Amcrest NVR 4108-HS

Possible I suppose. I mean if there's a bunch of guys in east Tasmania using his cams to send Kamala fundraising links, it could get weird.

I would as @wittaj suggested, disconnect the NVR and cameras from the router, connect both to the switch, unplug the wireless cam, and see if things behave without internet

I'm gonna make another guess that you have the NVR port forwarded in the router to be able to see the cameras when you're not home?
 
Yeah I'd shut the cameras and NVR off.

Disconnect the cameras and NVR from the router

Reboot router

Start up cameras and NVR and see what the bandwidth usage is.

No way it is that high at those resolutions and bandwidth unless tons of connections are being made
 
OK I will change my setup, but it will mean that I will only have room for 6 cameras, unless I hook up another switch for that last camera. I think I have another 4 port switch, but I will have to dig it up. Will do that and report back.
Thank you.
 
  • Like
Reactions: bigredfish
For the test lets do the 6.

The bigger issue we are trying to figure out now is if you are hacked.
 
@bigredfish
you have the NVR port forwarded in the router
Click to expand...
No, NVR not port forwarded.

Cams and NVR separated from router
rebooted router
rebooted NVR

Setup:
NVR to 8 port switch
6 cams connected to 8 port switch
cable connected from 8 port switch to 4 port switch
1 camera connected to 4 port switch

**Note: Wireless cam not detected on NVR

Bandwidth reporting 86.71/88.00
All 7 cams showing on monitor
After 10 minutes cams 6 and 7 behind red lock
 
And there is zero way for the cameras or NVR to be accessing the NVR or cameras right now?

From your earlier post "4 cams at 640 x480x(VGA), 3 cams at 1280 x 720 (720P) are the lowest resoultions. 4 cams at bit rate 96, 3 cams at bitrate 520" there is no way that this is anywhere close to 86Mbps.

The red lock usually means access restriction, like it has been hacked and someone changed the password and now you can't see it.

It seems to me you are hacked or firmware is corrupt and changing something.
 
@wittaj
And there is zero way for the cameras or NVR to be accessing the NVR or cameras right now?
Click to expand...
I am guessing you mean accessing the router? When I took the NVR off the router I rebooted the router and after the reboot none of the cams were showing on the router.
After rebooting the NVR, I checked the cams and all were accessible through the main menu > Camera> Image
firmware is corrupt
Click to expand...
would this require resetting the NVR?
you are hacked
Click to expand...
Do you mean hacked in the router or the NVR? How do I check for this?
 
Pull out my 1969 Dr. Grabow Starfire and light up my last bowl of Bangel Slices watching.. Not sure how we went from a lock to thinking the OP was hacked?

My guess is corrupt FW.. Yes you would need to do a factory reset to correct, Was something that I mentioned that might be needed as that is how I have to correct one of my own systems starting years ago.. Personally not have had this issue with any of my NVRs.. Normally issues that come up for my systems after 4.5 to 5+ years is bad HDD.. But that isn't related to a lock..

Finding out if you were hacked can be hard at times within the level of the NVR.. Would need a good system logger or IP tracker to know if you have outside traffic.. In the Log of the NVR it might tell you if they made a connection normal terms. Yet if it was done over App or P2P then it would just show 127.0.0.1 and admin. Then it would be hard to know if that was not you unless you know for sure it was a time you were not accessing your system because of work meeting or asleep, because even when you access over app p2P that is what it would show.. However if your system logs showed an IP that wasn't your normal IP for connections then might be an issue.. But if your NVR isn't open to the Internet. Meaning you don't have it setup so you can just type in your WAN Ip the likely hood of someone hacking your system is VERY LOW.. To check. go to this address... canyouseeme.org and it will show your IP address and port 80 to start with. if you have changed your normal web port then enter the port number and check to see if your port is open to the internet..
 
Yeah Im not yet convinced he's hacked (but still not sure by description if he's completely off the router?).
But it makes no sense if he actually detuned the cameras to low bitrate etc that he's using 86 of 88 MB bandwidth.

@LaGraBow can you make sure the wireless cams are unplugged and dead? Nothing on that small network is attached to the router?

On Dahua NVRs there is a Factory default on the NVR Web GUI. Something like this. If you can find it and click that button it would be my next thing to try

defaultNVR.jpg
 
Last edited:
I mean we hope it is just corrupt firmware and not hacked, but the fact that he is at that high of bandwidth and after about 10 minutes he gets the red lock sure sounds like the cameras have hundreds of connections and someone changed the password and thus the red lock?

It would be interesting to see screenshots confirming the NVR is really seeing these low resolution/bitrates and a log of the connections. Like you said a backdoor exploit may not show on the log, but something certainly is not right unless there is another piece of important information being left out.
 
@bigredfish
My NVR and cams are separate from my router [no cable]
I cannot get to the NVR Web GUI because my NVR is not connected to my router.
I only have access to my NVR and cams through the NVR GUI on my monitor.
Shall I hook NVR back into the router?

@Revo2Maxx
When I go to www.canyouseeme.org it shows my outside ip address and when I click on check port it states that "it could not see the service" at that IP address.

@wittaj
piece of important information being left out.
Click to expand...
Like ??

It would be interesting to see screenshots confirming the NVR is really seeing these low resolution/bitrates and a log of the connections
Click to expand...
I can provide screen shots if you tell me what you would like to see, but I would have to reconnect my NVR, et all back to my router.
 
GUI of the Amcrest 41xx using 4.0 Firmware.

Issue is that 10min is the default auto logout.. if someone hacked a system and was to lock out a channel then it would be locked out even if you were logged in as admin.. There are ways on the Amcrest to get it to lock and as I have shown isn't easy to make the mistake.. Plug just going to the areas shown in other post of the thread could be easy to know if that was the issue.. Don't seem like it is.. So that leaves only 1 other thing.. Something I posted about back in 2019 on Amcrest Forum.. So it isn't like I am just dreaming this up. it something that has already been done on a different system. Was corrected by a Factory reset because all areas that would have the Lock was not the issue.. So only cure was a factory reset.. Just trying to offer help with what I have done in the past..
 

Attachments

  • Screenshot (4095).png
    Screenshot (4095).png
    93.2 KB · Views: 0
  • Like
Reactions: bigredfish
Seeing it can't see your system says to me that them hacking your system is VERY LOW They would need to know your SN and your password to be able to hack your system from outside of your own personal network. Then on top of that someone that would hack you isn''t going to lock a channel or 3 in your case but change your password to lock you out as a whole..
 
  • Like
Reactions: bigredfish
Oh just re-read your post about not having your NVR connected to the router.. connect the NVR back to the router and do the test again with canyouseeme.org.. If the NVR is open but not connected at the time you did test it very well could be that it was just not detected because the open port device Your NVR wasn't connected at the time of the test..
 
Does that NVR have a page that shows the resolution being received from each camera?
 
@LaGraBow personally i would edit and remove your IP from the forum listing.. Just saying..

Yes but can I see a picture of your Camera page for total used because that don't translate into what you were saying that you were using?
 

Attachments

  • Screenshot (4098).png
    Screenshot (4098).png
    87.7 KB · Views: 0
Last edited:
  • Like
Reactions: bigredfish
Yeah so that confirms that the bandwidth should be way lower than you are seeing. It should be under 1Mbps (0.80)
 
  • Like
Reactions: bigredfish
per @Revo2Maxx the default screen should look like this in the machine interface. Factory Default

Screenshot (4095).png
 
Last edited:
You must log in or register to reply here.
Top Bottom