Dahua Cameras hacked

hdtvjeff

Getting the hang of it
Nov 19, 2014
216
19
I guess this link and screen cap from web interface says it

The channel title is populated with garbage text that shows up on BI too in addition to web interface
Factory reset camera made a really secure PW and still comes back
Any solution
Mainly 6 mp and 3mp IPC cameras some not with firmware purgeable like ipc a35 ad the 4631 models

Any help deeply appreciated

I do use port forwarding on my router as I don't know how to do it any other way

I did disable channel title box but later on it comes back enable with the junk text in it

TY

Jeff


.
 

Attachments

  • dahua1.JPG
    dahua1.JPG
    26 KB · Views: 73
Last edited:
Most likely the camera(s) are getting hacked because one or more of them is directly accessible from the internet via port forwarding.

The good news is, because you use Blue Iris, all your remote access should be handled by Blue Iris's web server. You do not need to have any cameras port forwarded in order to do remote access. So you should do these three things:

1. In your router, delete all port forwarding rules where the target is one of your cameras.
2. In your router, find the UPnP feature and turn it off (this is an automatic port forwarding feature which cameras try to use). Depending on the router it may then be a good idea to reboot the router in case the router is buggy and does not clear the appropriate states right away when turning off UPnP.
3. Once #1 and #2 are done, factory reset all cameras once again.

Most likely whatever was done to the cameras is not sophisticated enough to survive through a factory reset. But as an extra precaution, you could take steps to prevent the cameras from having internet access. That would require more education but there are guides on this forum for how to accomplish it via the use of a second network adapter in the Blue Iris machine. That is one of the most foolproof methods to prevent cameras from being hacked and furthermore to prevent them from accomplishing their malicious deeds if they do happen to have persistent malware on them.
 
Most likely the camera(s) are getting hacked because one or more of them is directly accessible from the internet via port forwarding.

The good news is, because you use Blue Iris, all your remote access should be handled by Blue Iris's web server. You do not need to have any cameras port forwarded in order to do remote access. So you should do these three things:

1. In your router, delete all port forwarding rules where the target is one of your cameras.
2. In your router, find the UPnP feature and turn it off (this is an automatic port forwarding feature which cameras try to use). Depending on the router it may then be a good idea to reboot the router in case the router is buggy and does not clear the appropriate states right away when turning off UPnP.
3. Once #1 and #2 are done, factory reset all cameras once again.

Most likely whatever was done to the cameras is not sophisticated enough to survive through a factory reset. But as an extra precaution, you could take steps to prevent the cameras from having internet access. That would require more education but there are guides on this forum for how to accomplish it via the use of a second network adapter in the Blue Iris machine. That is one of the most foolproof methods to prevent cameras from being hacked and furthermore to prevent them from accomplishing their malicious deeds if they do happen to have persistent malware on them.


I think I am so misinformed it's pathetic

I have used port forwarding alone with local PC with PC not on.

I think you are alluding to letting BI being always on doing the work

BI has for each camera its WAN address and ports used on router

I was always afraid that without port forwarding and BI using LAN ips I wouldn't be able to view cameras at a different location running BI or on my smartphone

I hope this makes sense and thank you

Newer 8mp cameras were not affected only international variants like the 4631 and ipc a35

jeff
 
Yes, Blue Iris is meant to be run 24/7 and provide all of the remote access to the cameras through itself.

Oh, so Blue Iris is not on-site with all the cameras? That does complicate things. The optimal solution in that case is probably to use site-to-site VPNs for remote access to the cameras (instead of port forwarding). That is not usually easy to set up though. Having all Ubiquiti Unifi routers would make it easier as you could use the "Site Magic" VPN feature to link them together without really needing to know how to configure a VPN.

Otherwise if your routers port forwarding features allow you to specify a source IP address or IP range in the port forwarding rules, you could use that to make sure the entire internet is not allowed to use your port forwards to access the cameras. That capability is often not available in ISP-provided routers.
 
Yes, Blue Iris is meant to be run 24/7 and provide all of the remote access to the cameras through itself.

Oh, so Blue Iris is not on-site with all the cameras? That does complicate things. The optimal solution in that case is probably to use site-to-site VPNs for remote access to the cameras (instead of port forwarding). That is not usually easy to set up though. Having all Ubiquiti Unifi routers would make it easier as you could use the "Site Magic" VPN feature to link them together without really needing to know how to configure a VPN.

Otherwise if your routers port forwarding features allow you to specify a source IP address or IP range in the port forwarding rules, you could use that to make sure the entire internet is not allowed to use your port forwards to access the cameras. That capability is often not available in ISP-provided routers.


Netgear nighthawk router not ISP provided

I have BI on site when my PC is on. Just don't have the skillset to enable the cameras by lan or make them viewable elsewhere

Again thanks, might just chuck the cams with 7 year old firmware and replace with dahu new ones with 2024 software, would that solve issue?
 
  • Like
Reactions: Flintstone61
  • Like
Reactions: Flintstone61