Surplus and Adventure Sticky?

andythecelt

Nomad
May 11, 2009
261
2
Planet Earth
A few points to keep in mind.
1. I have been lied to repeatedly by people working for this company and I'm not the only member here who has been. It makes me take anything said by any of their staff with a pinch of salt, rightly or wrongly.
2. Why on earth would a hacker bother to go to all that trouble just to give me a bit of lip? It's just not logical.
3. I've still not received any response to my (admittedly slightly tongue in cheek, see point 1 above) request that my issues with the company be dealt with here in public and not in private. In fact the only response I received was from the 'hacker'. That really is a remarkable coincidence.

Can I have my money back now please?
 

Wayland

Hárbarðr
What the **** is your problem, I would have thought any way of getting complaints dealt with quickly would be welcomed! If you can't be assed to send a PM then don't complain!
That sort of attitude seems to be exactly the problem.

Hi,
I don't know what's going on here but I was told there were some replies to this thread supposedly posted by me. I have just had a look and can say with certainty that I have not posted anything since my original posts where I offered to try and sort out problems.
Anyone who knows me would know that I very rarely swear, and would not do so on a public forum!
I would not post my email address.
And if I were to swear I would get the spelling correct 'assed' instead of a***d, (I put the *** in so technically haven't sworn).
Someone must have hacked my account or found my password, I had to request a new one when I logged in this time, as it had been changed!
I would appreciate it if the moderator would remove the offensive posts.
I would also like to reiterate my offer to deal with any complaints if members are unable to resolve any problems by phone or email. The company, Surplus and Adventure, realise they need to improve their complaints procedures and offering help through the forum is part of their efforts to do so!
Pete.
I'm sure you would like to remove your post now as it illustrates precisely the type of response that many members have reported from your company.

As I said in my first post, I think it is time to make this thread sticky to protect our members from such appalling business practices.
 

Tony

White bear (Admin)
Admin
Apr 16, 2003
22,011
611
49
Wales
www.bushcraftuk.com
ok all, let's calm down a bit till we've sorted this out a little, there's no point having more fuel added to the fire, enough has been said already.
 

Martyn

New Member
Aug 7, 2003
5,252
31
54
staffordshire
www.britishblades.com
The ISP address will do, we all have those
It's of mixed benefit Rich. Tracking someones IP is only really any use if they use a service provider who issues unique IP's on each login. With ADSL it can be helpful as people often dont reboot their router for months, even years. But some turn it off every day, which results in huge long lists of IP addresses, each of which get dynamically reallocated to other users of the same ISP. Also, some ISP's like AOL use a proxy server and route all their customers through that, making it impossible to track an individual back further than the proxy without the help of AOL itself. Also people who use dialups have a different IP on each connect. Again these IP's get reallocated to others and are used dynamically, meaning you often see the same IP allocated to completely different individuals who just happen to be using the same service provider. Sometimes you can proves things, but it's rare. More often you just get circumstantial evidence which supports a suspicion, which is all that is needed usually. Sometimes you get nothing to go on at all. It all depends on the type of connection and the service provider being used.

One thing I would say, is that in over 10 years of being a vbulletin admin, I have never known a genuine example of an account being brute-force hacked. Sometimes an individual may use a computer in a library, cafe or university and forget to log out, then another person clicks on a link in the browser history and gets logged in by the active cookie - but in this example, I think it's unlikely that the person used a library computer, if they are a web administrator, then they usually know to log out of such machines anyway. The person is using a domain email address, which means they either have domain control or an allocated email address from someone who has domain control - meaning they are authorised one way or the other. It's possible that the account on here was accessed on an office or shop computer and then left open and another employee wrote the messages, but that's not much better.

In short, it's almost unheard of to have a vbulletin account brute-forced hacked, so that's out. It's possible a public computer was used and the user forgot to log out, but I doubt it (and an IP search would reveal the use of libraries/cafes/universities etc as they do use static IP's). It's possible a work computer was used and another employee made the comments - but I doubt it, why would they? The issue of "dont phone the shop, contact me directly" makes me smell a rat too. As Ged said earlier, that's not how companies do things. Web developers dont suddenly become complaints handlers (unless the owner, web developer and complaints handler are all one person). Lastly, the comments made in this thread are consistent with the history of the company and the numerous complaints made about their customer service and people skills. Conjecture mostly, draw your own conclusions, I've drawn mine. :)
 
It's of mixed benefit Rich. Tracking someones IP is only really any use if they use a service provider who issues unique IP's on each login. With ADSL it can be helpful as people often dont reboot their router for months, even years. But some turn it off every day, which results in huge long lists of IP addresses, each of which get dynamically reallocated to other users of the same ISP. Also, some ISP's like AOL use a proxy server and route all their customers through that, making it impossible to track an individual back further than the proxy without the help of AOL itself. Also people who use dialups have a different IP on each connect. Again these IP's get reallocated to others and are used dynamically, meaning you often see the same IP allocated to completely different individuals who just happen to be using the same service provider. Sometimes you can proves things, but it's rare. More often you just get circumstantial evidence which supports a suspicion, which is all that is needed usually. Sometimes you get nothing to go on at all. It all depends on the type of connection and the service provider being used.

One thing I would say, is that in over 10 years of being a vbulletin admin, I have never known a genuine example of an account being brute-force hacked. Sometimes an individual may use a computer in a library, cafe or university and forget to log out, then another person clicks on a link in the browser history and gets logged in by the active cookie - but in this example, I think it's unlikely that the person used a library computer, if they are a web administrator, then they usually know to log out of such machines anyway. The person is using a domain email address, which means they either have domain control or an allocated email address from someone who has domain control - meaning they are authorised one way or the other. It's possible that the account on here was accessed on an office or shop computer and then left open and another employee wrote the messages, but that's not much better.

In short, it's almost unheard of to have a vbulletin account brute-forced hacked, so that's out. It's possible a public computer was used and the user forgot to log out, but I doubt it (and an IP search would reveal the use of libraries/cafes/universities etc as they do use static IP's). It's possible a work computer was used and another employee made the comments - but I doubt it, why would they? The issue of "dont phone the shop, contact me directly" makes me smell a rat too. As Ged said earlier, that's not how companies do things. Web developers dont suddenly become complaints handlers (unless the owner, web developer and complaints handler are all one person). Lastly, the comments made in this thread are consistent with the history of the company and the numerous complaints made about their customer service and people skills. Conjecture mostly, draw your own conclusions, I've drawn mine. :)
i had to get my YOUNG son to translate this into english, lol
after reading the whole thread it does seam to sound like several companies i have heard about from several industries with questionable ethics. I come from a bee keeping forum and there is one person who has set up 4 companies one after another after each one fails, it does seem to be getting quite common, poor quality internet based services. shame realy as it does put one off from using this or other companies like them
 

Martyn

New Member
Aug 7, 2003
5,252
31
54
staffordshire
www.britishblades.com
i had to get my YOUNG son to translate this into english, lol
Sorry, what it basically says is I think our web developer is telling fibbs. ;)

Forum accounts almost never actually get hacked. It's a very difficult thing to do, that requires a lot of time and effort from a determined and technically knowledgeable individual. Which begs the question, why would they bother? Accounts that get compromised are almost always a result of carelessness - not logging out after using a public or office computer. If someone else at surplus and adventure made these comments, you again have to ask why would they? They would risk getting sacked for the bad PR. Which leaves public computers, libraries, universities and the like. If none of the IP's resolve to such, then the only other possibility, is our man is telling fibbs.
 
Last edited:

calibanzwei

Settler
Jan 7, 2009
885
0
40
Warrington, UK
It is even worth following up? General consensus is that either;
a/ you're a 'representative' of a negatively thought of company (not surprising regarding the stories told within this thread and your own attitude)
b/ a 'faker', trying to obtain client details by saying you're a/
c/ someone who has 'hacked' this account or either a/ or b/
d/ some combination of the above

Lock teh thread ;D
 

Corso

Full Member
Aug 13, 2007
4,824
241
none
It is even worth following up? General consensus is that either;
a/ you're a 'representative' of a negatively thought of company (not surprising regarding the stories told within this thread and your own attitude)
b/ a 'faker', trying to obtain client details by saying you're a/
c/ someone who has 'hacked' this account or either a/ or b/
d/ some combination of the above

Lock teh thread ;D
hmmm what he said.
 

Seoras

Mod
Mod
Oct 7, 2004
1,904
57
53
Bramley, Hampshire
Ok folks

I have deleted two posts that contain links to hacking forums. Until I speak with Admin they will stay that way.

Re the last few posts about calming down - Please do it.

Cheers

George
 

Tony

White bear (Admin)
Admin
Apr 16, 2003
22,011
611
49
Wales
www.bushcraftuk.com
It's very interesting that this thread has gone from issues with Surplus & Adventure to issues with bcuk, especially since we don't really have any, any system can be hacked but bcuk has not been, especially your account, it seems to me though that just to make sure we'll just make it completely unable to do anything so that any hacker gets bored, or maybe we should just delete it and have done.

Looking at the first IP's they were via 'threembb.co.uk' which is likely a mobile device of some sort, now I'd imagine that your mobile is less secure than bcuk so that's probably the first place to look.

I'll leave this thread open for now so that the actual issue of sorting out peoples purchases can be accomplished, if there's any more talk of someone else did this or that, the sites been hacked, etc etc, I'll ban the account, ban the IP's and do all the other stuff I can do and leave this for everyone to read including google.

Everyone, please now keep to the issue of items that need refunding, replacing etc and do not wander off anywhere else, I really have had enough of this one, thanks.
 
Thank you, I quite agree, the thread should be about customer problems and as I said when I first posted on the forum my offer is still there for any customer who is unable to resolve his or her complaint by phone or email.
I was going to suggest that a friend (someone I was at university with, who now runs an Internet security company) might take a look at the forums defences, but as you say why would anyone want to hack the forum. There is another possible way that the posts were made but let's get back to the original purpose of the thread!
If you can't say something good about someone, don't say anything at all
.
 

mrcharly

Bushcrafter (boy, I've got a lot to say!)
Jan 25, 2011
3,246
33
North Yorkshire, UK
I was going to suggest that a friend (someone I was at university with, who now runs an Internet security company) might take a look at the forums defences, but as you say why would anyone want to hack the forum.
.
If I were the forum owner, no way would I let a random stranger, recommended by another stranger "take a look at the forum's defences".
If there was a problem with the forum defences, then we would be seeing problems with more than one person's account.

The fact that this has not happened suggests that the problem you have had must be entirely down to problems at your end.
 

Martyn

New Member
Aug 7, 2003
5,252
31
54
staffordshire
www.britishblades.com
If I were the forum owner, no way would I let a random stranger, recommended by another stranger "take a look at the forum's defences".
If there was a problem with the forum defences, then we would be seeing problems with more than one person's account.

The fact that this has not happened suggests that the problem you have had must be entirely down to problems at your end.
The forum hasn't been hacked, it's BS.
 

Martyn

New Member
Aug 7, 2003
5,252
31
54
staffordshire
www.britishblades.com
Thank you, I quite agree, the thread should be about customer problems and as I said when I first posted on the forum my offer is still there for any customer who is unable to resolve his or her complaint by phone or email.
I was going to suggest that a friend (someone I was at university with, who now runs an Internet security company) might take a look at the forums defences, but as you say why would anyone want to hack the forum. There is another possible way that the posts were made but let's get back to the original purpose of the thread!
.
Mate, if you want to move forward, then I would stop trying to blame forum security issues for the ill-advised comments either you, someone in your house or in your office made earlier in this thread. It's obviously BS and it's just irritating. A simple apology would have bought more grace. A wise man once said, if you find yourself in a hole, stop digging.