Results 1 to 18 of 18

Thread: Forum creating huge energy draw

  1. #1
    Senior Member


    Join Date
    Jun 2012
    Location
    Colorado Springs
    Posts
    2,892
    Post Thanks / Like

    Forum creating huge energy draw

    I've noticed my laptop fan starts spinning way faster when I have this website up. I checked the energy usage using Activity Monitor, and this one website uses 400 on their arbitrary scale, but two other open pages combined use only 0.7, or 0.00175%, of what this one page takes. This forum uses 571 times the energy than two other websites I would expect to be heavy - Facebook and Google News combined. I keep many tabs open all the time, and this used to be one of them, but now that I know what has been draining my battery, I close it as soon as I can after visiting it. I wondered why my laptop battery lasted less than half my wife's did, with comparable usage during the day. Something is not right.

    Anybody have any ideas?
    Don't look here for a comment.

  2. #2
    Public Relations Liasion

    static reef's Avatar

    Join Date
    Nov 2012
    Location
    colorado
    Posts
    3,861
    Post Thanks / Like
    NERD!

    Beats me, but maybe Paul or turbojoe knows something about this.

    Sent from my SM-G955U using Tapatalk

  3. Likes ddwmedic liked this post
  4. #3
    Senior Member
    Reefkoi's Avatar

    Join Date
    Sep 2007
    Location
    on the best online forum in Colorado
    Posts
    8,107
    Post Thanks / Like
    I’m running 12 higfawatts as usual


    Reefkoi Corals Retail Store

    3945 N Academy Blvd Unit E
    Colorado Springs, CO 80917

    www.reefkoicorals.com

  5. #4
    SCMAS President

    hooked's Avatar

    Join Date
    Jan 2009
    Location
    Colorado Springs, CO.
    Posts
    7,240
    Post Thanks / Like
    I'm not seeing it Joe. I was on the phone with godaddy yesterday and they say the site is clean and secure.
    Doyle

    "It's better to be silent and thought the fool than to open your mouth and remove all doubt."



    90g sps Reef, DIY LED Lighting.
    180g Reef - rebirth started Jan 2013
    260g Coral Propagation System.


    Go dtí go bhfilleann sé abhaile!

  6. #5
    Senior Member

    Join Date
    Sep 2010
    Location
    Colorado Springs, CO
    Posts
    388
    Post Thanks / Like
    Symantec virus protection at my work place flag thescmas with the following security risk:
    PUA.WASMcoinminer

    Sent from my SM-N920V using Tapatalk

  7. #6
    SCMAS President

    hooked's Avatar

    Join Date
    Jan 2009
    Location
    Colorado Springs, CO.
    Posts
    7,240
    Post Thanks / Like
    Quote Originally Posted by HBL View Post
    Symantec virus protection at my work place flag thescmas with the following security risk:
    PUA.WASMcoinminer

    Sent from my SM-N920V using Tapatalk
    Thanks - I'll call them again with that info.
    Doyle

    "It's better to be silent and thought the fool than to open your mouth and remove all doubt."



    90g sps Reef, DIY LED Lighting.
    180g Reef - rebirth started Jan 2013
    260g Coral Propagation System.


    Go dtí go bhfilleann sé abhaile!

  8. #7
    Senior Member Kirblit's Avatar

    Join Date
    Oct 2007
    Location
    Elizabeth
    Posts
    1,219
    Post Thanks / Like
    It probably doesn't help that the site isn't an https either and isn't secured.

    Sent from my SM-G930P using Tapatalk
    Kirby

    My little slice of the ocean
    http://www.thescmas.com/forums/showthread.php?t=228

  9. #8
    Senior Member lsaint's Avatar

    Join Date
    Dec 2012
    Location
    Canon City
    Posts
    1,744
    Post Thanks / Like
    Quote Originally Posted by Joe View Post
    I've noticed my laptop fan starts spinning way faster when I have this website up. I checked the energy usage using Activity Monitor, and this one website uses 400 on their arbitrary scale, but two other open pages combined use only 0.7, or 0.00175%, of what this one page takes. This forum uses 571 times the energy than two other websites I would expect to be heavy - Facebook and Google News combined. I keep many tabs open all the time, and this used to be one of them, but now that I know what has been draining my battery, I close it as soon as I can after visiting it. I wondered why my laptop battery lasted less than half my wife's did, with comparable usage during the day. Something is not right.

    Anybody have any ideas?
    What browser are you using? Google Chrome is a big memory leak that might be why you have the draw

  10. #9
    Senior Member


    Join Date
    Jun 2012
    Location
    Colorado Springs
    Posts
    2,892
    Post Thanks / Like
    I checked it in Safari and Firefox. It is definitely this one specific website.
    Don't look here for a comment.

  11. #10
    Registered User

    Join Date
    Oct 2014
    Posts
    236
    Post Thanks / Like
    Yeah, I see the same issue here. I've stopped coming to the site because of it. Crypto mining would explain the maxxed out CPU usage I'm seeing when I'm here.

    Interesting that it only runs on one CPU, so I have 4 cores pegged at 100%, the other four are chilling at a normal 15%.

    Clearly some malware is sitting on the web hosting site, and it's using the forum member's computers to mine for cryptocurrency, which is why CPU/energy usage is through the roof.

    If the hosting company did this on purpose and didn't tell you, you should find a different hosting company. If they did tell you, there should be a way to opt out.

    edit: looking at the files associated with the site, you should probably check out the file called "courier1.js". I don't think that's legit.

    [code][!-- Fonts Script --]
    [script async="async" src="./The Southern Colorado Marine Aquarist Society_files/courier1.js"[[/script]
    [!-- End Fonts Script --]"[/quote]

    Last edited by esmith; 03-29-2018 at 02:53 PM.

  12. Thanks Joe, Reeflextion thanked you for this post
    Likes Joe liked this post
  13. #11
    Registered User

    Join Date
    Oct 2014
    Posts
    236
    Post Thanks / Like
    Just an update, this is still going on.

    That courier1.js file needs to get nuked. Modify the HTML for the landing pages to remove the "Fonts Script" lines (3 total) and then change all the admin level passwords and you should be good.

    There's likely an update to the forum software that will need to be applied to avoid reinfection.
    Last edited by esmith; 04-03-2018 at 05:32 PM.

  14. Likes Joe liked this post
  15. #12
    SCMAS President

    hooked's Avatar

    Join Date
    Jan 2009
    Location
    Colorado Springs, CO.
    Posts
    7,240
    Post Thanks / Like
    Ok here is what it going on. Murf and I contacted godaddy and had them check out what is going on . It appears we do have malware on the site. They suggest we purchase malware protection for 500.00 dollars for 2 years protection. WE also should purchase a SSL certificate. Which is required by godaddy now in order to display pages. we can get that for 60.00 dollars per year. So initial layout to fix the site right now will be 560.00.
    So we need to make some decisions. Lately the club is not generating enough funds to do this. After the expenses we had last year and this year we are sitting at just over 300.00 dollars in the club account.

    Thoughts?
    Doyle

    "It's better to be silent and thought the fool than to open your mouth and remove all doubt."



    90g sps Reef, DIY LED Lighting.
    180g Reef - rebirth started Jan 2013
    260g Coral Propagation System.


    Go dtí go bhfilleann sé abhaile!

  16. #13
    Senior Member maxthedog2000's Avatar

    Join Date
    Feb 2016
    Location
    Pueblo, Durango, and Mancos Colorado
    Posts
    314
    Post Thanks / Like
    Quote Originally Posted by hooked View Post
    Ok here is what it going on. Murf and I contacted godaddy and had them check out what is going on . It appears we do have malware on the site. They suggest we purchase malware protection for 500.00 dollars for 2 years protection. WE also should purchase a SSL certificate. Which is required by godaddy now in order to display pages. we can get that for 60.00 dollars per year. So initial layout to fix the site right now will be 560.00.
    So we need to make some decisions. Lately the club is not generating enough funds to do this. After the expenses we had last year and this year we are sitting at just over 300.00 dollars in the club account.

    Thoughts?
    I don't mind paying annual dues regardless of meeting attendance... Maybe even an increase to 20$ not sure what our if that helps.

    Or is there anybody in the club able or willing to host the site on a private server and provide similar protections?

    Sent from my Pixel 2 XL using Tapatalk
    Last edited by maxthedog2000; 04-03-2018 at 10:10 PM.

  17. Likes ddwmedic liked this post
  18. #14
    Registered User turbojoe's Avatar

    Join Date
    Oct 2014
    Location
    Pueblo, CO
    Posts
    188
    Post Thanks / Like
    Doyle, I can clean up the malware. No need to pay anyone $500. Let's talk soon.

    Sent from my SM-G960U using Tapatalk

  19. Thanks HBL, JimG thanked you for this post
    Likes HBL, ddwmedic, GrassHoppa' liked this post
  20. #15
    Registered User

    Join Date
    Oct 2014
    Posts
    236
    Post Thanks / Like
    Yeah, if turbojoe can't help, i can. The SSL cert is def. necessary, the $500 malware protection is a joke. (The people wanting to charge $250 a year for malware protection didn't see anything wrong a week ago when we knew there were issues, so why trust them?) . In the interim though, changing pwd's on all admin level accounts and tweaking the landing pages to remove the courier1.js calls would immediately fix the issue.

    Patching the forum software is probably the next required step, but no point patching it while it's still infected.
    Last edited by esmith; 04-04-2018 at 09:47 AM.

  21. Thanks HBL thanked you for this post
    Likes HBL, GrassHoppa' liked this post
  22. #16
    Registered User

    Join Date
    Oct 2014
    Posts
    236
    Post Thanks / Like
    Just wanted to say thanks for fixing the issue, I'm not seeing any bad behavior from the site any more on my end.

  23. #17
    Registered User

    Join Date
    Oct 2014
    Posts
    236
    Post Thanks / Like
    Any chance the site was compromised again? CPU usage is through the roof again, only when the SCMAS tab is open. I'll poke through the code again.

    Looks like the unintended code is back.

    Still courier1.js . 600+kb file that's supposed to be a 20k font file.

    [script type="text/javascript" src="combo">

    [!-- Fonts Script --]
    [script async="async" src="courier1.js"> [!-- End Fonts Script --]
    [script type="text/javascript"]
    Last edited by esmith; 04-12-2018 at 01:00 PM.

  24. Likes Joe liked this post
  25. #18
    Registered User

    Join Date
    Oct 2014
    Posts
    236
    Post Thanks / Like
    ZoneAlarm flagged the file as a coin miner again.

  26. Likes Joe liked this post

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •