Official BS.Player forums

Official BS.Player forums (http://forum.bsplayer.com/index.php)
-   General Talk And Support (http://forum.bsplayer.com/forumdisplay.php?f=8)
-   -   FIXED - forum database compromised (http://forum.bsplayer.com/showthread.php?t=9246)

asidana 26th January 2009 09:01 PM

FIXED - forum database compromised
 
just received this email

Code:

The following is an email sent to you by an administrator of "Official BS.Player forum". If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at the following address:

ssharmi24@gmail.com

Include this full email (particularly the headers).

Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dear BSPlayer user,

It has come to our attion that our current version off BSPlayer has some security issues
We recommend you to update your version off BSPlayer with the link supplied below


FIXED:
- Fixed vulnerability
- movie settings (position) were not remembered in some cases, fixed
- in some cases chapters were not properly detected in MKV files, fixed
- problem with ML on secondary monitors

Download:
Click HERE


Regards,

The BSPlayer.org Management


vaughny 26th January 2009 09:05 PM

I got this email too. :shock:

Px 26th January 2009 09:08 PM

Same here

GreGnet 26th January 2009 09:15 PM

Yes, same for me... :?

adicoto 26th January 2009 10:02 PM

Hotmail sent it directly to junk folder :D

Ico-man 26th January 2009 10:50 PM

xxx
 
We are on it. :!:

Px 26th January 2009 11:25 PM

RFC822 header from letter
Code:

Return-path: <nobody>
Received: from [212.18.63.30] (port=40982 helo=fortis.presentia.si)
        by mx53.mail.ru with esmtp
        id 1LRXWV-000GGi-00; Mon, 26 Jan 2009 22:53:31 +0300
Received-SPF: none (mx53.mail.ru: 212.18.63.30 is neither permitted nor denied by domain of fortis.presentia.si) client-ip=212.18.63.30; envelope-from=nobody@fortis.presentia.si; helo=fortis.presentia.si;
X-Mru-PTR: fortis.presentia.si
X-Mru-NR: 100
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: SI
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - bsplayer.com
X-AntiAbuse: User_id - 3214
X-AntiAbuse: Username - Tizio
X-AntiAbuse: User IP - 90.67.121.154
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fortis.presentia.si
X-AntiAbuse: Original Domain - mail.ru
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - fortis.presentia.si
X-Spam: Not detected
X-Mras: Ok


adicoto 27th January 2009 12:18 AM

Quote:

bsplayer0
Oh, sorry, i've missed this topic

adicoto 27th January 2009 12:23 AM

In fact, message originated from a Slovenian mailserver.

BSPeter 27th January 2009 01:59 AM

Ditto here (I sent an email to Mat2000 to place a warning on the website).
But fortunately who (in his right mind) would honestly believe BSPlayer team would make an update available through rapidshare! (and advise users accordingly using a gmail.com email-address)?
Nevertheless, the apparent exposure of BS.Player users' e-mail addresses seems a real SERIOUS and worrysome matter enough!!
:wink:
In message displayed above Tizio is mentioned, however in message I received it reads:
X-AntiAbuse: Username - Mat2000

Px 27th January 2009 02:23 AM

Quote:

In message displayed above Tizio is mentioned, however in message I received it reads:
X-AntiAbuse: Username - Mat2000
Ah, my fault, copied wrong header, right
Code:

Return-path: <nobody>
Received: from [212.18.63.30] (port=40982 helo=fortis.presentia.si)
        by mx53.mail.ru with esmtp
        id 1LRXWV-000GGi-00; Mon, 26 Jan 2009 22:53:31 +0300
Received-SPF: none (mx53.mail.ru: 212.18.63.30 is neither permitted nor denied by domain of fortis.presentia.si) client-ip=212.18.63.30; envelope-from=nobody@fortis.presentia.si; helo=fortis.presentia.si;
X-Mru-PTR: fortis.presentia.si
X-Mru-NR: 100
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: SI
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - bsplayer.com
X-AntiAbuse: User_id - 3284
X-AntiAbuse: Username - Mat2000
X-AntiAbuse: User IP - 90.57.121.154
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fortis.presentia.si
X-AntiAbuse: Original Domain - mail.ru
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - fortis.presentia.si
X-Spam: Not detected
X-Mras: Ok


Kenfer 27th January 2009 02:23 AM

Quote:

Originally Posted by BSPeter
But fortunately who (in his right mind) would honestly believe BSPlayer team would make an update available through rapidshare! (and advise users accordingly using a gmail.com email-address)?

unfortunately, there is lots of people who don't really know what "trusted source" is and why RS and Gmail is wrong.

Px 27th January 2009 02:29 AM

Hm, it's strange - I've looked my inbox, and all other messages are from this topic, and their header is different, while in original message two strings differs from the post above
Code:

X-AntiAbuse: User_id - 3284
X-AntiAbuse: Username - Mat2000

Is someone edited my post for a joke, or problem is deeper? :)

laser21 27th January 2009 02:42 AM

I got the same message...

It is suspicious at the first look for advanced users...but not everyone.

I guess making a sticky somewhere would be helpful...

Caos 27th January 2009 07:36 AM

I got the same message...

:twisted: :twisted:

bardos 27th January 2009 07:47 AM

yes, i got this message this morning and was immediately suspicious.


Received: (qmail 17484 invoked by uid 503); 26 Jan 2009 22:31:11 -0000
Received: from unknown (HELO fortis.presentia.si) (212.18.63.30)
by server260.com with ESMTPS (DHE-RSA-AES256-SHA encrypted); 26 Jan 2009 22:31:11 -0000
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
(envelope-from <nobody@fortis.presentia.si>)
id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com

Ico-man 27th January 2009 10:10 AM

Do not click on this link
 
Please do not download anything from here: http://rapidshare.com/files/18978772...4.980_clip.exe
because it contains harmfull software (it doesn't have BS.Player in it)
.

We would never host our files on rapidshare, they are already alerted and they will remove the link in 24 hours. (Meanwhile, the link was removed.) We are not editing posts, so the problem is deeper. We are fixing it as we speak.

GregorBS 27th January 2009 02:03 PM

Here is another E-Mail Header just in case :) ... I received this mail on my Yahoo account:

Code:

From ssharmi24@gmail.com Mon Jan 26 18:49:20 2009
Return-Path: <nobody>
Authentication-Results: mta354.mail.mud.yahoo.com  from=gmail.com; domainkeys=neutral (no sig)
Received: from 212.18.63.30  (EHLO fortis.presentia.si) (212.18.63.30)
  by mta354.mail.mud.yahoo.com with SMTP; Mon, 26 Jan 2009 22:32:13 -0800
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
Content-Length: 926


Tizio 27th January 2009 06:51 PM

Quote:

Originally Posted by Px
Quote:

Originally Posted by BSPeter
In message displayed above Tizio is mentioned, however in message I received it reads:
X-AntiAbuse: Username - Mat2000

Ah, my fault, copied wrong header, right
Code:

Return-path: <nobody>
Received: from [212.18.63.30] (port=40982 helo=fortis.presentia.si)
        by mx53.mail.ru with esmtp
        id 1LRXWV-000GGi-00; Mon, 26 Jan 2009 22:53:31 +0300
Received-SPF: none (mx53.mail.ru: 212.18.63.30 is neither permitted nor denied by domain of fortis.presentia.si) client-ip=212.18.63.30; envelope-from=nobody@fortis.presentia.si; helo=fortis.presentia.si;
X-Mru-PTR: fortis.presentia.si
X-Mru-NR: 100
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: SI
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - bsplayer.com
X-AntiAbuse: User_id - 3284
X-AntiAbuse: Username - Mat2000
X-AntiAbuse: User IP - 90.57.121.154
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fortis.presentia.si
X-AntiAbuse: Original Domain - mail.ru
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - fortis.presentia.si
X-Spam: Not detected
X-Mras: Ok


:shock: if you copied the wrong header where did you get an header with my username in from?
Anyway also the mail I received has Mat2000 as AntiAbuse Username

Yesterday I saw Mat2000 online more or less at the same hour my mailbox received the mail message (but I read the message only now) :roll:

mihhkel 27th January 2009 07:50 PM

Another download-BS.player-from-RapidShare topic: http://bsplayer.com/forum/viewtopic.php?t=13411
And the apparent poster is ico-man :shock:
Something's wrong here...

mihhkel 27th January 2009 07:51 PM

Oh, and I got the e-mail, too, with "X-AntiAbuse: Username - Mat2000" in it.

adicoto 27th January 2009 08:14 PM

Quote:

Originally Posted by mihhkel
Another download-BS.player-from-RapidShare topic: http://bsplayer.com/forum/viewtopic.php?t=13411
And the apparent poster is ico-man :shock:
Something's wrong here...

The poster is indeed Ico-man, but someone hacked the forum and modified the link. I can't undo this as I don't have acces into that part of the forum, nor into the control panel.

Tizio 27th January 2009 08:28 PM

Link modified ;)

adicoto 27th January 2009 08:31 PM

Thank you.
And keep an eye on the forum ;)

Ico-man 27th January 2009 08:57 PM

BS.Player
 
I would urge for everyone (especially mods) to change your BS.Player forum password asap.

brother 1st February 2009 12:11 PM

Hi,

Does the tip "fixed" on this thread means that you already sealed the leakage?

regards,

©bROTHER


All times are GMT +1. The time now is 08:29 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
Ad Management plugin by RedTyger


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20