, if you are now on, then if something does not work, then you allow the script site, and not like dyadyavasya.com;
  • After that, you look carefully to see if what you needed worked? If the answer is yes and everything works as desired, then you don’t touch anything else. If not, then you carefully look at what other scripts there are and select one more from them, allowing it. And so on until what you need is fully operational;
  • Try to avoid allowing scripts that bear the names of sites other than this one. By the way, googlecode, yandex and their variations (googlecode.com, gstatic.com, etc.), as a rule, are present on many sites and are safe and useful scripts (for example, many webmasters have a script for collecting traffic statistics under called Google Analytics).

That's all for now. In general, no special additional settings are required.

Afterword

Thanks to this miracle of human thought, problems with viruses, worms, pop-ups, installations of left panels for the browser, redirects to other sites, attempts to steal your information and other malicious riffraff will be significantly reduced. Among other things, a bunch of pop-up windows, redirects, and some advertising will disappear, and the speed of loading sites and moving around them will increase.

If used correctly (it's not that difficult), you will hardly need it anymore. This is a truly necessary plugin for those who care about their security, the security of their computer and valuable information.

And yes, don’t forget to install an ad blocking extension called Adblock.

As always, if you have any questions, thoughts, additions, etc., please feel free to comment on this post.



Have questions?

Report a typo

Text that will be sent to our editors:

Send