StanCams
-
Content Count
7 -
Joined
-
Last visited
Posts posted by StanCams
-
-
I found some info on the dark web about the recent attacks against DVRs on a paste site: http://depastedihrn3jtw.onion.link/show.php?md5=62d1d87f67a8bf485d43a05ec32b1e6f (foul language warning)
Obviously no way of verifying accuracy but reported symptoms seem to match the descriptions
-
Is it plugged into your LAN and accessible from the Internet? Try unplugging it and see if the rebooting stops. There are currently a lot of systems being hacked/attacked.
-
These look like 3 standard off-the-shelf dome cameras (can't tell manufacturer based on photo) mounted to a custom enclosure box which hides/protects the connectors etc PoE wiring stuff.
-
Hi
The GM in "GM login" stands for Grain Media (www.grain-media.com)
The most common default root password for these units is "GM8182" (without quotes)
Hope that helps
-
This is Brickerbot. Your camera is available to anyone on the Internet and it's getting attacked. Either make it LAN-only or host it behind a VPN. Or use a firewall to restrict access to whatever remote IPs you need to access it from.
-
Sorry for the late reply. I wasn't able to register an account back when mikacctv first asked the question and for some reason it worked this time
This is almost certainly what's known as "BrickerBot" attempting to disconnect a hacked/insecure camera from the Internet. Are you able to retrieve the user database by requesting http:///cgi-bin/user/Config.cgi?/nobody&action=get&category=Account.* ? If so then anyone on the Internet can get admin access to it and it'll end up being targeted by malware such as Imeij.
I recommend securing the camera behind a VPN or even just to limit access to it by a firewall. Simply changing the port is not a long-term fix. Avtech may also be able to offer a firmware upgrade which fixes the vulnerability (but they've been slow/unhelpful so far).
NVR3216 Power up boot issue
in IP/Megapixel Cameras and Software Solutions
Posted
Roughly 5-6 days ago some botnet started to exploit an NTP vulnerability affecting also this kind of NVR (with one or more default login accounts present). BrickerBot added a payload for it 3 days ago. Chances are that your flash partitions have been wiped.