SEGA made the right decision. vBulletin is a scourge that (Thank God.) is slowly yet surely dying. The vBulletin software is buggy, and while they keep several major versions alive and officially supported (3.x, 4.x, 5.x, etc.), if you aren't running the newest one, then you only *might* get bug fixes. But it is better to run the older ones anyway, because the vBulletin company will introduce new features with even more severe bugs into the newest major series and often not fix the old bugs as new features take priority over fixing bugs.
And forget creating and implementing themes, that's a damned nightmare! I'm not joking: it took me almost **two months of active development** to create a good substitute for the old theme for a forum which I run when we "upgraded" from 3.x to 4.x. The whole time there were tons of pressure on me to get things done because PEOPLE COULDN'T READ THE FORUM as the theme was supposed to be a dark theme and the theming functions only supported bright/light themes well. And with vBulletin's spaghetti code, you'd get something created, it would look good within the administrative area, and then when you'd deploy it, IT WOULD HAVE TONS OF VISUAL BUGS sending you right back to the drawing board.
Did I mention that it has --three different text editors--, each of which behaves and looks different depending on if JavaScript is enabled or not?
And what does the vBulletin company expect out of you for the privilege of running this software? HUNDREDS OF DOLLARS in upgrade fees every two or so years if you want the newest major series of its software no matter how much you've spent on their software in the past.
Forget vBulletin. Do the smart thing and use good open source forum software like Dreamcast Talk does. Dreamcast Talk's phpBB works great and nobody has to pay anything for it. And with so many wonderful forum softwares out there like phpBB, TalkBoard, Simple Machines Forum, MyBB, YaBB, FluxBB, and PunBB, there really is no good reason to go with bad old vBulletin.
But you don't have to take my word for it.
From Episode #642 of Security Now!:
The public 0-Day disclosures were deliberately made by researchers out of frustration after the vBulletin maintainers failed to acknowledge any communications for nearly a month. So this means that a huge number of vBulletin sites are CURRENTLY vulnerable and, as we know, that even after vBulletin is updated, many sites are likely to remain vulnerable.
here is hoping many new memories will be made soon
