• ATTENTION: Do you have a local card shop near you? If so, please help us out by adding their location into our new card shop tool.

getting a Symantec warning everytime I open a Bench page

K.C._Royals!

MVP
1,409
5.00 star(s)
Hey, guys --- every time I come to the Bench (I use Brave as my browser) I get a note saying "PUA.WASMcoinminer" detected.
it only happens on the Bench and no other sites.
What's up with this?
 

chief wahoo

MVP
1,626
5.00 star(s)
Is it only happening on the bench site? I wonder if this is what's running up my CPU usage when I open a bench google chrome tab.

Sent from my Pixel using Tapatalk
 

cjay101

All-Star
611
5.00 star(s)
Staff member
how come I only get the notification when I'm on the Bench... doesn't happen anywhere else like SCF or any other site.

I would imagine one of the javascript ads has the malicious code in it. I haven’t had any warnings but i run pretty tight firewalls and ad blockers. I would be glad the warning is there, so you don’t get it to install on your pc. The guys with the roaring processors already have it and will have to remove it. Antivirus and firewalls are of utmost importance as google can’t screen all the ads in realtime. A short term avoidance would be to disable javascript in the vrowser settings as it appears that is the entry method
 

mm1sub

HOF
2,778
5.00 star(s)
Staff member
I would imagine one of the javascript ads has the malicious code in it. I haven’t had any warnings but i run pretty tight firewalls and ad blockers. I would be glad the warning is there, so you don’t get it to install on your pc. The guys with the roaring processors already have it and will have to remove it. Antivirus and firewalls are of utmost importance as google can’t screen all the ads in realtime. A short term avoidance would be to disable javascript in the vrowser settings as it appears that is the entry method

Does this cost money to remove? If not how do I remove it?
 

mm1sub

HOF
2,778
5.00 star(s)
Staff member
Check the link in above posts. It shouldn’t cost anything unless you’re unable to do it yourself

I did that and it is still doing it. I think it may be time for my time on TheBench to come to an end. It is sad because I loved it here but there are just too many problems.
 
Last edited:

TxRyan

Veteran
228
5.00 star(s)
This is most definitely an issue with The Bench website, not any user devices, please do not install anything on your computers thinking it is a problem on your end.

There may be multiple issues in play. The first is the malware detection that KC_Royals pointed out in the first post here. I get a similar Threat Warning from ESET when I load the site in MS Edge. I do not get the warning in Chrome while using AdBlock. So, I imagine one of the Ad providers includes the malware.

But the "hot"/CPU issue appears to be with a third party application called cometchat. You can see in my browser's console (screenshot below), this script is being called repeatedly and will always throw a server error. If you look at the network tab, you can see this constant attempt to communicate with cometchat.

Since The Bench is not using Chat, the following two references should be removed from the pages being served up from The Bench:

Code:
href="/cometchat/cometchatcss.php" rel="stylesheet"
type="text/javascript" src="/cometchat/cometchatjs.php"

I'm pretty sure that would solve one of the problems unless there is some other use for this "cometchat" module that is unclear to me.

This next part is a guess, but I think the greater problem is that The Bench is still running on unsecure HTTP instead of HTTPS/SSL. Cometchat wants you to call their services using HTTPS and so references like the ones on The Bench are going to fail. Also, Google Chrome labels the site as "Not secure" and while that's not as important for a non-transactional site like The Bench, it will make first time visitors uneasy and less likely to register. Google also lowers the ranking of your site (in search results) if your site is not secure.

 
Last edited:

TxRyan

Veteran
228
5.00 star(s)
Like I said, there are (at least) two issues. The first one is the malicious mining process that was being served up by one of the Ad services. At the moment, it looks like the Ad service is no longer infected because I am no longer seeing it this morning. Also, you would never see it if you had javascript disabled in your browser.

The other issue of the continuous networking (high CPU usage / "running hot") remains. This is NOT a virus or malware so tools like Norton and McAfee don't care about it. As with the other issue, you will not see this one if you have javascript disabled in your browser. This issue will remain until the cometchat references are either removed or repaired.

Like many of you, The Bench is my favorite trading site and I want to continue to use it and I want to see the community grow. But these types of problems, along with the failure to utilize HTTPS/SSL are detrimental to its longevity. I also understand these things take time and resources which may not be readily available.
 

SymphonicMetal

Veteran
137
5.00 star(s)
The Bench seems to be working like normal today. It has been very difficult to navigate (much less post) starting when the topics of the site's poor performance began. Am I the only one who notices an improvement today?
 

Champs96ws

Bench Founder
553
5.00 star(s)
Bench Founder
Not sure how it got onto the server, but there is a piece of software that was back doored in and I'm going to need to patch vbulletin. Before I do anything I'm giving everyone a few days to backup and lists they might have on the threads.
 

David K.

Legend
11,273
5.00 star(s)
Not sure how it got onto the server, but there is a piece of software that was back doored in and I'm going to need to patch vbulletin. Before I do anything I'm giving everyone a few days to backup and lists they might have on the threads.

Thanks for the warning! Best regards, David
 

TxRyan

Veteran
228
5.00 star(s)
Not resolved yet. The cometchat issue remains. You can see from Console logs in any browser that there is an erroneous network request that repeats about every 4-5 seconds. This plugin needs to removed, I don't think it is adding any value to the site. The fix may still be happening this weekend as I haven't seen any confirmation that work was completed.

Here is screenshot showing the non-stop errors from using cometchat: https://imgur.com/a/Eh9n8
 
Top