View unanswered posts | View active topics


Reply to topic  [ 13 posts ] 
Author Message
  
 Post subject: HACKED appears on all my Cameras
PostPosted: Sat Oct 21, 2017 3:47 am 
Registered User

Joined: Oct 2017
Posts: 3

Offline
My CCTV has been HACKED

Basically I noticed that my external viewing stopped working and found that I had been hacked.

All cameras colour/contrast settings set so that showing black instead of camera picture (although camera still working if reset contrast etc..

Each camera name changed to ‘HACKED’
Network settings changed as in pic below.
PPPoE username and password changed


Image
Image

So I googled and read that it could be down to default passwords or backdoor through the actual cams.

I reset all of the passwords, changed my network settings back, renamed the cameras back and exposed to internet again to see if it happened again as there are risks with updating firmware I might brick the cameras.

All was ok for a few days and then I was HACKED again in exactly the same way except that the cameras were mostly renamed to HACKED but one ws named Upgrade and one named firmware.

It was almost as if someone was telling me that they had hacked me and that I needed to update my firmware.


Therefore, I am now going to update firmware on cameras and DVR, reset passwords and look at my port forwarding and avoid defaults and unnecessary port forwarding rule

My Setup:
Cameras wired connections to iappollo DVR
DVR wired connection to network bridge
Bridge wireless connection to Router

Setup:
Max Connection 128
HTTP: 80
TCP: 37777
UDP: 37778
HTTPS: 443
RTSP 554

Router setup with dynamic DNS
Router port forwarding setup for Ports above.

But I have gaps in my understanding of the network settings on the dvr ports etc and have some questions.....

1. Maximum Connection 128 – is this maximum concurrent users? If so If I want to allow a maximum of 2 external concurrently would I set to 2 or do I need it higher because my router is connected and cameras are connected etc.?

2. HTTP port 80. I assume that this is to allow me to externally connect to the DVR via an internet browser? If that is the case and I only want to be able to connect via mobile phone and the mobile phone app only uses 37777, am I right in assuming that if I turn off port forwarding for port 80 on the router I can still connect via 37777 via TCP on mobile app?

3. TCP 37777, assume I need this one but should I change the number as bots likely to scan this port more often than some obscure port number? If yes Any port numbers I can not use or should use?

4. UDP 37778 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 377778?

5. HTTPS 443 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 443?

6. RTSP 554 - for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 554?

7.
If I need to upgrade firmware is it just on the DVR or do i need to do it on each camera? How would I do it for the cameras via the apollo DVR?

8.
So I only need to access my cctv from two mobile phones via app IDMSS plus. In this app I only and the only port that I enter on the app is 37777 Image, does that mean that this is the only port that I need to forward on my router in order to get the live view on my mobile or would the app need to use other ports such as 554 to make the live view appear (and port number is invisbly embedded n the code of the app or something?

9.
Last question, I only need (want actually) to access my CCTV from two o2 mobile phones. Is there a way to block everything except these two mobile phones? I assume that this could only be done by only allowing their IP address? And problem is that this changes? Could I use Dynamic DNS from the requesting end (if that makes sense?)


A lot of questions but any answers will help my understanding a great deal and any other useful info would be much appreciated.

Thanks


Last edited by Mattcctv on Sat Oct 21, 2017 8:06 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Sat Oct 21, 2017 6:37 am 
Registered User

Joined: Oct 2017
Posts: 3

Offline
I have looked at the logs and this is the first time I was hacked. The day before some IP in Russia logged in and out and then the next day was hacked by IP address in Argentina
Image
Image
Image
Image


Then hacked again IP address in Ukraine. This time changing names of cameras with message to update firmware? - friendly hacker?
Image

Image

Image

Image


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Sat Oct 21, 2017 6:46 am 
User avatar
Integrator

Joined: Aug 2009
Posts: 8413

Offline
Hi. You only need to forward port 37777 and don’t portforward anything else.
Also reload your app as another was released Thursday

It does not matter re doing ports of passwords if you don’t also change your IP address.

If you want someone to phone you at home you give them your telephone number

It’s the same with your IP address it’s like the telephone to your Network once someone has it they can use it.

A full router reset is also a good idea


Which ddns service did you use ...... did you set it up ?

Also check your PM I have sent you a message and you need to act on it


Last edited by tomcctv on Sat Oct 21, 2017 7:10 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Sat Oct 21, 2017 7:08 am 
User avatar
Integrator

Joined: Aug 2009
Posts: 8413

Offline
Hacked twice Russia and from Argentina


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Sat Oct 21, 2017 9:08 am 
Registered User

Joined: Oct 2017
Posts: 3

Offline
Cheers Tomcctv much appreciated

I use no-ip and set it up myself

Someone advised I set up a vpn but don't know how much money and effort required.

Do i need to update firmware on cameras as well as the apollo?


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Sat Oct 21, 2017 9:21 am 
User avatar
Integrator

Joined: Aug 2009
Posts: 8413

Offline
Hi. No don’t update

Remove your no ip account

Your using the Apollo ... good system

Delete your no ip and follow the link I have sent to your PM

Much more secure and protected


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Mon Dec 18, 2017 5:36 pm 
Registered User

Joined: Sep 2017
Posts: 1

Offline
is there a follow up on this concern. did you finally keep you system safe?


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Mon Dec 18, 2017 9:43 pm 
Registered User

Joined: Nov 2013
Posts: 2226

Offline
Sammy el toro wrote:
is there a follow up on this concern. did you finally keep you system safe?

The hack is directly related to a hikvision backdoor that they patched in the latest firmware. Passwords wont help....it will happen again when a new vulnerability is found...best solution is to use a vpn. The backdoor was found by montecrypto and published on ip cam talk .com

https://ipcamtalk.com/threads/backdoor- ... ras.17523/

Never forward ports in ip cameras or NVRs....


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Wed Dec 20, 2017 1:00 pm 
Registered User

Joined: Apr 2010
Posts: 159

Offline
Boogieman, this is Dahua , not Hikvision!
I suggest upgrading firmware to the latest version, setting strong passwords (mix uppercase and lowercase letters, numbers and special characters) and changing ports. Works on Hikvision, hope it works on Dahua too. This happens on systems running with default passwords and ports, no special backdoor needed. Newer versions of Hikvision firmwares do not allow simple passwords, and that's it.


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Wed Dec 20, 2017 2:48 pm 
Registered User

Joined: Nov 2013
Posts: 2226

Offline
almelst wrote:
Boogieman, this is Dahua , not Hikvision!
I suggest upgrading firmware to the latest version, setting strong passwords (mix uppercase and lowercase letters, numbers and special characters) and changing ports. Works on Hikvision, hope it works on Dahua too. This happens on systems running with default passwords and ports, no special backdoor needed. Newer versions of Hikvision firmwares do not allow simple passwords, and that's it.

Same crap...https://ipcamtalk.com/threads/dahua-rec ... ked.22549/ they were hacked as well, but even worse, because it applies to NVR/DVR's as well not just the cameras with the hikvision hack.....setting strong passwords is completely worthless as these hacks (and there WILL be more) bypass any passwords. Only incompetent installers and fools recommend port forwarding. Changing ports is a fools errand...they use port scanners.


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Wed Dec 20, 2017 7:57 pm 
Registered User

Joined: Dec 2012
Posts: 895

Offline
Hmmm, No more peddling cheap IP cameras from China ????


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Thu Dec 21, 2017 1:13 am 
Registered User

Joined: Nov 2013
Posts: 2226

Offline
SunnyKim wrote:
Hmmm, No more peddling cheap IP cameras from China ????

Oh, the china scammer is back...let me help you, any normal person trust nothing from china, we dont give the cameras or nvr any internet access..see? we are smarter than you!
Oh and your junk dvrs that you sell are also subject to hacks...https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01
Xiongmai supplies parts for much of the low end junk coming from china, including the garbage you recommend and sell..
So what was that you were trying to say? your stuff is even worse. You are a cheap china seller trashing cheap china stuff...fool, you do realize that your dvr's are internet connected right? Thankfully this forum is dead. You would never be allowed to post your garbage on ipcamtalk...


Top
 Profile  
Reply with quote  

  
 Post subject: Re: HACKED appears on all my Cameras
PostPosted: Thu Dec 28, 2017 3:10 pm 
Registered User

Joined: Jun 2012
Posts: 195

Offline
You need to upgrade the firmware to get rid of the hack as they are able to bypass and reset the login information. If it's exposed to the internet, the firmware should be upgraded.

_________________
Eric G.


Top
 Profile  
Reply with quote  

Display posts from previous:  Sort by  
Reply to topic  [ 13 posts ] 


Who is online

Users browsing this forum: Google [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

It is currently Fri Feb 23, 2018 9:31 am

The contents of this webpage are copyright © 2003-2016 CCTVForum.com. All Rights Reserved.