Feeds

vBulletin denies busting downloads in paid-up protester ban

Own employee says otherwise

SANS - Survey on application security programs

Updated Forumware giant vBulletin has vehemently defended its decision to ban paying customers from its own support forums after they complained about its new licensing scheme.

Now owned by the self-described new-media company Internet Brands, vBulletin offers messageboard software used by roughly 40,000 "online communities" across the web. Since the company announced an overhaul of its licensing setup earlier this month, customers have protested en masse at vBulletin's support forums, third-party forums, and various blogs.

Through its parent company, vBulletin acknowledges that it banned some customers from its support forum at vBulletin.com over the weekend in response to such protests, but it says that users had violated the company's terms of service and that they were given multiple warnings before the bans were brought down.

In doing so, the company has contradicted statements from multiple customers. Three paid-up vBulletin license-holders tell The Reg that the ban came down without even a single warning. "No warning about banning at all," says Anthony Cea, who holds three licenses.

"I received no warnings," another user tells The Reg. "No infractions, no requests to stop, nothing."

David Wolf, another license holder, says he was warned once about "trolling" when he questioned the legality of the company's new licensing scheme. But he says that he was later banned after a post that was not at all controversial.

vBulletin also denies that it prevented customers from downloading certain software modifications from a sister site at vBulletin.org - again contradicting statements from multiple users. David Wolf says he is still prevented from downloading "mods" at vBulletin.org.

The company denied blocking downloads in an email to The Reg, and Patrick Stack, a representative from Internet Brands business affairs team, said the same thing during a phone conversation. After indicating he would prefer if we did not record the conversation on tape, he specifically denied that the company had blocked downloads on vBulletin.org, saying "we were not denying people access to their ability to download for active licenses."

Stack also indicated that the users had imagined that their ability to download software had been restricted.

But a separate vBulletin representative acknowledges that the company revoked some users' ability to access vbulletin.org as licensed customers. This would prevent them from downloading software modifications from the site. The representative says it's standard practice when banning forum users to revoke their licensed status at both vbulletin.com, where the official support forum resides, and vbulletin.org.

"It prevents the user from registering again and starting issues over again," the representative said.

The representative also points out that users can download the same modifications from other sites. And though David Wolf says he still lacks licensed access to vbulletin.org, others say their licensed status has now been restored at the site.

Indeed, a post from a company representative on its support forums indicates that the company reversed its decision to deny licensed access to vbulletin.com. "The policy to automatically revoke their licensed status at vBulletin.org was discussed and changed," a company representative said on a private support forum thread here, which the The Reg has gained access to.

vBulletin announced its new licensing scheme on October 13, as it prepared the latest incarnation of vBulletin: version 4.0. Under the company's previous scheme, many users have paid a one-time fee for an "owned license" to the vBulletin software. This meant they could use the product for as long as they liked, though they would have to pay a small yearly fee in order to receive upgrades, support, and security updates. But under the new scheme, even those with owned licenses would not have access to updates and support unless they paid full price for the new package.

Typically, users paid $160 for a vBulletin owned license, before renewing it each year for an extra $40 to $60. Now, if they want security, updates, and support after the end of their license year, they will have to upgrade to vBulletin 4.0, which is priced at $250.

The company offered existing users a $130 discount on the product, but that expires today - before the release of the product. A beta of version 4.0 is available in the forums, but the CMS attached the new product in not yet available.

The company has also told users that its existing vBulletin blog add-on, which carries a lifetime license, will not work with vBulletin 4.0. If they want to continue using the existing blog add-on, they must use an old version of the product - for which they can't get updates and support.

The California-based Internet Brands purchased vBulletin in July 2007, and most of the original developers - including the lead developer - left the company this past summer. In the wake of our original article on the vBulletin, one former developer lobbed a link to the story into the Twittersphere: "So sad to see the company I helped build up screw customers over. Glad I bailed when I did, funemployment rocks."

Internet Brands' Patrick Stack dismissed the Tweet as "not too worrisome," saying it came from a "disgruntled former employee." ®

Update

Another person with knowledge of the matter tells us that the "mods" available at vbulletin.org are not available elsewhere on the web: "Contributions to vBulletin.org's resource community are limited to that site," the person says. "There is no other third party site that's official where the contributions are shared to."

This person specifically said that vbulletin.org mods are not shared with third-party sites like vbfans.com and vbhackers.com. But the person did say that developers are free to go to third party unofficial sites, such as vbfans.com or vbhackers.com, and publish their own work there.

3 Big data security analytics techniques

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.