How to kick a connected blue iris user?

haynstyle

n3wb
Joined
Apr 20, 2015
Messages
9
Reaction score
2
How do I go about kicking a blue iris connected user? If I have a user that is logged in remotely, I want to remove them from the console.
 

cainrand

Getting the hang of it
Joined
Mar 15, 2017
Messages
112
Reaction score
20
Location
Grand Rapids, MN
I don't know about 'kicking' a user from being connected but if you have a user you do not want to connect then you could just remove them via the Options/Users menu - or disable their access even.
 

srglassw

Getting the hang of it
Joined
Jun 17, 2014
Messages
89
Reaction score
27
Location
Vancouver Island, BC, Canada
How do I go about kicking a blue iris connected user? If I have a user that is logged in remotely, I want to remove them from the console.
Are you asking about dropping a "User" or dropping a "Connected session"? If its a "Connected session" I would like to know this too. The only way I know is to stop and restart the Blue Iris service.
 

cainrand

Getting the hang of it
Joined
Mar 15, 2017
Messages
112
Reaction score
20
Location
Grand Rapids, MN
I can't imagine why there would be a need to 'kick' a user from BI?

I mean, if you set up a user account for that person to access BI then why do you need to "kick" them? It isn't like some game where the user is being obnoxious in chat but if the user shouldn't be on BI then they shouldn't have an account set up.

On the other hand, if you have someone connected to your BI that shouldn't be there, (like a device connection showing in the Status/Devices window - in which case they are then using your account to access BI) then you have a security issue to address - like first disable the webserver for BI then check all computers you use to connect to BI for malware, keyloggers, etc and then change your BI password to something more secure.
 

haynstyle

n3wb
Joined
Apr 20, 2015
Messages
9
Reaction score
2
cainrand, thank you. I have currently vlan'd all of the camera's and the BI into a separate lan and have secured that as much as possible. There is only one account active on the BI system which is the account I use for remote access outside of my house. But the other day, in my status window, there was a message that someone from CHINA had logged into the console somehow. I am not sure what or how this happened or if there is a backdoor to my foscam systems, but this was a bit concerning. As a short measure, I am currently going through all of my systems and making sure they are clean but dont know what else to do.

The latest example is that i have someone logged into the BI server with object name 'SERVER' and message 'Connected: 222.216.206.150' which resolved to an address in china. They are not using an user account to log in though just a direct server address to which I have blocked.
 
Last edited:

Nanookofthenorth

Young grasshopper
Joined
Jul 13, 2014
Messages
84
Reaction score
17
The latest example is that i have someone logged into the BI server with object name 'SERVER' and message 'Connected: 222.216.206.150' which resolved to an address in china. They are not using an user account to log in though just a direct server address to which I have blocked.
I'm guessing that the "elapsed" time for that IP address is either :00 or :01 and the frames are 0 (zero).
 

cainrand

Getting the hang of it
Joined
Mar 15, 2017
Messages
112
Reaction score
20
Location
Grand Rapids, MN
I'm guessing that the "elapsed" time for that IP address is either :00 or :01 and the frames are 0 (zero).
That is a good point/question - and would you say if the time is :00 or :01 it means an unsuccessful attempt to gain access?


Haynstyle: I am no security expert, more a "jack of all trades and master of none."

I don't see how it would be possible to get information from your Foscam about your BI installation, so I think a backdoor to the foscam is safe to rule out.

As for BI Users, first thing I did was create another admin account with a ridiculously long name and password then disable the built in admin.
 

Nanookofthenorth

Young grasshopper
Joined
Jul 13, 2014
Messages
84
Reaction score
17
There is a three step process to resolve this:
1. Check the traffic in the Foscam utility.
2. Change the password in the Foscam utility.
3. Take the Foscam cameras out back and properly discipline them with 12 gauge buckshot! :)
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
As for BI Users, first thing I did was create another admin account with a ridiculously long name and password then disable the built in admin.
You dont want to disable the built in admin account..it will prevent you from viewing clips after you restart..
if you dont set a password, it will simply not connect....or you can add a long password to that account...you can also disable wan access for it.
 

cainrand

Getting the hang of it
Joined
Mar 15, 2017
Messages
112
Reaction score
20
Location
Grand Rapids, MN
You dont want to disable the built in admin account..it will prevent you from viewing clips after you restart..
if you dont set a password, it will simply not connect....or you can add a long password to that account...you can also disable wan access for it.
I have it disabled and everything is working - it has been disabled for along time actually. I still have an admin account, just recreated another one with, as mentioned, a ridiculously long name. Perhaps I could have just changed the name on the built in 'admin' but since I wasn't sure if changing that account name would cause other problems, I just disabled it. Its just an automatic thing for me, to always get away from the built in admin because the built in admin is public information, for the most part.
 

haynstyle

n3wb
Joined
Apr 20, 2015
Messages
9
Reaction score
2
cainrand is right, I have had the admin account disabled for a while now with a separate account created and the system works fine. The default password on the camera's has been changed as well to a much longer passcode. But now I am going to my router and filtering ranges of addresses that are only hitting that ip. I just dont understand how they are finding that external ip.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I have it disabled and everything is working - it has been disabled for along time actually. I still have an admin account, just recreated another one with, as mentioned, a ridiculously long name. Perhaps I could have just changed the name on the built in 'admin' but since I wasn't sure if changing that account name would cause other problems, I just disabled it. Its just an automatic thing for me, to always get away from the built in admin because the built in admin is public information, for the most part.
To be clear..the admin account is still there and active, that is why blue iris regenerates it if you delete it. BI simply blocks remote access from that account. If you for example, disable "view recorded clips" in the admin account you will NOT be able to view your clips list.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
cainrand is right, I have had the admin account disabled for a while now with a separate account created and the system works fine. The default password on the camera's has been changed as well to a much longer passcode. But now I am going to my router and filtering ranges of addresses that are only hitting that ip. I just dont understand how they are finding that external ip.
see my post above with respect to the admin account.
Why are you surprised that they are finding your ip, they scan the internet all day long. Setup a vpn.
 

cainrand

Getting the hang of it
Joined
Mar 15, 2017
Messages
112
Reaction score
20
Location
Grand Rapids, MN
To be clear..the admin account is still there and active, that is why blue iris regenerates it if you delete it. BI simply blocks remote access from that account. If you for example, disable "view recorded clips" in the admin account you will NOT be able to view your clips list.
One would think that since it is disabled, nothing with that account would work. To test what you said I enabled it, edited it and unchecked the view clips, etc, then disabled it and restarted. Even though I have another admin account set up to view clips, I was not able to view clips.

So, Thank you for that clarification.
 
Top