Help! Lots of IPC offline events and can't connect to cameras - can't figure out what's wrong

[TommyR]

Hi Everyone,

About 2 months ago I bought Dahua NVR NVR5216-4KS2, 3 cameras IPC-HDW5231R-Z and PoE switch TP-LinkTL-SG2210P.

Everything was working fine for about a month, I set up IVS rules on all cameras but decided not to receive alerts and instead just check playback in SmartPSS periodically. For about 3 weeks I didn't check any footage and today was shocked to find out the whole system doesn't really work anymore.

I'm unable to connect to cameras and NVR from browser using local network IP address most of the time (occasionally it allows to connect to cameras but not NVR). I can connect to NVR using SmartPSS though. SmartPSS has lots of black on the timeline of all cameras, with each having unique pattern every day.

I thought it's PoE switch but other devices connected to it (Synology NAS & WD TV live) don't have constant disconnection issue. The problem is I don't even remember how to access switch's Web UI...

Any help would be greatly appreciated!

Thanks,
Tommy

 

[JohnZ]

Your switch's default login is 192.168.0.1 and admin/admin for login/pw

TP-LINK TL-SG2210P INSTALLATION MANUAL Pdf Download.

A simple IP conflict could cause everything to go haywire- powercycle your router and all switches.
There are IoT malware bots hitting all over the web.. I had about 13 cams bite the dust out of 100 because my coworker set the routers DMZ to one of them. Make sure they aren't open to the web directly and they arent bricked..
You will need to isolate your nvr first.. then connect cameras one by one to rule out if its one causing the problem, or the switch/router is causing it.
Black lines sounds alot like HDD issues- are you running an NVR in RAID? if you have multiple drives you may want to run diagnostics on your drives.
Good luck

 

[TommyR]

Hi John,

Thanks a lot for your response and ideas. I now believe it's malware attack. A month ago I was playing with allowing remote access using port forwarding on my Internet router. I didn't manage to access it myself but left it exposed still. A few days ago I removed port forwarding and yesterday the cameras got back to normal - no black lines anymore, all 3 at once. I still can't access NVR via browser using IP, will keep working on it.

Could you please tell me more about this situation with the cams you got infected?

Thanks,
Tommy

 

[TommyR]

Managed to access the NVR - somehow HTTP port was changed by itself (or by malware) from 80 to 8000.

 

[looney2ns]

If you believe you have been botted, remove the power from everything that is on your network. Cams, smarttv's, switches, modem, the router it's self, the NVR, etc. Wait 5 minutes, then power everything back up. This should remove any infections of that type.
You also want to block the cams from accessing the internet in your router.

 

[TommyR]

Thanks looney2ns! Looks like removing port forwarding rules from the router helped. Could you please tell me why waiting 5 minutes can help get rid of malware? Also, I changed default admin password to a generated one - not sure how bots managed to get in.

 

[looney2ns]

Thanks looney2ns! Looks like removing port forwarding rules from the router helped. Could you please tell me why waiting 5 minutes can help get rid of malware? Also, I changed default admin password to a generated one - not sure how bots managed to get in.

Bots typically take up residence in the ram/memory of the device. Powering down erases them. Port forwarding is one way they get in. Search for VPN for noobs on here.

 

[TommyR]

Thanks for your explanation! What I meant by not being sure how they got in is the cameras weren't secured by default password. Was it supposed to be secured? Thanks, will search for VPN.

 

[Sander kerkhoff]

Dont you have this problem?
Dahua Starlight IPC-HDW5231RN-Z not working :(

 

[looney2ns]

Thanks for your explanation! What I meant by not being sure how they got in is the cameras weren't secured by default password. Was it supposed to be secured? Thanks, will search for VPN.

Read here: Dahua latest stable firmware + Best Practice Reminder

 

[JohnZ]

I have 15 cams that will not give an IP address

I use Dahua IPC HD-4300C The Generic Amazon cams with a memory card
I changed the http ports to 10148/10149 /10150 however my coworker decided to DMZ the router to 10148 because it was easier than "port forwarding" from 80 to 10148..
So I have 100 of these cams in operation.. and all of the ones that were on DMZ stopped working end of April

If you dont know what DMZing is.. or the severity of it when it comes to internet security...

If not changing your default admin/admin is like leaving your door unlocked..
DMZing is like standing in your doorway naked screaming "IM BENT OVER COME AND GET IT"
Its literally the firewall being turned off completely allowing all ports to get attacked all day/all night until the cam bricks or gets exploited.


I have them in hand now..
They power on
They do not accept a reset... ( yes ive tried 6 ways from sunday resetting them)
They do not give an IP address no matter what you do to them..

They are bricked... Without being able to get an IP ( and trust me i tried everything) I know what to do all the way down to TFTP and SSHing into them,. but those require a network IP- So I think im at the stage where I need to get a modchip and literally reflash the bios on these things because whatever hit it.. completely destroyed its operation.
Im at least 2000 in the hole now..
and DAHUA won't even talk to me on the phone... Telling me I need a cctv company.... I AM THE CCTV COMPANY.. Im in house IT for my company... just extremely frustrating having to deal with this...

You get what you pay for folks... Remember that =)

 

[beingaware]

Hi Everyone,

About 2 months ago I bought Dahua NVR NVR5216-4KS2, 3 cameras IPC-HDW5231R-Z and PoE switch TP-LinkTL-SG2210P.

Everything was working fine for about a month, I set up IVS rules on all cameras but decided not to receive alerts and instead just check playback in SmartPSS periodically. For about 3 weeks I didn't check any footage and today was shocked to find out the whole system doesn't really work anymore.

I'm unable to connect to cameras and NVR from browser using local network IP address most of the time (occasionally it allows to connect to cameras but not NVR). I can connect to NVR using SmartPSS though. SmartPSS has lots of black on the timeline of all cameras, with each having unique pattern every day.

I thought it's PoE switch but other devices connected to it (Synology NAS & WD TV live) don't have constant disconnection issue. The problem is I don't even remember how to access switch's Web UI...

Any help would be greatly appreciated!

Thanks,
Tommy

See my post here: Dahua latest stable firmware + Best Practice Reminder

 

[TommyR]

Hi JohnZ, looney2ns & beingaware

Thanks a lot for your help, the issue has now been fully solved - no problems for 6 weeks now. I was away for one month, but before leaving managed to setup VPN using my synology box and dynamic DNS service offered by synology (I don't have static IP-address). I also bought gDMSS (paid version allows to receive push notifications). Everything was working fine during this months - I was able to view live stream online, view playback and received notifications.

 

[beingaware]

Hi JohnZ, looney2ns & beingaware

Thanks a lot for your help, the issue has now been fully solved - no problems for 6 weeks now. I was away for one month, but before leaving managed to setup VPN using my synology box and dynamic DNS service offered by synology (I don't have static IP-address). I also bought gDMSS (paid version allows to receive push notifications). Everything was working fine during this months - I was able to view live stream online, view playback and received notifications.

Glad to hear that we could be of help.