Here we have a thread saying we could report vulnerabilities we found. However, in the rules that were presented to use during registration, we were instructed not to pentest this site because it can result in a permanent ban.
I suggest this site allows pentesting (SQLi, XSS, CSRF, LFI, RFI...) to some extents but of course with limits (No DDoS attempts, that's not even a hack anyway).
The decision was made on 'pentesting' the site after several issues with people doing so. It's against the rules. That is my understanding, if Xinapse says otherwise it'd be news to me. I've never actively encouraged it and won't do.
I'm sure Xinapse will get back to you with a definite ruling on the matter.
An alternative will be to allow only certain people to pentest this site. Everyone else is not allowed. Maybe have an application for it or something?
The main question is that would you rather people with malicious intentions find the vuln and actually exploit it? Better have people you can trust to report it find it soon before anyone else could.
If you do pentest the site, you're doing it at your own risk, chances are that our server firewall will block the IP that is performing the pen testing anyway, that's what happened once when I was port scanning with Nmap.
Do not Port scan or conduct vulnerability analysis of iexploit.org & server.
Anyway, let's wait for Xinapse's reply, locked until such time.