Official BS.Player forums  

Go Back   Official BS.Player forums > Main forum > General Talk And Support

General Talk And Support General talk and peer-to-peer support about BS.Player and other video and audio multimedia players.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 26th January 2009
Junior Member
BS.Player Newbie
 
Join Date: Aug 2005
Posts: 4
Rep Power: 0
asidana is an unknown quantity at this point
Default FIXED - forum database compromised

just received this email

Code:
The following is an email sent to you by an administrator of "Official BS.Player forum". If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at the following address:

ssharmi24@gmail.com

Include this full email (particularly the headers). 

Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dear BSPlayer user,

It has come to our attion that our current version off BSPlayer has some security issues
We recommend you to update your version off BSPlayer with the link supplied below


FIXED:
- Fixed vulnerability
- movie settings (position) were not remembered in some cases, fixed
- in some cases chapters were not properly detected in MKV files, fixed
- problem with ML on secondary monitors

Download:
Click HERE


Regards,

The BSPlayer.org Management
Reply With Quote
  #2 (permalink)  
Old 26th January 2009
Junior Member
BS.Player Newbie
 
Join Date: May 2005
Posts: 5
Rep Power: 0
vaughny is an unknown quantity at this point
Default

I got this email too. :shock:
Reply With Quote
  #3 (permalink)  
Old 26th January 2009
Px Px is offline
Junior Member
BS.player Regular User
 
Join Date: Sep 2004
Location: Ukraine
Posts: 16
Rep Power: 0
Px is an unknown quantity at this point
Default

Same here
Reply With Quote
  #4 (permalink)  
Old 26th January 2009
GreGnet's Avatar
Member
BS.player Regular User
 
Join Date: Nov 2003
Location: France
Posts: 43
Rep Power: 0
GreGnet is an unknown quantity at this point
Default

Yes, same for me... :?
Reply With Quote
  #5 (permalink)  
Old 26th January 2009
Moderator
BS.Player Master
 
Join Date: Jan 2003
Location: Romania
Age: 57
Posts: 5,234
Rep Power: 32
adicoto is on a distinguished road
Default

Hotmail sent it directly to junk folder :D
Reply With Quote
  #6 (permalink)  
Old 26th January 2009
Ico-man's Avatar
BS.Support
BS.Player Power User
 
Join Date: Sep 2006
Location: Slovenia
Posts: 1,469
Rep Power: 10
Ico-man is on a distinguished road
Default xxx

We are on it. :!:
Reply With Quote
  #7 (permalink)  
Old 26th January 2009
Px Px is offline
Junior Member
BS.player Regular User
 
Join Date: Sep 2004
Location: Ukraine
Posts: 16
Rep Power: 0
Px is an unknown quantity at this point
Default

RFC822 header from letter
Code:
Return-path: <nobody>
Received: from [212.18.63.30] (port=40982 helo=fortis.presentia.si)
        by mx53.mail.ru with esmtp 
        id 1LRXWV-000GGi-00; Mon, 26 Jan 2009 22:53:31 +0300
Received-SPF: none (mx53.mail.ru: 212.18.63.30 is neither permitted nor denied by domain of fortis.presentia.si) client-ip=212.18.63.30; envelope-from=nobody@fortis.presentia.si; helo=fortis.presentia.si;
X-Mru-PTR: fortis.presentia.si
X-Mru-NR: 100
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: SI
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - bsplayer.com
X-AntiAbuse: User_id - 3214
X-AntiAbuse: Username - Tizio
X-AntiAbuse: User IP - 90.67.121.154
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fortis.presentia.si
X-AntiAbuse: Original Domain - mail.ru
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - fortis.presentia.si
X-Spam: Not detected
X-Mras: Ok
Reply With Quote
  #8 (permalink)  
Old 27th January 2009
Moderator
BS.Player Master
 
Join Date: Jan 2003
Location: Romania
Age: 57
Posts: 5,234
Rep Power: 32
adicoto is on a distinguished road
Default

Quote:
bsplayer0
Oh, sorry, i've missed this topic
Reply With Quote
  #9 (permalink)  
Old 27th January 2009
Moderator
BS.Player Master
 
Join Date: Jan 2003
Location: Romania
Age: 57
Posts: 5,234
Rep Power: 32
adicoto is on a distinguished road
Default

In fact, message originated from a Slovenian mailserver.
Reply With Quote
  #10 (permalink)  
Old 27th January 2009
BSPeter's Avatar
Moderator
BS.Player Master
 
Join Date: Nov 2002
Location: The Netherlands
Posts: 5,463
Rep Power: 32
BSPeter is on a distinguished road
Default

Ditto here (I sent an email to Mat2000 to place a warning on the website).
But fortunately who (in his right mind) would honestly believe BSPlayer team would make an update available through rapidshare! (and advise users accordingly using a gmail.com email-address)?
Nevertheless, the apparent exposure of BS.Player users' e-mail addresses seems a real SERIOUS and worrysome matter enough!!

In message displayed above Tizio is mentioned, however in message I received it reads:
X-AntiAbuse: Username - Mat2000
__________________
Help2Help (click) BSplayer: simply the best & most versatile (Build 1072 Dutch language here!)
When posting always mention your computer's OS and the version and build number(!) of BS.Player as used by you,
as well as - if applicable and especially when encountering problems - the type(s) of the file(s) mentioned in your post.
Private messages/Visitor messages are NOT for seeking personal help with respect to BS.Player! Instead use the forums!
Reply With Quote
  #11 (permalink)  
Old 27th January 2009
Px Px is offline
Junior Member
BS.player Regular User
 
Join Date: Sep 2004
Location: Ukraine
Posts: 16
Rep Power: 0
Px is an unknown quantity at this point
Default

Quote:
In message displayed above Tizio is mentioned, however in message I received it reads:
X-AntiAbuse: Username - Mat2000
Ah, my fault, copied wrong header, right
Code:
Return-path: <nobody>
Received: from [212.18.63.30] (port=40982 helo=fortis.presentia.si)
        by mx53.mail.ru with esmtp 
        id 1LRXWV-000GGi-00; Mon, 26 Jan 2009 22:53:31 +0300
Received-SPF: none (mx53.mail.ru: 212.18.63.30 is neither permitted nor denied by domain of fortis.presentia.si) client-ip=212.18.63.30; envelope-from=nobody@fortis.presentia.si; helo=fortis.presentia.si;
X-Mru-PTR: fortis.presentia.si
X-Mru-NR: 100
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: SI
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - bsplayer.com
X-AntiAbuse: User_id - 3284
X-AntiAbuse: Username - Mat2000
X-AntiAbuse: User IP - 90.57.121.154
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fortis.presentia.si
X-AntiAbuse: Original Domain - mail.ru
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - fortis.presentia.si
X-Spam: Not detected
X-Mras: Ok
Reply With Quote
  #12 (permalink)  
Old 27th January 2009
Kenfer's Avatar
Junior Member
BS.Player Newbie
 
Join Date: Feb 2003
Location: Moscow, Russia
Posts: 3
Rep Power: 0
Kenfer is an unknown quantity at this point
Default

Quote:
Originally Posted by BSPeter
But fortunately who (in his right mind) would honestly believe BSPlayer team would make an update available through rapidshare! (and advise users accordingly using a gmail.com email-address)?
unfortunately, there is lots of people who don't really know what "trusted source" is and why RS and Gmail is wrong.
Reply With Quote
  #13 (permalink)  
Old 27th January 2009
Px Px is offline
Junior Member
BS.player Regular User
 
Join Date: Sep 2004
Location: Ukraine
Posts: 16
Rep Power: 0
Px is an unknown quantity at this point
Default

Hm, it's strange - I've looked my inbox, and all other messages are from this topic, and their header is different, while in original message two strings differs from the post above
Code:
X-AntiAbuse: User_id - 3284
X-AntiAbuse: Username - Mat2000
Is someone edited my post for a joke, or problem is deeper? :)
Reply With Quote
  #14 (permalink)  
Old 27th January 2009
Junior Member
BS.player Regular User
 
Join Date: Jan 2007
Posts: 21
Rep Power: 0
laser21 is an unknown quantity at this point
Default

I got the same message...

It is suspicious at the first look for advanced users...but not everyone.

I guess making a sticky somewhere would be helpful...
Reply With Quote
  #15 (permalink)  
Old 27th January 2009
Junior Member
BS.Player Newbie
 
Join Date: Oct 2008
Posts: 5
Rep Power: 0
Caos is an unknown quantity at this point
Default

I got the same message...

:twisted: :twisted:
Reply With Quote
  #16 (permalink)  
Old 27th January 2009
Junior Member
BS.player Regular User
 
Join Date: Jun 2003
Posts: 20
Rep Power: 0
bardos is an unknown quantity at this point
Default

yes, i got this message this morning and was immediately suspicious.


Received: (qmail 17484 invoked by uid 503); 26 Jan 2009 22:31:11 -0000
Received: from unknown (HELO fortis.presentia.si) (212.18.63.30)
by server260.com with ESMTPS (DHE-RSA-AES256-SHA encrypted); 26 Jan 2009 22:31:11 -0000
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
(envelope-from <nobody@fortis.presentia.si>)
id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Reply With Quote
  #17 (permalink)  
Old 27th January 2009
Ico-man's Avatar
BS.Support
BS.Player Power User
 
Join Date: Sep 2006
Location: Slovenia
Posts: 1,469
Rep Power: 10
Ico-man is on a distinguished road
Default Do not click on this link

Please do not download anything from here: http://rapidshare.com/files/18978772...4.980_clip.exe
because it contains harmfull software (it doesn't have BS.Player in it)
.

We would never host our files on rapidshare, they are already alerted and they will remove the link in 24 hours. (Meanwhile, the link was removed.) We are not editing posts, so the problem is deeper. We are fixing it as we speak.
Reply With Quote
  #18 (permalink)  
Old 27th January 2009
Junior Member
BS.Player Newbie
 
Join Date: Mar 2008
Location: Slovenia
Posts: 4
Rep Power: 0
GregorBS is an unknown quantity at this point
Default

Here is another E-Mail Header just in case :) ... I received this mail on my Yahoo account:

Code:
From ssharmi24@gmail.com Mon Jan 26 18:49:20 2009
Return-Path: <nobody>
Authentication-Results: mta354.mail.mud.yahoo.com  from=gmail.com; domainkeys=neutral (no sig)
Received: from 212.18.63.30  (EHLO fortis.presentia.si) (212.18.63.30)
  by mta354.mail.mud.yahoo.com with SMTP; Mon, 26 Jan 2009 22:32:13 -0800
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
	(envelope-from <nobody>)
	id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
Content-Length: 926
Reply With Quote
  #19 (permalink)  
Old 27th January 2009
Moderator
BS.Player Master
 
Join Date: Nov 2003
Location: Italy
Posts: 3,037
Rep Power: 27
Tizio will become famous soon enough
Default

Quote:
Originally Posted by Px
Quote:
Originally Posted by BSPeter
In message displayed above Tizio is mentioned, however in message I received it reads:
X-AntiAbuse: Username - Mat2000
Ah, my fault, copied wrong header, right
Code:
Return-path: <nobody>
Received: from [212.18.63.30] (port=40982 helo=fortis.presentia.si)
        by mx53.mail.ru with esmtp 
        id 1LRXWV-000GGi-00; Mon, 26 Jan 2009 22:53:31 +0300
Received-SPF: none (mx53.mail.ru: 212.18.63.30 is neither permitted nor denied by domain of fortis.presentia.si) client-ip=212.18.63.30; envelope-from=nobody@fortis.presentia.si; helo=fortis.presentia.si;
X-Mru-PTR: fortis.presentia.si
X-Mru-NR: 100
X-Mru-OF: Linux (ethernet/modem)
X-Mru-RC: SI
Received: from nobody by fortis.presentia.si with local (Exim 4.69)
        (envelope-from <nobody>)
        id 1LRWWO-0002Ha-Fk; Mon, 26 Jan 2009 19:49:22 +0100
To: ssharmi24@gmail.com
Subject: IMPORTANT MESSAGE - Update your BSPlayer
Reply-to: ssharmi24@gmail.com
From: ssharmi24@gmail.com
Message-ID: <63a56c8b2179bf5d31f7ddf620090708>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 26 Jan 2009 19:49:20 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - bsplayer.com
X-AntiAbuse: User_id - 3284
X-AntiAbuse: Username - Mat2000
X-AntiAbuse: User IP - 90.57.121.154
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - fortis.presentia.si
X-AntiAbuse: Original Domain - mail.ru
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - fortis.presentia.si
X-Spam: Not detected
X-Mras: Ok
:shock: if you copied the wrong header where did you get an header with my username in from?
Anyway also the mail I received has Mat2000 as AntiAbuse Username

Yesterday I saw Mat2000 online more or less at the same hour my mailbox received the mail message (but I read the message only now) :roll:
__________________
BSP SkinMaker (v1.07) the one and only Skin Editor for BSplayer
BSP Definitions Manager (v1.02)
BS.Player's FAQ (by BSPeter) | Italian language file (v2.57 build 1051)
Reply With Quote
  #20 (permalink)  
Old 27th January 2009
mihhkel's Avatar
Senior Member
BS.Player Power User
 
Join Date: Sep 2004
Location: EE
Posts: 121
Rep Power: 21
mihhkel is on a distinguished road
Default

Another download-BS.player-from-RapidShare topic: http://bsplayer.com/forum/viewtopic.php?t=13411
And the apparent poster is ico-man :shock:
Something's wrong here...
Reply With Quote
Reply

Tags
compromised, database, forum

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules


All times are GMT +1. The time now is 01:14 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
Ad Management plugin by RedTyger

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20