A customer of mine got this printout on their copier earlier this week: 35520 Seemed harmless.
The morning after, they got a full color "Good morning" printout (they actually liked this and thought I had done it remotely). Today, they received a 1999-page full color printjob of a dude sucking a schlong. Of course, an office full of women did not appreciate this material. Thankfully, they managed to stop it after nearly a ream of paper was gone through. I then got a personal call from them screaming at me to get there ASAP.

After doing some quick research, apparently there's a hacker out there connecting to wide-open network printers to make us 'aware' of the lack of security on printers. While the notice is appreciated, we could have did without the crude printout. To fix this, I ended up turning off IPP, changing the admin password, and turning off Airprint and Mopria. At the customer's router, I disabled DMZ (it had the printer IP wide-open to the net for some unknown reason) and ensured that Port 9100 was blocked.

Have any of you all out there encountered anything like this yet?

Sounds like this customer could use some serious , billable, IT services to secure things up a bit. If they're silly enough to leave their printer wide open, what else are they exposing?

At one time, around 1998 or so, I had a major university with about 90 Canon MFPs, and 2 production models with Fieries.

They were ALL on the public internet, and I was able to connect and print to any of them from wherever I fancied. Not that I would or did.

Fortunately for them, they wised up a bit once they had about a zillion "invasions", and locked everything down a bit more.

Good thing the Internet was much more of a novelty back then!

Maybe 2 or 3 years ago, I had an eCopy account that was pretty well out in the sticks.

They had a Ricoh MFP.

I had a hunch they were sadly lacking in the security department; turned out I was right.

One day, from their parking lot, I sat in my car, searched for wireless networks with my phone, and connected to theirs, all without a password.

From there, I was able to print to the Ricoh machine.

I walked in and showed the owner what I found, and was able to do. He thanked me and said he'd get his IT guy on it the same day.

I just re-read your post.

I can't say this loudly enough... this is NOT a printer issue!

Even if IPP printing is turned on, (some customers have a legitimate need for it), it is the customer's responsibility, NOT ours, to keep THEIR network secure.

With that said, though, you should always turn off all unnecessary protocols on the printer (including IPP, as long as it's not required) at installation time. It's a good practice to get into.

It's a lot easier (and safer) to have some printing fail, and need to enable some protocols, than to leave it all wide open, inviting gremlins.

I just re-read your post.

I can't say this loudly enough... this is NOT a printer issue!

Even if IPP printing is turned on, (some customers have a legitimate need for it), it is the customer's responsibility, NOT ours, to keep THEIR network secure.

With that said, though, you should always turn off all unnecessary protocols on the printer (including IPP, as long as it's not required) at installation time. It's a good practice to get into.

It's a lot easier (and safer) to have some printing fail, and need to enable some protocols, than to leave it all wide open, inviting gremlins.

Ken, I agree, definitely not a printer issue. But at the time, the customer was highly irate from having been exposed to smut printing out of their machine and, to top it off, having lost a bunch of color clicks which they cannot get back. Naturally, they now think the machine is insecure, so I tried to appease them by turning nearly everything off. I spent quite a while there trying to tighten things down for them. Their router wasn't even locked down correctly (still had default user and password, which I guessed and accessed within 10 seconds). This scenario is similar to many other small businesses that I run into; no knowledge or thought given to networking security. I explained everything as best I could and they will be billed next time.

By the way, here's a link that came out several days ago about a 'hacker's' claims: Hacker Claims He Hacked 150,000 Printers to 'Raise Awareness' About Hacking (http://gizmodo.com/hacker-claims-he-hacked-150-000-printers-to-raise-aware-1792067012)

I certainly don't agree with the obscenities, but in a way, this self-righteous whackadoodle really is providing a public service, crude as he may be.

He is drawing attention to a frequently overlooked security issue that can have potententially disastrous consequences if ignored.