Advisory: How to block JavaScript cryptominers

Sophos Web Control can be used to block users from accessing websites categorized as hacking, thus web-based cryptominers are blocked. This feature is both available on the Sophos endpoint and network security products.

This article provides instructions on how to ensure protection against JavaScript cryptominers hosted on a website, such as Coinhive.

Note: This affects the websites that users can visit. It is recommended to test the policy first before deploying them.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos UTM

Sophos Web Appliance

Sophos Firewall

Sophos Endpoint Security

Sophos Central Admin

Sophos Home

Sophos Central Admin

Sophos Enterprise Console managed endpoints and servers

  1. Open Sophos Enterprise Console.
  2. Navigate to Policies > Web Control.
  3. Right-click on the web control policy that is to be changed and select View/Edit Policy
  4. From the General tab, select Enable web control.
  5. Make sure Hacking is set to Block.
  6. Click OK and confirm the changes within the policy.

Sophos Central managed endpoints and servers

  1. Log in to Sophos Central.
  2. Navigate to Endpoint Protection or Server Protection.

  3. Go to Policies > Web Control then select the policy you want to change.

  4. Select the Settings tab and make sure Web Control is enabled.

  5. Under Acceptable Web Usage, click View Details and find Adult and potentially inappropriate categories.

  6. Click View More and make sure Hacking is set to Block.

Sophos Home

  1. Log in to Sophos Home
  2. On the dashboard, select the computer to where the settings will be applied.

  3. Go to Web Filtering tab and in the Adult & Potentially Inappropriate section ensure that Hacking it set to Block.

Sophos XG Firewall

  1. Navigate to Protect > Web > Policies > then expand the policy you need to modify.

  2. Click on the + symbol then select Add Rule Above.

  3. Click on the corresponding item under Activities column then click Add New Item.

  4. Select Show Only > Web Category.

  5. Untick ALLWebTraffic, if it is ticked.

  6. Scroll down to locate and select Hacking > click on Apply 1 selected items.

  7. Ensure that the status of the rule is set to Block HTTP and is enabled.

Sophos UTM

  1. Navigate to Web Protection > Web Filtering > Policies.
  2. Select Default content filter action.

  3. On the Categories tab, set the Criminal Activities category to Block > click Save.

Note: The Category of Criminal Activities contains multiple web categories inside it, including the Hacking category needed to block cryptominers.To edit these categories, select Web Protection > Filtering Options > Categories.

Sophos Web Appliance

  1. Navigate to Configuration > Group Policy > Default Policy.
  2. Set the Hacking category to Block.

  3. Click Apply.

For instances that you want to block hacking websites but authorize cryptominers, follow the steps on how to authorize JavaScript Cryptominers. To understand more about cryptominers and why Sophos blocks them, see Web based cryptominers are malware.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.


Leave a Reply