A question

Started by Soret, May 13, 2013, 06:05:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Soret

May 13, 2013, 06:05:16 AM
Hey,

So basically, I want to ask a question regarding one of my issue.

A few days ago I was banned from a website (that is using SMF as a forum software), the owner of the website claimed that I used XSS or malicious SMF exploit to hack his website and claims that I have removed multiple plugins from his website. But the thing here is that I do not have an administrator account nor have any privileges to be able to access the admincp and remove any plugins.

So basically the owner of the website banned me off and told me that he suspected that I was exploiting his website therefore he banned off my account. But it not ends there, it turns out that it was some swedish IP (not sure who it was lol), and he claims that someone must have compromised my password or my account to hack the website therefore he won't unban it because the account must be suiting an exploit (possibly built into it as he claims) so basically he claims that if he would unban my account then he would further compromise the security of the website.

I was like wtf? How can an account be associated with an exploit since an account is only an account with a set of permissions and it is not possible to exploit using an account without any XSS intervention into the website. (This suppose to be true right?) I'm using vBulletin on another website so I'm just implying here some possible facts.

So now the website's owner allowed me to create a new user account, claiming that it won't be compromised. (Seriously what kind of a bull****** is this, I kind of start to feel like this is some conspiracy.)

So, please if anyone could explain me how can such happen without me accessing the admincp or XSSing their website, or who could of, permissions wise access my account and create such records to make it look like I have exploited the website?

Btw the website is at hxxp:forums.cloudsixteen.com [nonactive]

YogiBear

#1
May 13, 2013, 06:34:26 AM
Welcome. :)

Technical matters aside, how a forum owner runs his/her forum is up to them. What the owner/administrator there is telling you is quite possible as domestic IP addresses are dynamic (variable) and someone or a robot could have guessed your sign-in details.

The owner has allowed you to rejoin with a new account so it is unlikely he bears you any malice.

Sorry about brevity at this point but just to put your mind at rest.
SMF v2.1.3  Mods : Snow & Garland v1.4,  PHP  v.7.4.33

Soret

#2
May 13, 2013, 08:01:24 AM
But it is illogical, if the account would be unbanned and password changed it wouldn't cause any more issues since the hacker doesn't have access to it anymore, right?

Arantor

#3
May 13, 2013, 09:41:08 AM
I wonder if the forum owner is using Forum Firewall.

NanoSector

#4
May 13, 2013, 10:21:13 AM
Doesn't Forum Firewall ban people automatically when it suspects weird behaviour?
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."
Print
Go Up Pages1
User actions
Advertisement: