Jump to content
Sign in to follow this  
markebenson

DAHUA DVR Hacked help

Recommended Posts

I have a dahua dvr gets hacked about every three weeks.   Have changed passwords. 

The camera names change from hacked one, hacked two uprgade frimware 3. etc. 

system version 3.200.0001.2

web 3.1.0.4     

build date 2014-5-16

no help from dahua

any advice? 

 

Thx

 

Share this post


Link to post
Share on other sites

Hi. Not what you want to hear but it’s time for a new dvr

last update for that version was 2017 ... yours looks like no update since 2015

 

your also out of date for all the app updates 

you can’t repair the early dahua systems 2014-2017 the problem is in the units software..... DVRs are not expensive 

Share this post


Link to post
Share on other sites

I realize i can replace the dvr or all 30 dvrs of the same model that I we have. Was looking for a more technical answer from someone that is familiar with this hack.  Thx

Share this post


Link to post
Share on other sites
5 hours ago, markebenson said:

I realize i can replace the dvr or all 30 dvrs of the same model that I we have. Was looking for a more technical answer from someone that is familiar with this hack.  Thx

I am very familiar with the hack problems 

I did say your not going to like the answer. It is well documented there is no fix ... it is built into the software.  If you still have units working just don’t connect them to the internet. 
 

so what technical are you looking for ?

can you change software .... no ... only updates

but your system is 4 years out of updates last support from dahua 2017 .... this is why they won’t help

so what technical information are you looking for on a 7 year old system (2017 last update for 2013 upwards build)

also using remote apps and pps.... your system comes to end of life using DMSS as dahua will be removing that app this year .... it’s replaced by DMSS plus.. your unit is too old for the change

2013 to 2017 software build units 1000s got hit ..... not from hack coming into unit .... the unit created the path in and out of your network

what answer are you looking for

Share this post


Link to post
Share on other sites
19 hours ago, tomcctv said:

I am very familiar with the hack problems 

I did say your not going to like the answer. It is well documented there is no fix ... it is built into the software.  If you still have units working just don’t connect them to the internet. 
 

so what technical are you looking for ?

can you change software .... no ... only updates

but your system is 4 years out of updates last support from dahua 2017 .... this is why they won’t help

so what technical information are you looking for on a 7 year old system (2017 last update for 2013 upwards build)

also using remote apps and pps.... your system comes to end of life using DMSS as dahua will be removing that app this year .... it’s replaced by DMSS plus.. your unit is too old for the change

2013 to 2017 software build units 1000s got hit ..... not from hack coming into unit .... the unit created the path in and out of your network

what answer are you looking for

Here is what info I am looking for and let me add that I have 30 of the exact model unit and only experiencing the problem at 1 location so far.

1: Will changing the default port from 37777 to a non standard port prevent this particular hack? 

2: Disabling telnet - it is my understanding that this particular hack is done through the telnet feature although I do not know how do disable it. 



Thx

Share this post


Link to post
Share on other sites
5 hours ago, markebenson said:

1: Will changing the default port from 37777 to a non standard port prevent this particular hack? 

 2: Disabling telnet - it is my understanding that this particular hack is done through the telnet feature although I do not know how do disable it

Hi. This will only block whoever has access remotely and given the details 

both your above options are inbound connection ....... changing ports or passwords or even local Ip change every month or so is good security practice 

but your units build dates and software has outbound connection built in to software and you have no control over that.

other than not connecting units to internet 

P2P connection is the main problem ..... setup or not by you ..... the units still setup to a China server and that’s the pathway back to your units..... server is we’re the hack starts....... no port needed no password needed

dahua have paid a heavy cost over this use of software along with hikvision 

some of us have had to deal with a lot more than 30 units 

are all your units at one location or are you talking customers 

Share this post


Link to post
Share on other sites
20 hours ago, tomcctv said:

"P2P connection is the main problem ..... setup or not by you ..... the units still setup to a China server and that’s the pathway back to your units..... server is we’re the hack starts....... no port needed no password needed"

Please explain why our equipment would communicate to a China sever. We do not use ddns service. We use our own static ip.  I do all networking, we own our routers. No third party. The 30 units are at different locations. 

 

Thx

 

Share this post


Link to post
Share on other sites

Hi. 
 

45 minutes ago, markebenson said:

Please explain why our equipment would communicate to a China 

Because the software instructs you recorder to connect to China server same issue with hikvision .... that model was designed to do the connection

 

55 minutes ago, markebenson said:

I do all networking, we own our routers. No third party. 

The third party is your recorder P2P

even if you did not pick the P2P setup once recorder is connected to the internet it will setup

there is a device called the ARM plug which connects to network cable before it enters the recorder which detects unauthorised connection but it depends on your type of business if cost is viable.... are all systems individual customers or a corporate setup

what location are you in ?

for more about your problem google dahua hikvision ban 

also dahua botnet hack 2013 to 2017

Share this post


Link to post
Share on other sites

I am in Florida.

We use a router with a built in firewall. Both the Wan and  lan have a static ip. Ony port 37777 is open and for inbound only. Outbound traffic is blocked.

The dvr could only be using port 37777 or perhaps doing something over port 80 In which case port 80 can be taken off the menu in the dvr settings as well. I find no evidence of traffic with China in our router log. 

What i did find the last time this machine was hacked a few days ago is a login from an unknown IP which traces back to Poland. Would not changing or adding firewall rules to this port prevent reoccurance?    

 

 

dvr.jpg

Share this post


Link to post
Share on other sites
10 hours ago, markebenson said:

What i did find the last time this machine was hacked a few days ago is a login from an unknown IP which traces back to Poland. Would not changing or adding firewall rules to this port prevent reoccurance

The ip is Amsterdam being used in 3 locations in Poland so you can’t find the start

changing ports or passwords will not help .... you can sell your system on eBay to Mexico and the new owner will still have the problem

 

also don’t think it’s a little guy sitting at his computer attacking your system 

look at the time of each action in your log it’s all the same time which indicates an attack 

without a software change you can’t stop it other than remove dvr from internet

Share this post


Link to post
Share on other sites

Thank you for your input.  I know the passwords would make no difference. Its certainly a bug put on the net to mess with dvrs. Out of curiosity I have changed the port number. I will update the results in a month or two. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×