The most trusted and popular consumer complaints website
Explore your opportunities! Create an account or Sign In

vBulletin / Charging for security fixes/patches

1 Howarth Lodge 7 Reading Road, Pangbourne, England, Berkshire, United Kingdom Review updated:
Contact information:
Phone: 1-877-326-6444

vBulletin is arguably the best forum software available. I have been a customer for nearly 10 years and have used their forum software in addition to phpBB and Invision Board. I keep going back to vBulletin because of its ease of use and powerful functionality. However, things seem to be changing over there at vBulletin headquarters of recent. They have developed a new and distasteful practice of charging customers for security fixes. When a company begins to establish practices that follow the line of blatant irrationality, it's time to start looking for other options.

Case and point: I currently own a license for vBulletin 3.6. It has been vBulletin's policy in the past to offer free security patches to customers with the same vulnerable version, which is quite logical (due to the very nature of php, it's always plagued with security problems). However, with a recent finding of a significant security hole, vBulletin released version 3.6.11 patch level 1 which fixed a flaw that could allow an attacker to compromise another user's account. Silly me, I thought I could get this patch free of charge as I had in the past. However, I found that it was not in my download area of the "Member Area" of vBulletin's website. Confused, I called their 800 number and spoke with a rep who only wished to argue. He told me that even though I had an "owned license" I was not eligable for this "upgrade". I proceeded to inform him that I wasn't interested in an "upgrade" and that I simply wanted the patch fixed. He informed me that I could have the patch fixed by upgrading for another year for $60. I then asked him if this "upgrade" contained any new features and enhancements to which he answered "No, just this security patch and bug fixes". I asked to speak to a supervisor and was informed that Steve Machol (vBulletin's customer support manager) is the only person who can wave the fee, and further more that he can only be reached by sending a general support inquiry via email, with his name in the subject line. So, I sent Steve an email and have waited for 2 weeks for which I have yet to receive a response. I have had no choice but to pay for the security fix as my forum was left wide open for attack.

It is absolutely shameful that a company would charge it's customers for security holes, disguized as "upgrades" when only patches and bug fixes are part of the package you are paying for. Thus I cannot recommend vBulletin to anyone unless they are willing to pay the price of future "upgrades" and security holes that will surely (and always have) plague this forum software.

Sort by: UpDate | Rating


  • An
      23rd of Oct, 2009
    -1 Votes

    Internet Brands has given their market share away to competitors, especially to open source forum software producers who do not charge any thing to forum owners to use their forum platforms.

    See this thread for complete information on this vBulletin licensing scam and for links to alternative forum software producers.

  • Ho
      8th of Dec, 2009
    0 Votes

    Ray Morgan resigned. That is great news. Now Bob Brisco needs to get rid of steve machol. Reason number 1, harassment of customers. After he is fired, remove all ban's that he put in place. Steve Machol shouldn't be allowed to ban customers.
    Once they clean up their house, the customers will start coming back and hopefully work to help bob bring his company forward.

  • It
      23rd of Dec, 2013
    0 Votes

    VBulletin basically does the job of a forum software, but leaves issue undetected at first, that should be revealed before purchasing. Most of the issue cannot be seen by the general public, as they are hidden in the password protected user area. None of their software will validate via the W3, which to me, clearly means that the programmers are not concerned with testing their software to make sure it is written to standards and does not contain basic underlying errors.

    Much much worse, is that the forum produces page after page of duplicate content, because every page can be addressed in many way. Your Google webmaster tools account will very shortly be filled with duplicate Title tags and Duplicate Descriptions and their is literally nothing you can do about it. VBulletin's response was to create a new version 5, instead of fixing the issues with version 4 first. To there credit, they do seem to be continuing to work on V4. But lets face it, if they cannot get VB4 to validate, why would anyone think they can do it with V5.

    The support team seems to be working hard to try and help, but they do not appear to be supported by the programmers, so any issue that has any type of complexity to it, will not be solved. At least that has been my experience. Judging from the post of others, if you push for a resolution, VBulletin staff tends to block you from further posting. Not a very honest or open way to do business.

    If VBulletin were cheap software, I would not complain to much, but it is quit expensive, so you would think it would be very well written as such. Unfortunately it is programmed more like cheap software, with obvious and seriously written flaws and a programming team that does not seem to be very professional.

    I cannot recommend VBulletin, nor can I advise against it, since I cannot recommend any other software that might be better, although I would think there would be. Should you decide to purchase, be aware of the duplicate content issues, that you will face. I would run any of there forum pages through the W3 validator, so you can get a feel for the quality or lack there of, also

Post your comment