Jump to content
Dunsandle

QVIS Zeus-8 Botnet

Recommended Posts

I have a Zeus-8 with P/N 1.1.03.51.0195

S/N 826061100085

 

It is connected to the Internet and as a result of the attack on the Dyn service last year it was infected and apparently is being used as a botnet. This resulted in my IP address being blacklisted so I had to disconnect it from the Internet.

 

The supplier of the equipment told me that the manufacturers have no intention of developing a solution to the problem, new firmware or anything else which might resolve the issue. The unit is probably five years old.

 

Is there anything I can do?

Share this post


Link to post
Share on other sites

I have a Zeus-8 with P/N 1.1.03.51.0195

S/N 826061100085

 

It is connected to the Internet and as a result of the attack on the Dyn service last year it was infected and apparently is being used as a botnet. This resulted in my IP address being blacklisted so I had to disconnect it from the Internet.

 

The supplier of the equipment told me that the manufacturers have no intention of developing a solution to the problem, new firmware or anything else which might resolve the issue. The unit is probably five years old.

 

Is there anything I can do?

 

 

Hi. It is very unlikely as the 5 year old does not have p2p... it was manual setup.

 

Also black listed ip does not point to your isp. That still changes ... it's the ddns service that gives and holds your ip.

 

Who is your internet with ?

Share this post


Link to post
Share on other sites

Thanks for the reply.

 

I have a static IP address and anytime I put the Zeus on-line within 30 minutes I am blacklisted on two sites - ultratools.com and spamhaus.org. A technician at the suppliers said that a virus may reside in the ram or buffer used to load the firmware. I have tried changing password, rebooting, resetting, etc., to no avail. The mistake was that I stupidly did not change the password when initially installing it.

 

What does p2p mean? I am not very knowledgeable about all the terminology or technical terms.

Share this post


Link to post
Share on other sites
Hi. Why use a ddns if you have a static

 

Bots don't re wright.

 

What ports are open on your router

 

Hi tomcctv,

 

I am completely lost. I don't understand the question about ddns. I was told that I should, ideally, have a static address for my connection with www.dyndns.org, otherwise the service provider would assign a different address from time to time.

 

I don't know what ports are open or otherwise, I just have no idea.

 

Bots may not rewrite but can a hacker not change the firmware and make it a bot? What happened to the Zeus that causes my IP address to be blocked when connected? This happened almost immediately after the attack on the dyndns server on which I have my account.

 

Will I have to purchase a new dvr?

Share this post


Link to post
Share on other sites

Hi no you don't need a new dvr .... you also don't have a static ip from your internet provider

 

First thing you need to do is remove your ddns account

 

Did you set up the ddns or someone else ?

Who is your internet with ?

Share this post


Link to post
Share on other sites
Hi no you don't need a new dvr .... you also don't have a static ip from your internet provider

 

First thing you need to do is remove your ddns account

 

Did you set up the ddns or someone else ?

Who is your internet with ?

 

Hi,

 

My service provider provided me with the static address. I am in Ireland and my broadband is over what used to be an eircom line (now eir) but my provider supplies this service to me, not eircom.

 

Later addition:

 

When you say I need to remove my ddns account is that on my PC, my modem/router or the dvr?

 

OK, I have checked for the definition of ddns and now realise that is my DynDns account (I think). If I disable that how can I then see my cameras from anywhere?

 

I really appreciate your answers and your time and sorry for being so uninformed about the whole area. A friend set the system up for me and maybe that explains my total lack of knowledge.

Share this post


Link to post
Share on other sites
It is connected to the Internet and as a result of the attack on the Dyn service

 

Dyn is a ddns service

 

Who set the port forwarding for you ?

Share this post


Link to post
Share on other sites
It is connected to the Internet and as a result of the attack on the Dyn service

 

Dyn is a ddns service

 

Who set the port forwarding for you ?

 

My friend who set it up for me. Unfortunately, he is not in a position to help me at the moment.

 

What port should I look for? On checking the setup I find a TCP Port, a UDP Port and a HTTP Port. There is also a Preferred DNS and and Alternate DNS.

Share this post


Link to post
Share on other sites
You can list the ports

 

And all dns

 

TCP Port: 1010

UDP Port: 1011

HTTP Port: 80

 

Should I 'publish' the Preferred and Alternate DNS here? Would that lead to a security risk?

 

On the modem/router there is a setting in the Games section of 192.168.1.108 which is the address of the dvr.

Share this post


Link to post
Share on other sites

Pm me the dns settings. I just want to see what type

 

It's going to be deleted anyway as I will give you a free secure ddns that only you will have control

Share this post


Link to post
Share on other sites
Pm me the dns settings. I just want to see what type

 

It's going to be deleted anyway as I will give you a free secure ddns that only you will have control

 

Is the botnet or virus or whatever on my dvr or is it in the ddns?

Share this post


Link to post
Share on other sites
Pm me the dns settings. I just want to see what type

 

It's going to be deleted anyway as I will give you a free secure ddns that only you will have control

 

Is the botnet or virus or whatever on my dvr or is it in the ddns?

 

 

You don't have botnet...... it will be something from your ddns and since it was setup by someone else there could be others on the same account

Share this post


Link to post
Share on other sites

Hi your DDNS is linked to Eircom Limited

 

So that's ok. I will pm you a new DDNS .... Can't post it on here but you will understand were t is from

Share this post


Link to post
Share on other sites
Pm me the dns settings. I just want to see what type

 

It's going to be deleted anyway as I will give you a free secure ddns that only you will have control

 

Is the botnet or virus or whatever on my dvr or is it in the ddns?

 

 

You don't have botnet...... it will be something from your ddns and since it was setup by someone else there could be others on the same account

I doubt if there are others on the same account because it was set up with my username and password. My friend would not do anything like that.

 

Could it be that the attack on the ddns allowed the hacker(s) to compromise my account?

Share this post


Link to post
Share on other sites
Hi your DDNS is linked to Eircom Limited

 

So that's ok. I will pm you a new DDNS .... Can't post it on here but you will understand were t is from

 

Hi, I presume I will have to make changes in my router.

 

On the Dynamic DNS Service the following fields are:

 

Interface - check box

Username

Password

Confirm Password

Service

Host

 

The Service field is a drop-down with the following choices:

dyndns

statdns

custom

No-IP

DtDNS

gnudip

 

I assume the choice in this case would be custom?

Share this post


Link to post
Share on other sites
Hi your DDNS is linked to Eircom Limited

 

So that's ok. I will pm you a new DDNS .... Can't post it on here but you will understand were t is from

 

Hi, I presume I will have to make changes in my router.

 

On the Dynamic DNS Service the following fields are:

 

Interface - check box

Username

Password

Confirm Password

Service

Host

 

The Service field is a drop-down with the following choices:

dyndns

statdns

custom

No-IP

DtDNS

gnudip

 

I assume the choice in this case would be custom?

 

Hi,

 

I have it set up and I can connect. I really appreciate all the time, advice and assistance and for your patience. It felt like I was looking into the proverbial burning bush.

 

All the best and thanks again.

Share this post


Link to post
Share on other sites

Hi,

 

I meant to ask if there was a viewer for Windows 10? the viewer supplied with the DVR doesn't work even when running iExplorer.

Share this post


Link to post
Share on other sites

The DVR now has a red light on the 'net' led. I can only access the cameras over the internet infrequently. Sometimes I can view on my phone but other times it reports that it failed to connect. Is the DVR dying?

 

Share this post


Link to post
Share on other sites
On 3/3/2017 at 8:00 PM, tomcctv said:

Hi your DDNS is linked to Eircom Limited

 

So that's ok. I will pm you a new DDNS .... Can't post it on here but you will understand were t is from

I wonder if this account is now being attacked. The Dyndns account is deleted and I have disconnected the DVR from the Internet and changed passwords. I am still being blacklisted when I reconnect to the Internet so, either the attack is on this account or else I have a virus on the DVR and no way that I know of to clear it. Is it advisable to delete the existing account with you and create a new one?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×