Plantronics + Polycom. Now together as Poly Logo

RP media Server Hacked email function

SLU
Occasional Visitor

RP media Server Hacked email function

I was just informed by our postmaster that our RP media server is sending out spam emails\

 

I see no email SMTP settings from the admin web portal so it has to have been done via the linux root access.I do see a log with the name of the mail server process with all the errors in it

 

I have a call in to our vendor who supports this equipment to see about a remedy, but two things confuse me.

 

1 Our network engineers told me the SSH port was blocked by our firewall so they couldnt use port 22 from the outside.

 

2. they guessed or hacked the polycom root password for the box, I am assuming its a generic password polycom uses for service and somehow this got out?/

Message 1 of 5
4 REPLIES 4
Polycom Employee & Community Manager

Re: RP media Server Hacked email function

Hello SLU,

welcome to the Polycom Community.

I am not aware of any similar cases but have made our security department aware.

 

Can you contact me via community mail with details like the serial number etc. so the relevant support team in your region can work with yourself?


Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 5
SLU
Occasional Visitor

Re: RP media Server Hacked email function

Thank you for your reply, I have a ticket in with the vendor and spoke with them, they are now escalating it to Polycom Support.

 

It seems we nee dto disable the smpt service itself in root, since when I access the admin web gui page smpt is not checked!!!

 

the hacker seems to be using the mail server as a relay

 

If they dont resole the issue I will follow up with you

Message 3 of 5
Polycom Employee & Community Manager

Re: RP media Server Hacked email function

Hello SLU,

 

I am already in touch with our Security department and also send you an email.

 

If you respond to this you get faster access as going through your vendor. They should open a ticket with Polycom in parallel but I assume working with our security department makes more sense.

 

Best Regards

 

Steffen Baier




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 5
SLU
Occasional Visitor

Re: RP media Server Hacked email function

email sent

Message 5 of 5