Guest access to hidden resources

wireless · June 01, 2015, 02:03:20 AM

Hello

We have the following problem with our SMF engine:

a. versions, where problem has been observed: previously 2.0.9, few days ago upgraded to 2.0.10
b. we have some hidden threads, where only user with minimum post set to a non-zero value have access
c. we observe in list of "online users", that some "Guests" users reads these threads
d. also hiding the whole category against non-logged users does not help

Is there any way to solve this ?

Thanks in advance for your quick answer

Wireless

a10 · June 01, 2015, 04:07:07 AM

Hello, may be a case of what they are trying to see (somehow got the url, and showing up in who's online), not what they actually see.

Test your setup by trying to access the restricted topics' url from your usual ip when not logged in, & next using some proxy (example www.anonymouse.org). This will give the same result as some guest visit, will result in "The topic or board you are looking for appears to be either missing or off limits to you" if all is ok.

If you do get access, then check and quadruple check the permissions. Spend some time in Maintenance > Reports to get a detailed overview.

wireless · June 01, 2015, 04:44:33 AM

It seems, that such not-logged user (guest) sends (despite of that he's not logged on) a session id in URL - I see it in reports.
I have already, of course, performed some tests, trying to get an access to such resources without logging in - and - tests have failed, i.e. I haven't got this access. Since then I suppose, that the "hacking scenario" is a bit more complex, than just providing a resource URL in a browser. BTW - it seems, that in our particular case the "hacker" uses a script - it gets a web page, parses it, finding all <A HREF ... > elements, and then tries to use every anchor it finds (like "Answer", etc ...).

It seems, that the best possible solution, would be (which, as I know, is impossible at the moment in SMF) to implement, say, new kind of ban, with possibility to lock a particular resource for a particular user/ip/domain/email ...

Regards
Wireless

Kindred · June 01, 2015, 06:46:14 AM

in short no.... and there is no need for it.

wireless · June 01, 2015, 07:37:28 AM

OK - if no need - have you got an alternative, 100% sure, solution

?

Regards
Wireless

Steve · June 01, 2015, 07:48:48 AM

There's no need because SMF is already coded to prevent anything from happening. As for 100% sure, nothing in the computer world is that but SMF comes closest with years of not having a problem with the scenario you describe.

You're never going to stop all hacking ATTEMPTS but a well-coded system will cause those attempts to fail.

wireless · June 01, 2015, 07:56:38 AM

The problem is that we have already discovered somenthing, which is not only an ATTEMPT

and would require a fix

regards
Wireless

Steve · June 01, 2015, 07:58:46 AM

Ah, I'm missing that somehow. Going back over your posts now ...

Edit: I'm still not seeing where you say you have an actual problem. Were you able to access the restricted threads by any method suggested by a10?

Kindred · June 01, 2015, 08:08:45 AM

I am sorry, but I must be misunderstanding you...

Solution for what?

SMF Security is fully intact and there is no way for anyone to access anything which they do not have permissions to access.
If you see them in the who's online or logs as having accessed something, it means nothing... it just means that the individual/bot has attempted to access that url -- not that they SAW anything.

for example: I can go to your site and call the URL ...?action=admin;area=serversettings
I would show up in your logs and your who's online as viewing the admin - server settings
However, this means nothing at all.... I never actually GOT there. Since, as a guest, I don't have access to it, your system would have displayed the site index page to me.

So, there is no problem.
No one is accessing your protected stuff.
if they actually **ARE**, then *YOU* have an issue with your permissions configuration - but there is no problem with SMF itself.

All access in SMF is handled by permissions and membergroups - if you do not want someone, or a group of someone's to have access to something, then use the permissions system.

The ban system is considered a last resort (since it can affect system performance) and should be used mostly for problem USERS (not guests)
Banning IPs (if you really must) should be done at the htaccess level - but even that won't stop an actual hacker or the spam bots, since those type can (and do) frequently change their IP, domain and email

wireless · June 01, 2015, 08:18:08 AM

Kindred,

I appreciate, if you manage to answer a bit more gently

I have been working in IT over 20 years, and seen a lot of systems, which are "completely secure"

... a lot of them, in fact, have been patched because of security violation

I have described, what we have seen. Moreover, apart from that such "guest" sees a hidden thread, it "clicks" on "answer" button in such thread - this is visible in our logs. It means, that this "hacker" has not only tried to get an access, but he has GOT it (as in other case he wouldn't be able to click in this link, IMHO)

At the moment we have banned a particular IP network, but it is only a question of time, that the same situation appears again, this time, using different IP pool ....

Thanks
Wireless

Kindred · June 01, 2015, 08:24:54 AM

I have been in IT as long as you...

And yes, SMF has patched every discovered security issue (hence the reason we are on 2.0.10.
However, what you report would be a MAJOR issue and would have been notices in the past 5 years if it was an actual security issue... and we have no KNOWN security issues with 2.0.10

When you say clicks on the "answer" button -- SMF has no button labeled "answer".
Do you have a mod installed? (if so, then raise the issue with the mod author or make a security report for the mod -- Simple Machines is not repsonsible for and makes no guarantees that mods made by third parties are fully secure. We only guarantee our core product.

and I repeat -- just because you "see access" in your logs does NOT indicate that the individual actually GOT access... it just means that the individual TRIED to access that specific URL.
And, if the URL is constructed in any KNOWN manner, the "hacker" would probably be able to figure out the URL format.

If you continue to insist that the individual actually got access, please send me (if you need to keep it private, send it to me in PM) the URL for this "hidden thread" and the URL for the "answer".

wireless · June 01, 2015, 08:36:31 AM

Regarding the button

We have polish translation, since then I need to retranslate it back into english

The action, which we see in our list of active users:

action=post

Sure, will send to you private message with these URLs

Fortunately, it seems, that this "hacker" has not got administrative privileges, as we do not see any actions, which are specific for that privilege level.

Thanks for so quick answer
Regards
Wireless

Kindred · June 01, 2015, 08:50:29 AM

ok...

So, as a guest, I can not see any message at that URL. I get the "login screen" telling me that I have to log in to access that resource.

Additionally, I understand the translation now... which means that the individual is accessing a KNOWN URL structure (?action=post) which can be constructed by any human or even a bot, without access to the actual button.

In other words, unless you can demonstrate actual proof that the URL of your hidden message is actually accessible by someone without the correct permissions, I believe that the answer I have given above stands -- the individual never ACTUALLY accessed the CONTENTS at that URL.

wireless · June 01, 2015, 08:57:16 AM

Kindred,

I can PM to you, as a proof, screenshots with list of "active users" if you would like to see it. Of course, I can also translate it into english

Please, inform me, if you would like to get some additional info

... and I agree, that it is a bot ... I cannot imagine, that someone wants to get unauthorized access to an ... audiophile forum

However, the situation is a bit frustrating anyway ...

thanks
Wireless

a10 · June 01, 2015, 09:09:26 AM

Got a few hidden boards here.

If not logged in can try to hit anything like mydomain.com/forum/index.php?action=post;topic=9929.0;last_msg=165955 , forum/index.php?action=post;msg=167903;topic=9790.0 etc (examples of real links to post\edit in an existing hidden board), gets to "missing or off limits to you" as expected, as does any other attempt at any action in any restricted board.

Would be really interesting to see if anyone manages to gets in :O) Been airtight for years here, no google, no bing, no hackers, no members not allowed in, no guests etc.

wireless · June 01, 2015, 09:15:06 AM

Please, give me sometime, as I need to work on something quite different at this time (the forum is only my hobby and not business

)
I will PM some screenshots to Kindred.

BR
Wireless

Kindred · June 01, 2015, 09:15:41 AM

once again... the list of "active users" is determined, just like the log, fomr the users who are currently accessing that specific topic URL... whether or not the user can actually SEE the topic is not relevent and not displayed... the system doesn't keep track of that when it is pulling the list -- it just checked what URL your browser has last requested.

I stand by my statement that the user in question is not actually SEEING the message.
He has loaded the URL (and been rejected, and bounced to the login screen) --- but has still LOADED the URL...

wireless · June 01, 2015, 09:30:01 AM

Sorry, but in that case, engine's behaviour is slightly different

In that case, in list of active users, in column describing, what is being done by a particular user, it is visible, that he reviews index...
I have just checked it

I have performed the following test:
I have dual WAN installation and two laptops. First one connects to the internet, using WAN1, the second one - using WAN2 (to distinguish public IP addresses).
At the first one I am reviewing the list of active users, being, of course logged into the forum
At the second one I am trying to "click" this button by providing URL in a web browser (and not being logged in).

And at the first machine, I see, that my second session, during this "click", reviews the index. This is quite different action, than posting reply, which we have observed, when someone hacks us.

I don't know personally how to reproduce the scenario, and how to solve this problem - this is why I am asking for a help in this forum

But I can provide any information, which you would like to get, to help us to solve this problem

BR
Wireless

Kindred · June 01, 2015, 10:55:51 AM

However... IS the reply that your logs catch ever actually posted by this "hacker"?

If the "hacker" IS actually accessing that URL (and I can not currently conceive of any way that they could do it) then the most LIKELY scenario is that your membergroup permissions are not set correctly and that the "hacker" is part of a membergroup that somehow actually has access to that section.

wireless · June 01, 2015, 11:02:09 AM

Regarding group permision: we are read permanently by different "guests". But only guests reading us from this one particular IP network do such things. We have NOT observed any other "guests", which do things like this one particular "guests" ...

We also have not observed any posts made by such guests. This is the reason, why I think, that it is a bot, and not a physical, living person. It only "clicks" and then dissapears

And after some time - repeats the action once again ... Usually such attacks last for 3-4 hours per day.

thanks
Wireless

wireless · June 01, 2015, 12:54:15 PM

Kindred,

I have just PM'ed to you URL with two screenshots of this issue. Please, let me know, if you need any other information ...

wireless · June 01, 2015, 06:30:01 PM

Another case (quite different, than previous one, described by me). This time I have managed to prepare a scenario:

Assumptions:

1. You are not logged in
2. You are provoding the following URL in your web browser:
http://yourmachine/index.php?action=profile;u=X;area=showposts;sa=topics
where X is the identifier of a non-existing user

In that case engine returns a message, which informs you directly, that you want to review a profile of a non-existing user, i.e. you, as a non-logged guest, get information, that this particular id is not in use.
Additionally to that, such guest session is visible in active user list as doing "Nothing, or nothing you can see"

If, instead of unused ID, you set X to an existing values, engine redirects you to a login screen, and "list of active users" informs, that this guest session "reviews the forum index"

Please, note, that this issue is (probably) quite different, than the first one described in this thread

Kindred · June 01, 2015, 08:10:00 PM

the second one is not an issue at all and is performing exactly as intended.

wireless · June 02, 2015, 01:57:53 AM

But, in this way, someone, who is not a registered forum user, can easily get identifiers of all.

Wouldn't it be better to redirect such requests to logon screen in both cases? This is the reason, why you get generic "Logon denied" on Linux, or "Invalid username/password" on some other systems, regardless of providing invalid username OR invalid password ...

margarett · June 02, 2015, 03:06:35 AM

Yes, I do agree that a more generic reply could be given.
Anyway, you having the user ID of a user does you no good, no matter how evil your intentions are

You need either a username or email address to login. User ID is worth nothing when it comes to hijack an account

Bottom line: a more generic reply could be given yes, but there is no advantage (other than aesthetics) comparing to the current method

wireless · June 02, 2015, 12:48:45 PM

Margarett,

I hope that

But I can imagine a scenario, where a particular ID is used, for instance, as a, say, part of encryption key for a password.
Please, note, that I do not know if this scenario is true (hope, that not

), but - mathematically it is possible (probability > 0

)
Anyway, I'd say, that it is always better to do not inform anyone from "outer world" about existing user identifiers

Kindred · June 02, 2015, 12:57:17 PM

no... the user number would never be used as part of the encrypted password...

I tend to disagree with your contention that user number has any useful quality to hackers at all...
after all, the user number is displayed as part of the URL when you hover over the user's name (it's part of the URL) - always has been -- and has never been a vector

Additionally, a hacker could just try all user numbers from 1 to 1,000,000 if they cared.... the fatc is - the number is a finite and easily guessable object... which is why it has never and will never be used as part of any security.

wireless · June 02, 2015, 05:52:47 PM

As I said, I HOPE, that this id has no deeper meanng

Anyway, regardless of that, I do not think, that it is a major issue. The most important for us is to solve the first problem reported in this thread.

wireless · June 10, 2015, 03:00:38 PM

Hello,

Any news with issues reported in this thread ?

margarett · June 10, 2015, 04:17:37 PM

Which problem is that? The supposed access of guests to boards they shouldn't?
That's a non-problem because it doesn't happen

wireless · June 11, 2015, 08:18:10 PM

Quote from: margarett on June 10, 2015, 04:17:37 PM
Which problem is that? The supposed access of guests to boards they shouldn't?
That's a non-problem because it doesn't happen

I must say, that SMF is the software with the worst technical support I have ever met.
Every issue reported on this forum is commented as "non existing" or "working as assumed". If it is true, then, please, answer me, why to hell do you provide patches? For what?

I have provided several proofs, that this "guest access issue" is real.
And the only answer is as above.

In fact, SMF guys are permanently trolling, nothing more.

Margarett - are you really "Support Lead"? What are you supporting?
And the same question to KindRed ...

Complete waste of time.

Kindred · June 11, 2015, 09:15:31 PM

I am sorry you feel that way... However, the fact is that I have attempted to recreate your issue on several different servers with several different set ups and can not do so.

So... Either you are misinterpreting something (likely) or you have some mod or other personalized code change which has broken the standard security.

I have already told you that, just because a user or guest is shown to be accessing a URL does not mean that did individual is actually SEEING anything at that URL, aside from the login screen. And, as far as I can see, that is all that is happening.

No guest is actually viewing the content on those inaccessible pages.

wireless · June 12, 2015, 02:50:55 AM

But the fact, that you have not managed to reproduce the issue, doesn't mean, that it doesn't exist.

Dav999 · June 12, 2015, 05:41:20 AM

How do you know the issue exists on your forum then? Have you been able to see any hidden resource as a guest? It is known that the who's online list will not check whether anyone can see the things they are listed as seeing, and that the actual page does check and will block access appropriately. So according to you, why would your forum be different and not only list guests in who's online but also actually show the hidden pages on your forum?

Kindred · June 12, 2015, 07:52:19 AM

Quote from: wireless on June 12, 2015, 02:50:55 AM
But the fact, that you have not managed to reproduce the issue, doesn't mean, that it doesn't exist.

While that is technically true...
the fact that we can not reproduce it after testing on a variety of configurations and servers suggests that - if this is an actual issue and not a misunderstanding on your part on how the system displays certain details - then the issue is related to something very specific to YOUR configuration which is (likely) not an issue in the core code.

So, in the interest of proving that we are not the monsters that you have accused us of being, I will offer -- we have a team member who is a wizard at finding and debugging weird issues -- if you are willing to give this individual from the SMF team admin access to you forum (and likely server access to view configurations and logs), we will try to take a look at it on your system (since that seems to be the only place that anyone has ever seen this happen)

wireless · June 12, 2015, 01:42:03 PM

No. Technically and logically it is NOT true. Technically it only means, what it means: that you do not know how to repreoduce the problem. As well as me ... but I, at least, have tried to gather some proofs for that.

margarett · June 12, 2015, 06:35:59 PM

Ouch, that hurt...

I could dissect some more semantics with you, but I'm not interested in it. Because I'm on vacations this week (still I found some time to tell you - again - that this problem doesn't exist) next week I will go one step further. You know, because I don't actually provide any support and I'm only around so that some users can bash me at will.

Next week I'll provide you a mod that will record any REAL access from a guest to any topic in given boards. Then you can check your database and my bets are that you will find that table empty every single time.

wireless · June 14, 2015, 03:19:13 PM

This problem EXISTS. I have provided to Kindred screenshots prooving it. Can you provide a scenario, with EXACTLY the same visible results, which doesn't mean, that someone has an access to restricted resources ?

At this moment it seems, that SMF is the only one piece of software without any problems, and, despite to that, its developers still release new patches ... probably they simply like increasing version numbers ....

margarett · June 14, 2015, 03:43:17 PM

Quote from: wireless on June 14, 2015, 03:19:13 PM
This problem EXISTS. I have provided to Kindred screenshots prooving it. Can you provide a scenario, with EXACTLY the same visible results, which doesn't mean, that someone has an access to restricted resources ?

I haven't seen it so I can't comment.
The scenario: I see 3 possibilities
1 - the wrong information given by who is online (because, as it was told to you, it shows what the user attempts to do based only on the URL currently accessed and NOT what the user is actually doing) confuses you
2 - misconfigured permissions
3 - a MOD or in any other way some custom coding that effectively breaks SMF's access control.

Quote from: wireless on June 14, 2015, 03:19:13 PM
At this moment it seems, that SMF is the only one piece of software without any problems, and, despite to that, its developers still release new patches ... probably they simply like increasing version numbers ....

Are you always this stubborn or is this discussion amusing you?
Check SMF's changelogs if you are interested. We don't have a *SERIOUS* security problem since RC stages. Everything that has been patched recently (at least from 2.0.6, since I am on the team) are "possible attack vectors" that require a compromised admin account to begin with.
As Kindred stated, there are no KNOWN security problems in SMF 2.0.10 and 1.1.21. Of course, it is possible that any issues exist, but they are not known.
I am trying to understand if you have a genuine security problem or not. Which is why I offered my time to build a package which would allow CLEARLY to know if a guest accessed protected content or not.

wireless · June 14, 2015, 04:18:12 PM

Quote from: margarett on June 14, 2015, 03:43:17 PM
...
I haven't seen it so I can't comment.
The scenario: I see 3 possibilities
1 - the wrong information given by who is online (because, as it was told to you, it shows what the user attempts to do based only on the URL currently accessed and NOT what the user is actually doing) confuses you
2 - misconfigured permissions
3 - a MOD or in any other way some custom coding that effectively breaks SMF's access control.
...

1. no, it is not possible - we have performed some tests related to that, described in this thread
2. it is possible. But I assume, that so called technical support should try to help us to solve this problem, instead of writing, that the issue doesn't exist. I have written few times: "please, let me know, if you need any information, whcih could us help to solve this problem". And - never got any questions. Instead of this - only posts, that the issue doesn't exist.
3. answer exactly as at #2

margarett · June 14, 2015, 04:59:17 PM

Quote from: wireless on June 14, 2015, 04:18:12 PM
(...) that so called technical support (...)

Best of luck for you in finding your problem.

What we told you was based on the numerous times that we've seen the same (or similar) issue. And in what we know - SMF has an impeccable security record. Something so obvious like broken access control would have been reported and diagnosed for YEARS.
So forgive me for stating that the issue is, most likely, not an issue.

But, even if we (I, in particular, other team members should answer by themselves) offer our free time to properly diagnose the problem, you maintain that attitude and still bash us.
If you work in IT for as long as you say you do, you should know that volunteers don't exactly enjoy getting that kind of attitude when offering their time.

Again, best of luck.

* margarett out

wireless · June 14, 2015, 05:33:16 PM

Quote from: margarett on June 14, 2015, 04:59:17 PM
Quote from: wireless on June 14, 2015, 04:18:12 PM
(...) that so called technical support (...)
Best of luck for you in finding your problem.

Yes - and this is the answer ....

Quote from: margarett on June 14, 2015, 04:59:17 PM
What we told you was based on the numerous times that we've seen the same (or similar) issue. And in what we know - SMF has an impeccable security record. Something so obvious like broken access control would have been reported and diagnosed for YEARS.
So forgive me for stating that the issue is, most likely, not an issue.

This is an obvious result in a situation, when every request is commented as "non existing" or "result of a design". As I have written - SMF is the only known piece of software, which has NO ISSUES - as every report of that is being rejected.

Quote from: margarett on June 14, 2015, 04:59:17 PM
But, even if we (I, in particular, other team members should answer by themselves) offer our free time to properly diagnose the problem, you maintain that attitude and still bash us.
If you work in IT for as long as you say you do, you should know that volunteers don't exactly enjoy getting that kind of attitude when offering their time.

Again, best of luck.
* margarett out

When or where have you offered me any help? I see only your comments, that "this issue does not exist". And your wishes ... thanks for them, BTW. I've already stopped to count on any help from your side. Have already your wishes. I'm pretty sure, that's enough to solve the problem

Steve · June 14, 2015, 05:48:50 PM

Quote from: wireless on June 14, 2015, 05:33:16 PMWhen or where have you offered me any help?

Quote from: margarett on June 12, 2015, 06:35:59 PMNext week I'll provide you a mod that will record any REAL access from a guest to any topic in given boards. Then you can check your database and my bets are that you will find that table empty every single time.

Sounds like an offer of help to me.

Will a mod or admin please deal with this thread?

Colin · June 14, 2015, 05:59:30 PM

Wireless, you have been offered assistance ample times throughout the life of this thread. If you choose to ignore or disregard it that is under your prerogative, but please do not suggest that such help was not offered.

Thank you Margarett and Kindred for volunteering your time to look into this.

Kindred · June 14, 2015, 06:38:58 PM

ok.... Wireless, you need ot back off.

You **HAVE** been offered help a number of times and have pretty much ignored such offers, preferring to moan about how terrible we are here at SMF instead. You keep making really silly statements

QuoteSMF is the only known piece of software, which has NO ISSUES

We never said that SMF has no issues. We stated that SMF has no KNOWN security issues as of 2.0.10.
(obviously, there were known and confirmed issues in previous versions, hence the release of 10 patches so far)
Your report not withstanding, that statement is currently still true --- because we have been unable to confirm that your report is any sort of ACTUAL issue.

So, you have provided screen shots. Sorry, but screen shots are buck useless.

I have looked at your screen shots - and I have told you a number of times - either you have a misconfiguration or you have something happening on your system which is very specific to your system and does not exist as an issue on ANY other system.

margarett offered a special mod just for your forum to capture the access that you keep reporting (but can not provide any evidence of other than random screen shot which could illustrate the non-issue situations we have already explained to you)
I have offered to have someone take a deep look into your system... (but this would, of course, require direct and administrative access)

So -- despite your unhelpful and pugnacious attitude, you have two offers, which prove that we are willing to go above and beyond what any VOUNTEER group should have to do... instead, you continue to berate us for not fixing something which WE ARE UNABLE TO REPLICATE IN ANY WAY SHAPE OR FORM.

So... here's the deal.
Put up or shut up.
Either accept one of the offers or leave. Use SMF or find another software. Do whatever you want, but stop attacking us for "not helping" despite the numerous attempts we have made to actually help you.

wireless · June 14, 2015, 07:18:22 PM

The only help offer I have ever seen in this thread was Margarett's post - after few days since the thread has been created ... and after I have asked for any news.
I have sent to you screenshots of this issue, but it is obvious to me, that these PMs have been simply ignored. You have not posted any comment, apart from that "this issue does not exist". And - as a proof - you have written, that noone has signaled such issues and that you have not replicated it.

For me personally - this is enough. I would not like to participate in a discussion, where two SO CALLED technical supporters write that this is not a problem, not being able to provide any proof for that.

I do not know, if you are, in fact, member of a technical support team or not, volunteer, or a fulltime employee, but, if you are signed as "SMF Master, Project Manager" ... etc then I think that I have full right to suspect that you support it.

For me - EOT. As I have written - I've already stopped counting on any help from your side. The thread can be closed, and you can still be happy, that you support a software without any issue.

Herman's Mixen · June 14, 2015, 07:33:19 PM

If you are so scared to seeing so called ghosts, then just remove all permissions from the un-registered/guests group

second the who's online algorithm is not accurate on what actually is happening it just gives you an indication of the last 15 minutes in a time frame

so no worries

LiroyvH · June 14, 2015, 07:40:06 PM

If you don't want any help, then why are you asking for it?
If you just want to bash the staff here and refuse offers to help you, why even open a topic?
If you want to deny everything that is being told to you by experts, and stubbornly stick to your own conclusion: why even ask for opinions?
And on a related note: have you never heard of pre-programmed bots?

I'm really not quite sure what you want, but it sure looks like you're not really interested in any help at all; and are being quite rude while at it.
Simple: do you want help or not?
If you want help: don't be so rude, and try to work with the people that want to help you; rather than constantly work against them.
If you don't want help: great, just say so; then we can call it a day.
No middle ground here. You can either let people help you, or stop wasting our time...

Kindred · June 14, 2015, 08:58:26 PM

Quote from: wireless on June 14, 2015, 07:18:22 PM
I have sent to you screenshots of this issue, but it is obvious to me, that these PMs have been simply ignored. You have not posted any comment, apart from that "this issue does not exist". And - as a proof - you have written, that noone has signaled such issues and that you have not replicated it.

Ummm... You don't read very well, do you?
I stated that the issue could not be replicated, on multiple systems. Not that the issue did not exist... Merely that, since the issue could not be replicated, it suggests that the actual issue, if it does exist. It specific to your configuration/system.

Quote
For me personally - this is enough. I would not like to participate in a discussion, where two SO CALLED technical supporters write that this is not a problem, not being able to provide any proof for that.

I beg to differ. We have been able to prove that we can not replicate your issue.
You, on the other hand, have not been able to prove that there actually is an issue.
We have a few screen shots and your claims... Not actual logs or evidence that your claims are anything more than a misunderstanding of how the system works.

Quote
I do not know, if you are, in fact, member of a technical support team or not, volunteer, or a fulltime employee, but, if you are signed as "SMF Master, Project Manager" ... etc then I think that I have full right to suspect that you support it.

Actaully, you do know exactly what I am... I am the smf project manager, as my badge indicates. We are all volunteers, as our "about the smf team" also clearly indicates. So, your claims to not know what we are seem to be specious... Or at least indicate a level of ignorance which means that you never bothered to look at anything about the smf team.

Quote
For me - EOT. As I have written - I've already stopped counting on any help from your side. The thread can be closed, and you can still be happy, that you support a software without any issue.

And, once again, you make specious claims...
We never said that smf has no issues...
And you HAVE had two offers for Help...

So, both of your arguments/statements are proven to be false... Thus, since we have been unable to replicate your issue, and you have been unwilling to help us help you, we have to assume that you have probably made a mistake and are just unwilling to admit thatbyou misunderstood the system.

News:

Guest access to hidden resources