Jump to content
Mattcctv

HACKED appears on all my Cameras

Recommended Posts

My CCTV has been HACKED

 

Basically I noticed that my external viewing stopped working and found that I had been hacked.

 

All cameras colour/contrast settings set so that showing black instead of camera picture (although camera still working if reset contrast etc..

 

Each camera name changed to ‘HACKED’

Network settings changed as in pic below.

PPPoE username and password changed

 

 

303051_2.jpg

303051_3.jpg

 

So I googled and read that it could be down to default passwords or backdoor through the actual cams.

 

I reset all of the passwords, changed my network settings back, renamed the cameras back and exposed to internet again to see if it happened again as there are risks with updating firmware I might brick the cameras.

 

All was ok for a few days and then I was HACKED again in exactly the same way except that the cameras were mostly renamed to HACKED but one ws named Upgrade and one named firmware.

 

It was almost as if someone was telling me that they had hacked me and that I needed to update my firmware.

 

Therefore, I am now going to update firmware on cameras and DVR, reset passwords and look at my port forwarding and avoid defaults and unnecessary port forwarding rule

 

My Setup:

Cameras wired connections to iappollo DVR

DVR wired connection to network bridge

Bridge wireless connection to Router

 

Setup:

Max Connection 128

HTTP: 80

TCP: 37777

UDP: 37778

HTTPS: 443

RTSP 554

 

Router setup with dynamic DNS

Router port forwarding setup for Ports above.

 

But I have gaps in my understanding of the network settings on the dvr ports etc and have some questions.....

 

1. Maximum Connection 128 – is this maximum concurrent users? If so If I want to allow a maximum of 2 external concurrently would I set to 2 or do I need it higher because my router is connected and cameras are connected etc.?

 

2. HTTP port 80. I assume that this is to allow me to externally connect to the DVR via an internet browser? If that is the case and I only want to be able to connect via mobile phone and the mobile phone app only uses 37777, am I right in assuming that if I turn off port forwarding for port 80 on the router I can still connect via 37777 via TCP on mobile app?

 

3. TCP 37777, assume I need this one but should I change the number as bots likely to scan this port more often than some obscure port number? If yes Any port numbers I can not use or should use?

 

4. UDP 37778 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 377778?

 

5. HTTPS 443 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 443?

 

6. RTSP 554 - for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 554?

 

7.

If I need to upgrade firmware is it just on the DVR or do i need to do it on each camera? How would I do it for the cameras via the apollo DVR?

 

8.

So I only need to access my cctv from two mobile phones via app IDMSS plus. In this app I only and the only port that I enter on the app is 37777 303051_1.png, does that mean that this is the only port that I need to forward on my router in order to get the live view on my mobile or would the app need to use other ports such as 554 to make the live view appear (and port number is invisbly embedded n the code of the app or something?

 

9.

Last question, I only need (want actually) to access my CCTV from two o2 mobile phones. Is there a way to block everything except these two mobile phones? I assume that this could only be done by only allowing their IP address? And problem is that this changes? Could I use Dynamic DNS from the requesting end (if that makes sense?)

 

 

A lot of questions but any answers will help my understanding a great deal and any other useful info would be much appreciated.

 

Thanks

Edited by Guest

Share this post


Link to post
Share on other sites

I have looked at the logs and this is the first time I was hacked. The day before some IP in Russia logged in and out and then the next day was hacked by IP address in Argentina

303053_1.jpg

303053_2.jpg

303053_3.jpg

303053_4.jpg

 

 

Then hacked again IP address in Ukraine. This time changing names of cameras with message to update firmware? - friendly hacker?

303053_5.jpg

 

303053_6.jpg

 

303053_7.jpg

 

303053_8.jpg

Share this post


Link to post
Share on other sites

Hi. You only need to forward port 37777 and don’t portforward anything else.

Also reload your app as another was released Thursday

 

It does not matter re doing ports of passwords if you don’t also change your IP address.

 

If you want someone to phone you at home you give them your telephone number

 

It’s the same with your IP address it’s like the telephone to your Network once someone has it they can use it.

 

A full router reset is also a good idea

 

 

Which ddns service did you use ...... did you set it up ?

 

Also check your PM I have sent you a message and you need to act on it

Edited by Guest

Share this post


Link to post
Share on other sites

Cheers Tomcctv much appreciated

 

I use no-ip and set it up myself

 

Someone advised I set up a vpn but don't know how much money and effort required.

 

Do i need to update firmware on cameras as well as the apollo?

Share this post


Link to post
Share on other sites

Hi. No don’t update

 

Remove your no ip account

 

Your using the Apollo ... good system

 

Delete your no ip and follow the link I have sent to your PM

 

Much more secure and protected

Share this post


Link to post
Share on other sites

Boogieman, this is Dahua , not Hikvision!

I suggest upgrading firmware to the latest version, setting strong passwords (mix uppercase and lowercase letters, numbers and special characters) and changing ports. Works on Hikvision, hope it works on Dahua too. This happens on systems running with default passwords and ports, no special backdoor needed. Newer versions of Hikvision firmwares do not allow simple passwords, and that's it.

Share this post


Link to post
Share on other sites

You need to upgrade the firmware to get rid of the hack as they are able to bypass and reset the login information. If it's exposed to the internet, the firmware should be upgraded.

Share this post


Link to post
Share on other sites

You really need to run these camera's behind a VPN and not forwarding a port. It's very easy to find common cameras that are exposed to the internet and utilize known vulnerabilities to get to them. Put the NVR behind a VPN and they will be good to go. You can go with something like pfSense as your router, use a raspberry pi to create an OpenVPN server connection, or to go simple, use a TP-Link AC2300 router with built in OpenVPN server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×