Re: RP media Server Hacked email function - HP Support Community

Anonymous · ‎04-27-2017

I was just informed by our postmaster that our RP media server is sending out spam emails\

I see no email SMTP settings from the admin web portal so it has to have been done via the linux root access.I do see a log with the name of the mail server process with all the errors in it

I have a call in to our vendor who supports this equipment to see about a remedy, but two things confuse me.

1 Our network engineers told me the SSH port was blocked by our firewall so they couldnt use port 22 from the outside.

2. they guessed or hacked the polycom root password for the box, I am assuming its a generic password polycom uses for service and somehow this got out?/

SteffenBaierUK · ‎04-27-2017

Hello SLU,

welcome to the Polycom Community.

I am not aware of any similar cases but have made our security department aware.

Can you contact me via community mail with details like the serial number etc. so the relevant support team in your region can work with yourself?

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Anonymous · ‎04-27-2017

Thank you for your reply, I have a ticket in with the vendor and spoke with them, they are now escalating it to Polycom Support.

It seems we nee dto disable the smpt service itself in root, since when I access the admin web gui page smpt is not checked!!!

the hacker seems to be using the mail server as a relay

If they dont resole the issue I will follow up with you

SteffenBaierUK · ‎04-27-2017

Hello SLU,

I am already in touch with our Security department and also send you an email.

If you respond to this you get faster access as going through your vendor. They should open a ticket with Polycom in parallel but I assume working with our security department makes more sense.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Anonymous · ‎04-27-2017

email sent

RP media Server Hacked email function

Create an account on the HP Community to personalize your profile and ask a question