Announcement

Collapse
No announcement yet.

Hackers!!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    MattR
    Senior Member

  • MattR
    replied
    I'm confused; you acknowledge that it is beta and inherently risky, then you require that they should personally apply patches to your beta code?

    Ridiculous!

    There’s no obligation for them to do ANYTHING for your beta code! They state that ‘well it’s beta so there could be huge holes, we will release new versions to fix’ – that’s what happens when you purchase beta-code. Seems like a case of ‘buyer beware’.

    I think this sums it all up:
    It's a support issue, not a software issue.
    Note: Since vBulletin 2.0.0 is BETA grade software, we can't guarantee that it will be free of bugs. Also, we're unable to offer any official support for this version.
    Yes, it is unfortunate that you got hacked. However, you assumed those risks when you installed BETA code in PRODUCTION use. Jelsoft installed the BETA code and said ‘well, that’s all the help you’re going to get from us. Remember this is unsupported and could explode’. There are hundreds (or thousands) of people who have purchased vB. They may have paid for installation. HOWEVER, after the transaction is complete and Jelsoft has installed it (again if they paid for it) then Jelsoft’s role is complete. They have ZERO further obligation to you. If you want the latest version you can install it yourself or pay again.

    Leave a comment:

  • tubedogg
    Senior Member

  • tubedogg
    replied
    Originally posted by jtracy
    My concern was over one support issue and how Jelsoft handled that issue.
    Professional installation/upgrading, which costs $135, is not a support issue. Support is free via www.vbulletin.com/support and through these forums. Personally I would not have even offered installation for the beta version, but that's just me. They did, however they did it under the same terms as if they installed v1.1.6 and you wished it to be later upgraded - it costs $135 ($60 at the time I believe) and any subsequent upgrades may be applied by the customer (at no cost) or they may be applied by Jelsoft (at additional cost).

    What I don't believe you to be understanding, based on your posts, is that beta software is inherently risky. Chances are there are security holes and if so, if they get out they can be exploited by less-than-upstanding folks. Continuing to run beta software well after a stable and secure version is released is just not smart. By Jelsoft installing the beta software for you, you agreed to the terms - included in this were the fact that the beta software is likely not totally stable and secure, and unfortunately it was not.

    I don't feel you deserve a free upgrade any more than anyone else. Yes it is very unfortunate that your forums were hacked. Yes we wish that had not happened. However I have to believe that if one runs a website, they are capable of uploading files, typing in a URL, and clicking "Next" through some scripts. That is what is involved in upgrading.
    I find it hard to believe that you had the beta release forums installed and then didn't check back with Jelsoft or these boards for 3 months. And if you did, then you knew that vBulletin 2.0.0 was released. Why did you wait to upgrade? I would think that someone who was reviewing a product for a magazine would want to be running the latest version. I also agree with thewitt in that if you were indeed reviewing it for a magazine, why in the world would you use a beta version?

    Leave a comment:

  • thewitt
    Senior Member

  • thewitt
    replied
    You know Joe, it's actually a very simple dynamic.

    If you come into a vendor managed product support community forum where the majority of the customers are extremely pleased with the support, service and quality of the product, and you start mud slinging and threatening the people who are providing that service and product, you will get at least one person who reacts poorly.

    In this case that person was me.

    If this surprises you, or offends you, I'm sorry. You should have addressed your problems with the vendor in private and not in a public forum.

    I'm finished with this thread now. I'm not adding any value and it's time for me to shut the **** up.

    -t

    Leave a comment:

  • thewitt
    Senior Member

  • thewitt
    replied
    Originally posted by jtracy
    [clip]Once again you've made mischaracterizations and a personal attack. I did not say I would give vBulletin a "negative review" if, as you falsely assert, they didn't immediately address the situation. My concern was over one support issue and how Jelsoft handled that issue. In reality, if you read through the thread, you will see these quotes from me:[clip]
    Oh I think I understood from the tone of your attack messages exactly what you were after. It was only after you were corrected and chided in this forum did you post anything positive. And again, if you characterize my responses as personal attacks, so be it. Get a life.

    Again, I don't represent Jelsoft in any way, and I would probably refund your money and ask you to return your license if you were my customer. I have little patience for customers who come into a public message board and start slinging mud around to get the attention of a vendor.

    Your messages were clearly aimed at leveraging something you don't deserve out of your pending review. If this was not your intent, you would not have even mentioned that Jelsoft's actions were (again, paraphrasing) "shaping the opinion you would write in your review."

    Not trying to leverage your upcoming review? Yeah, right.

    As far as Wayne's response goes, you are correct. He is a class act. I would not have been anywhere near as kind - which is of course why they will never ask me to support the product .

    -t

    Leave a comment:


  • jtracy
    replied
    thewitt,

    Once again you've made mischaracterizations and a personal attack. I did not say I would give vBulletin a "negative review" if, as you falsely assert, they didn't immediately address the situation. My concern was over one support issue and how Jelsoft handled that issue. In reality, if you read through the thread, you will see these quotes from me:

    "The problems arose in trying to get assistance in the issued security fix for the problem. It's a support issue, not a software issue. I have no quams about the excellent software, only about the way support handled the issue."

    and

    "vBulletin is, by far, one of the best forum programs out there. Even a bad support experience won't change that opinion in verbal or written form."

    As you can see, these quotes hardly constitute plans for an overall "negative review" over one support issue. Hopefully this clarifies things for you.

    Joe Tracy

    P.S. I think we both agree that Wayne A. Luke's response to this entire thread was one of great professionalism, service, and concern. And that's not always easy to do with customers who have had a bad experience.
    Last edited by jtracy; Sun 8 Jul '01, 11:28pm.

    Leave a comment:


  • jtracy
    replied
    wluke,

    Thank you for your excellent and professional response to my concerns. I will also add that even with you having only one person on support, I received a relatively fast response to my initial support inquiry, including one on the fourth of July (a Holiday).

    I have seen great customer service from Jelsoft in the past. My concern expressed here was only with this one support issue even though it appeared to turn into something bigger, which I clarified in the following post:

    "Jelsoft did a great job of outlining its beta program. I have no quams there. A major security issue arose that allowed people to break into vBulletin forums. No problem. It's beta software. That is to be expected and I accept that. The problems arose in trying to get assistance in the issued security fix for the problem. It's a support issue, not a software issue. I have no quams about the excellent software, only about the way support handled the issue. If there is a security fix to a major security hole that is being massively exploited then it seems right that Jelsoft would want to immediately install the security fix onto boards that people paid them to install while allowing others to manually upload the fix accordingly."

    Thank you again and keep up the great work.

    Continued Best,


    Joe Tracy

    Leave a comment:

  • thewitt
    Senior Member

  • thewitt
    replied
    Joe, you may think it was a personal attack, but not being part of the vB development or support team I am only reacting to my opinion of your post and your tactics here.

    Quite frankly I'm surprised that you resorted to the very unprofessional tactic of stating that you were going to write a bad review if Jelsoft did not immediately address your situation and make you feel better (paraphrasing). Very unprofessional indeed. My personal reaction would be to tell you to get stuffed. Obviously Jelsoft care more about you than I do.

    As for me not understanding the difference between an upgrade and a security fix, I most definatly understand. I also understand the risks of running beta software, and would expect that someone in your position would as well. Certainly if I were to review software for a living, I would not expect beta software to be treated like production software. Why you were even running beta software someplace that would be exposed to the general public and open yourself up for attack by hackers is suspect at best.

    Free upgrade service for any reason on a beta is just too much to expect. I believe your position is unreasonable, and we'll have to agree to disagee on that one.

    As I said however, Jelsoft's position on this one and mine are totally unrelated. I have no influence over them, their support policy, their upgrade policy or anything else. I'm just a satisfied customer and get ripped when I see someone demand something that they clearly do not deserve - in my opinion.

    -t

    Leave a comment:

  • Wayne Luke
    vBulletin Technical Support Lead

  • Wayne Luke
    replied
    Joe,

    I am sorry that you felt wronged by the Customer Service that you received. Our service to the customer is something that we are constantly trying to improve and I will mention your complaints to the other staff at Jelsoft.

    At the time of your attack which happened during a Beta Testing period we had 1 person in charge of installs and one person in charge of support. Since then we have increased the number of support staff to accomodate the demand.

    We currently have over 100 issues that we are working on not counting the issues posted in this forum. I know this is no excuse for the service you received but the two different security exploits discovered in vBulletin couldn't be fixed with a simple patch. They were major exploits and required a lot of work by the developers to fix.

    I know you had an unfortunate experience with our company and I can't change that now. What I can do is make sure that in the future we try harder to fulfill your needs as well as those of other customers. For many these forums are enough but some like yourself want or require extra support. Our new support team is here to make sure you get that. Please make sure to take advantage of our Support system located at http://vbulletin.com/support. The average response time is under 6 hours and we are working to lower that even more.

    Please feel free to contact me directly at [email protected], but you will most likely get faster responses through the support system.

    Sincerely,
    Wayne A. Luke
    vBulletin Support

    Leave a comment:

  • Steve Machol
    Former Customer Support Manager

  • Steve Machol
    replied
    Originally posted by jtracy
    BTW, smachol, I greatly appreciate the parameters in which you've discussed this issue here and elsewhere. I feel that your opinions have been balanced even when in disagreement.

    Respectfully,

    Joe Tracy
    Great - now I feel like a jackass for being as harsh as I was!

    Leave a comment:


  • jtracy
    replied
    Jelsoft did a great job of outlining its beta program. I have no quams there. A major security issue arose that allowed people to break into vBulletin forums. No problem. It's beta software. That is to be expected and I accept that. The problems arose in trying to get assistance in the issued security fix for the problem. It's a support issue, not a software issue. I have no quams about the excellent software, only about the way support handled the issue. If there is a security fix to a major security hole that is being massively exploited then it seems right that Jelsoft would want to immediately install the security fix onto boards that people paid them to install while allowing others to manually upload the fix accordingly.

    BTW, smachol, I greatly appreciate the parameters in which you've discussed this issue here and elsewhere. I feel that your opinions have been balanced even when in disagreement.

    Respectfully,


    Joe Tracy

    Leave a comment:

  • Steve Machol
    Former Customer Support Manager

  • Steve Machol
    replied
    Joe,

    I respectfully submit it's you who is not understanding the issue. Beta software is inherently risky. You had the option of having Jelosoft install a released and stable version (1.1.6). However you made the decision to have them install the beta instead.

    If we were talking about security problems in a stable version, then I'd be a lot more symathetic to your position. But that's simply not the case. Let's consider these questions:

    1) Did you or did you not ask Jelsoft to install the beta version of the software?

    2) Do you understand what beta software is?

    3) Were you informed, or otherwise had knowledge of, the inherent risks in installing a beta version of vB?

    4) Knowing that you were using a beta did you take the steps necessary to keep yourself informed of any bugs and security problems that might arise?

    In any beta testing program I've been aware of - including the one for vB 2.0 - it's been made very clear that the software is not stable and the customer uses it at his or her own risk. This is a far cry from your characterization of Jelsoft as 'blaming the customer'.

    Leave a comment:


  • jtracy
    replied
    thewitt,

    You obviously don't understand the issue (the difference between an "upgrade" and a "security fix"), so I won't try to explain it again. However, I don't just go "trashing" anyone in any article. I state facts as they occurred based on my experience as a reviewer. vBulletin is, by far, one of the best forum programs out there. Even a bad support experience won't change that opinion in verbal or written form.

    Joe Tracy

    P.S. Sorry you felt the need to launch a personal attack in your post. Such only weakens a person's position when they result to personal attacks versus simple discussions of the issue at hand. The reason our magazines and books do so well is because we are always very open and honest with our readers (even if it means losing advertising) and we also allow (and publish) decending opinions. When people can engage in conversations free of personal attacks then you can have some great discussions and debate. Even though you appear hostile towards my position, I welcome your opinion and wish you the best.
    Last edited by jtracy; Sun 8 Jul '01, 4:37pm.

    Leave a comment:

  • thewitt
    Senior Member

  • thewitt
    replied
    Joe,

    I still don't understand your position on this one.

    You installed beta software.

    You paid for the installation - apparently because you were not technically capable of installing it yourself.

    Your beta software had a security hole.

    You went back and asked for a free installation of the next version of the beta or possibly the release software - I'm not sure which.

    Why do you think you are entitled to a free installation? What in your agreement with Jelsoft covered a free installation when you were running beta software?

    I would not suggest trashing Jelsoft in your magazine article. You will certainly look like a fool in my opinion.

    It's really very simple. Don't install beta software unless you are fully aware of the risks and costs associated with it. It's not complicated.

    I've just decided to not bother subscribing to your magazine - I was going to go looking for it - as if this is the attitude that guides your reviews, I'm not going to waste time reading them.

    It was beta software man. Give it a rest.

    -t

    Leave a comment:


  • jtracy
    replied
    Regarding Email on Security Issue:

    While I don't have a record of that email, if it was sent then I apologize for questioning such in my last statement. It's a good procedure to follow with such security issues and it looks like Jelsoft followed it. Good job.

    I do think it would have been good if the issue was given more urgency. At first glance the email appears like a simple newsletter or "upgrade update" versus the announcement of an urgent security fix. Still, it's good that something went out. Thanks for posting that, Philipp.

    Joe Tracy

    Leave a comment:

  • Philipp
    Senior Member

  • Philipp
    replied
    I further agree with smachol that an email should have been sent to all appropriate users over this major security problem.
    There was an email from Jelsoft:

    JELSOFT E-BULLETIN
    http://www.vbulletin.com
    March 8th, 2001

    ~ vBulletin 1.1.6
    ~ vBulletin 2.0.0 BETA 3
    ~ Your License Information
    ~ Contact Us

    ------------- VBULLETIN 1.1.6 NOW AVAILABLE --------------

    vBulletin 1.1.6 is now available for download from the members
    area.

    This release corrects several fairly severe security issues,
    and therefore we recommend that all customers download and
    install this version as soon as possible.

    Note: This update affects all PHP scripts. If you have hacks
    installed and would like an overview of changed code, you can
    use "Beyond Compare" to merge your hacks into the new version.

    Download vBulletin 1.1.6 Now:
    http://www.vbulletin.com/members/

    Beyond Compare:
    http://www.scootersoftware.com/

    ---------- VBULLETIN 2.0.0 BETA 3 NOW AVAILABLE ----------

    The third BETA version of vBulletin 2.0.0 is now available for
    download from the members area. As well as a raft of new
    features and bug fixes, the development team has also found
    and fixed a couple of security issues. We recommend that all
    customers who are currenting running a previous beta of
    version 2.0.0 upgrade as soon as possible to this release.


    For complete information about this new release, please visit:
    http://www.vbulletin.com/forum/showt...threadid=10841

    Download vBulletin 2.0.0 BETA 3 Now:
    http://www.vbulletin.com/members/

    Note: Since vBulletin 2.0.0 is BETA grade software, we can't
    guarantee that it will be free of bugs. Also, we're unable to
    offer any official support for this version. If you encounter
    any bugs/problems, please post a note in the following forum:
    http://www.vbulletin.com/forum/forum...php?forumid=19

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X