Plantronics + Polycom. Now together as Poly Logo

RP media Server Hacked email function

Highlighted
Occasional Visitor

RP media Server Hacked email function

I was just informed by our postmaster that our RP media server is sending out spam emails\

 

I see no email SMTP settings from the admin web portal so it has to have been done via the linux root access.I do see a log with the name of the mail server process with all the errors in it

 

I have a call in to our vendor who supports this equipment to see about a remedy, but two things confuse me.

 

1 Our network engineers told me the SSH port was blocked by our firewall so they couldnt use port 22 from the outside.

 

2. they guessed or hacked the polycom root password for the box, I am assuming its a generic password polycom uses for service and somehow this got out?/

Message 1 of 5
4 REPLIES 4
Highlighted
Polycom Employee & Community Manager

Re: RP media Server Hacked email function

Hello SLU,

welcome to the Polycom Community.

I am not aware of any similar cases but have made our security department aware.

 

Can you contact me via community mail with details like the serial number etc. so the relevant support team in your region can work with yourself?


Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 5
Highlighted
Occasional Visitor

Re: RP media Server Hacked email function

Thank you for your reply, I have a ticket in with the vendor and spoke with them, they are now escalating it to Polycom Support.

 

It seems we nee dto disable the smpt service itself in root, since when I access the admin web gui page smpt is not checked!!!

 

the hacker seems to be using the mail server as a relay

 

If they dont resole the issue I will follow up with you

Message 3 of 5
Highlighted
Polycom Employee & Community Manager

Re: RP media Server Hacked email function

Hello SLU,

 

I am already in touch with our Security department and also send you an email.

 

If you respond to this you get faster access as going through your vendor. They should open a ticket with Polycom in parallel but I assume working with our security department makes more sense.

 

Best Regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 5
Highlighted
Occasional Visitor

Re: RP media Server Hacked email function

email sent

Message 5 of 5