Printer hacked (Stackoverflow)

Discussion in 'Troubleshooting Help' started by walker_2003, Mar 6, 2017.

  1. walker_2003

    walker_2003 Member

    Joined:
    Jan 15, 2003
    Messages:
    8,775
    Location:
    Canberra
    https://www.theregister.co.uk/2017/02/06/hacker_160000_printers/

    Customers printer was hacked, I blocked port 9100 and changed admin password on printer and they are still getting spammed prints asking for bitcoins.. I think is copy cats out there using Stackoverflow's method..

    Perhaps ill try ports 631 and 515..

    Anything else to do? Dont have printer details on me, I think its a Ricoh MPC model.
     
  2. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    2,987
    Location:
    Sydney
    Umm why is the printer internet facing?
     
  3. OP
    OP
    walker_2003

    walker_2003 Member

    Joined:
    Jan 15, 2003
    Messages:
    8,775
    Location:
    Canberra
    Well it was just installed by Ricoh guys into a router to share amongst the lan, but that router is also fed internet via a cisqo modem/router. Its a bit of a messy setup, but I didnt set it up.

    So maybe just block all external connections to the internal IP of the printer should resolve issue. Dunno why I didnt think of this earlier haha

    edit: Ahh was so I could remotely support them via teamviewer on server and dial into printers local site to troubleshoot, but might just disable it and have to support on site.
     
    Last edited: Mar 6, 2017
  4. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    2,987
    Location:
    Sydney
    The printer doesn't need to be internet facing mate. If you need to get into the printer, just team-viewer into a server and bring up the printer WebUI

    Suggest you review the printer and see if the firmware has been changed...

    Regards
     
  5. OP
    OP
    walker_2003

    walker_2003 Member

    Joined:
    Jan 15, 2003
    Messages:
    8,775
    Location:
    Canberra
    true that, i been lazy lol.. ill fix it up tonight.
     

Share This Page