How to kick a connected blue iris user?

H

haynstyle

n3wb
Apr 20, 2015
9
2
How do I go about kicking a blue iris connected user? If I have a user that is logged in remotely, I want to remove them from the console.
 
I don't know about 'kicking' a user from being connected but if you have a user you do not want to connect then you could just remove them via the Options/Users menu - or disable their access even.
 
I can't imagine why there would be a need to 'kick' a user from BI?

I mean, if you set up a user account for that person to access BI then why do you need to "kick" them? It isn't like some game where the user is being obnoxious in chat but if the user shouldn't be on BI then they shouldn't have an account set up.

On the other hand, if you have someone connected to your BI that shouldn't be there, (like a device connection showing in the Status/Devices window - in which case they are then using your account to access BI) then you have a security issue to address - like first disable the webserver for BI then check all computers you use to connect to BI for malware, keyloggers, etc and then change your BI password to something more secure.
 
cainrand, thank you. I have currently vlan'd all of the camera's and the BI into a separate lan and have secured that as much as possible. There is only one account active on the BI system which is the account I use for remote access outside of my house. But the other day, in my status window, there was a message that someone from CHINA had logged into the console somehow. I am not sure what or how this happened or if there is a backdoor to my foscam systems, but this was a bit concerning. As a short measure, I am currently going through all of my systems and making sure they are clean but dont know what else to do.

The latest example is that i have someone logged into the BI server with object name 'SERVER' and message 'Connected: 222.216.206.150' which resolved to an address in china. They are not using an user account to log in though just a direct server address to which I have blocked.
 
Last edited:
haynstyle said:
The latest example is that i have someone logged into the BI server with object name 'SERVER' and message 'Connected: 222.216.206.150' which resolved to an address in china. They are not using an user account to log in though just a direct server address to which I have blocked.
Click to expand...
I'm guessing that the "elapsed" time for that IP address is either :00 or :01 and the frames are 0 (zero).
 
  • Like
Reactions: fenderman
Nanookofthenorth said:
I'm guessing that the "elapsed" time for that IP address is either :00 or :01 and the frames are 0 (zero).
Click to expand...
That is a good point/question - and would you say if the time is :00 or :01 it means an unsuccessful attempt to gain access?


Haynstyle: I am no security expert, more a "jack of all trades and master of none."

I don't see how it would be possible to get information from your Foscam about your BI installation, so I think a backdoor to the foscam is safe to rule out.

As for BI Users, first thing I did was create another admin account with a ridiculously long name and password then disable the built in admin.
 
There is a three step process to resolve this:
1. Check the traffic in the Foscam utility.
2. Change the password in the Foscam utility.
3. Take the Foscam cameras out back and properly discipline them with 12 gauge buckshot! :)
 
  • Like
Reactions: looney2ns
cainrand said:
As for BI Users, first thing I did was create another admin account with a ridiculously long name and password then disable the built in admin.
Click to expand...
You dont want to disable the built in admin account..it will prevent you from viewing clips after you restart..
if you dont set a password, it will simply not connect....or you can add a long password to that account...you can also disable wan access for it.
 
fenderman said:
You dont want to disable the built in admin account..it will prevent you from viewing clips after you restart..
if you dont set a password, it will simply not connect....or you can add a long password to that account...you can also disable wan access for it.
Click to expand...

I have it disabled and everything is working - it has been disabled for along time actually. I still have an admin account, just recreated another one with, as mentioned, a ridiculously long name. Perhaps I could have just changed the name on the built in 'admin' but since I wasn't sure if changing that account name would cause other problems, I just disabled it. Its just an automatic thing for me, to always get away from the built in admin because the built in admin is public information, for the most part.
 
cainrand is right, I have had the admin account disabled for a while now with a separate account created and the system works fine. The default password on the camera's has been changed as well to a much longer passcode. But now I am going to my router and filtering ranges of addresses that are only hitting that ip. I just dont understand how they are finding that external ip.
 
cainrand said:
I have it disabled and everything is working - it has been disabled for along time actually. I still have an admin account, just recreated another one with, as mentioned, a ridiculously long name. Perhaps I could have just changed the name on the built in 'admin' but since I wasn't sure if changing that account name would cause other problems, I just disabled it. Its just an automatic thing for me, to always get away from the built in admin because the built in admin is public information, for the most part.
Click to expand...
To be clear..the admin account is still there and active, that is why blue iris regenerates it if you delete it. BI simply blocks remote access from that account. If you for example, disable "view recorded clips" in the admin account you will NOT be able to view your clips list.
 
  • Like
Reactions: cainrand
haynstyle said:
cainrand is right, I have had the admin account disabled for a while now with a separate account created and the system works fine. The default password on the camera's has been changed as well to a much longer passcode. But now I am going to my router and filtering ranges of addresses that are only hitting that ip. I just dont understand how they are finding that external ip.
Click to expand...
see my post above with respect to the admin account.
Why are you surprised that they are finding your ip, they scan the internet all day long. Setup a vpn.
 
fenderman said:
To be clear..the admin account is still there and active, that is why blue iris regenerates it if you delete it. BI simply blocks remote access from that account. If you for example, disable "view recorded clips" in the admin account you will NOT be able to view your clips list.
Click to expand...

One would think that since it is disabled, nothing with that account would work. To test what you said I enabled it, edited it and unchecked the view clips, etc, then disabled it and restarted. Even though I have another admin account set up to view clips, I was not able to view clips.

So, Thank you for that clarification.
 
  • Like
Reactions: fenderman
You must log in or register to reply here.
Top Bottom