I made a better remote-live-view page [OLD]

[birdfeedercams]

bp2008;
My blue iris is visible now on my LAN. When I forward the port (now 81) it is visible on my WAN address as well.
I don't know which of the things I did (mentioned in a previous post, re-start BI, reboot computer, changed port etc
resulted in BI becoming visible on my LAN again, but I'm happy that it is.

Also I had not realized that you can use ports within the LAN and they work - without forwarding them. I had always t hought that on the LAN no ports were used or necessary. Now I see that if a camera HAS a port number it needs to be used to see it on the LAN (w/o BI). To see it on the WAN
that port must also be forwarded or else the BI port 81 must be forwarded to see BI at my WAN address.

Another thing that "showed up" this morning was two of my cameras had "motion" trigger turned on - which I did NOT do. Perhaps restarting BI
did that? No I wouldn't think so. But last night I had some IP connections which are ugly when checked on AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
so maybe one of those intruders turned on motion triggering? 66.240.236.119 was a "baddie". The timing does not match exactly but only misses by minutes.

So I'm pretty happy for the most part, but I am getting unwanted connections showing up in BI if port 81 is forwarded so I closed the forwarding
down (for BI and ALL cameras) and I am looking more into VPN. One article I found tells how to use windows 7 to do a VPN. Any ideas whether or not that is good enough?

 

[actran]

@birdfeedercams The easiest way to setup VPN is to use a router that an admin web UI with an intuitive VPN configuration screen.

Recent Asus routers are quiet popular. It's what I bought.

Asuswrt-Merlin

 

[birdfeedercams]

Thank you actran I'll look into Asus routers. When one has a DSL modem for their internet and attaches a router like the Asus, doesn't having
two devices like that make things complicated? There's already a windows firewall and an antivirus program to deal with...

 

[Q™]

I have four (4) Asus RT-AC68U units, 1 at home and 3 at work. They are solid; no complaints

 

[actran]

@birdfeedercams I have AT&T Uverse. They provide a modem/router but I do not trust AT&T not to snoop or have backdoor so I use an Asus router and put all my equipment behind that. I understand it may be more complicated but sometimes protecting your local network requires taking the necessary steps. If an intruder was able to access your local network, Windows firewall and antivirus does NOT prevent intruder from monitoring your local traffic (and at a minimum track what websites you surf.)

 

[bp2008]

Another thing that "showed up" this morning was two of my cameras had "motion" trigger turned on - which I did NOT do. Perhaps restarting BI
did that? No I wouldn't think so. But last night I had some IP connections which are ugly when checked on AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
so maybe one of those intruders turned on motion triggering? 66.240.236.119 was a "baddie". The timing does not match exactly but only misses by minutes.

Yikes. Restarting BI shouldn't cause your settings to change. It certainly is possible for someone with an administrative Blue Iris session to enable motion detection, though why they would do such a thing is beyond me.

So I'm pretty happy for the most part, but I am getting unwanted connections showing up in BI if port 81 is forwarded so I closed the forwarding
down (for BI and ALL cameras) and I am looking more into VPN. One article I found tells how to use windows 7 to do a VPN. Any ideas whether or not that is good enough?

Windows does have a built in VPN server that can be enabled, but isn't very user-friendly and it is more complicated doing port forwarding to a PPTP VPN like that because it uses different protocols than usual web traffic. Check your router for a VPN server feature and use that if it is available, since it should be a lot easier.

 

[birdfeedercams]

bp2008; I just remembered that when I found the two motion triggers turned on and the unfamiliar IP traffic in the "connections" tab
of .... (?) ... I looked at the USERS settings and found there was a guest user check-marked as enabled. I know for a fact I had made sure only the day before that ONLY one user was enabled - me. Needless to say I am not forwarding even port 81 for BI at this point.

Still I have read that some IP cameras have backdoors the manufacturers ( and who knows who else) can get into cameras if there is a port open. I wonder if they even need to have an open port. Might there be some other built-in mechanism that provids access?
One brand, Dericam (an older M801W model) requires that a port be set in the camera's software. Somehow it opens/forwards that port even if the modem does not show it as forwarded. I checked it being open on "canyouseeme.org" just a while ago and it was open. Is there a way to use the modem to CLOSE a port like that even if the modem is not forwarding it?
Another camera has a port set in it's remote access settings. http port 86 and some media port 34567.
Neither are used by Blue Iris. I've never been able to view that camera even on my LAN except by using Blue Iris. I think most of the bad IP traffic I had last night was a connection to that camera (ZONEWAY)

 

[bp2008]

Blue Iris does a few strange things with users that I don't really understand. Safest to use a VPN as you are beginning to realize.

Your camera probably had forwarded its port using "UPnP" which is that horrible router feature that lets devices forward ports to themselves without your permission. And, often, without there even being an easy way to find out what ports got forwarded to where. Disable UPnP in the router and that shouldn't be able to happen again.

The last risk is that the camera (or any device, really) will open a connection to an outside server. This is often done to enable integrations with the manufacturer's "cloud-based" remote access systems and in many cases it provides the manufacturer a backdoor into your camera even if you haven't got a port forwarded. This is why a lot of us block internet access to our cams.

 

[encoad]

I will test out from other subnet tomorrow.

The other issue that I'm having is a strange one. When look at a live view, the images on at least one camera are cut off. But on the alerts and clips, I can view the entire image. Any ideas?

 

[bp2008]

Check the camera properties, video tab. There are settings for anamorphic and region of interest that could be causing this. Region of interest in particular does cropping.

Your recording has the full FOV because it has direct-to-disk enabled I suspect, so whatever is cropping the live stream can't affect the recording.

The recording also looks squished, which might be the anamorphic setting at work.

 

[encoad]

First I'd like to thank bp2008 for such a great interface. Your hardwork is really evident here.

I am however having a very small problem. When I use UI2 from the same subnet (for example, BI is 192.168.1.100 and my IP is 192.168.1.150), everything works great.

However, when I access UI2 from another subnet (for example, I'm at 192.168.2.123), every time I visit the page, it requires a refresh/auto-relogin. I can quite literally be viewing the UI2 pages, switch tabs, switch back and it needs to relogin.

Any ideas why?

So it looks like my issue went away on its own, I'm not sure what it was exactly? Maybe a glitch in Chome?

 

[encoad]

Check the camera properties, video tab. There are settings for anamorphic and region of interest that could be causing this. Region of interest in particular does cropping.

Your recording has the full FOV because it has direct-to-disk enabled I suspect, so whatever is cropping the live stream can't affect the recording.

The recording also looks squished, which might be the anamorphic setting at work.

I disabled Areas of Interest and it appears to be working as expected. Thanks for the help.

 

[anijet]

...............This is why a lot of us block internet access to our cams.

What is the best way to do this?

 

[bp2008]

The best way is to not plug them in to a network that has internet access (e.g. never wire the PoE switch in to the router, but wire it directly to the NVR).

Next best I'd say is to have the router block them from accessing the internet. Many routers have an Access Restriction feature (maybe called Firewall or Parental Controls or something) that lets you block Internet access for specific addresses.

If that isn't an option either, you can typically prevent a camera from going online by giving it a static IP address with the gateway field filled in with the camera's own IP address.

 

[gtj]

Hi Brian,

I run version 18.3 Ui2 and I get a notification at start to update to 18.4. However, when I unzip the files into ''www'' folder and restart the BI server, I'm still on 18.3.

What am I doing wrong?

 

[handinpalm]

I have four (4) Asus RT-AC68U units, 1 at home and 3 at work. They are solid; no complaints View attachment 23124

Roger that on the Asus routers for Open VPN. They also make it very easy to block internet access to your cams, or anything on your LAN. Have tried many other top router vendors in the past, with bad experiences.

 

[birdfeedercams]

Blue Iris does a few strange things with users that I don't really understand. Safest to use a VPN as you are beginning to realize.

Your camera probably had forwarded its port using "UPnP" which is that horrible router feature that lets devices forward ports to themselves without your permission. And, often, without there even being an easy way to find out what ports got forwarded to where. Disable UPnP in the router and that shouldn't be able to happen again.

The last risk is that the camera (or any device, really) will open a connection to an outside server. This is often done to enable integrations with the manufacturer's "cloud-based" remote access systems and in many cases it provides the manufacturer a backdoor into your camera even if you haven't got a port forwarded. This is why a lot of us block internet access to our cams.

I've got an ASUS AC68U coming tomorrow from Amazon. Excited about this.

The Dericam I mentioned (an old M801W) has a UPnP setting which I found yesterday now that I looked for it. I turned it off and sure enough the port it was forwarding shut down. And yes the ACTIONTEC C1000A modem from CenturyLink (my ISP) also has a UPnP with the option to activate/deactivate. Disabling that might possibly shut down a port I don't know about on the ZONEWAY camera. That's the camera I think probably is the most dangerous on my system. The VPN should go even futher toward putting the kibash on the risks there.

NFL GAMES using VPN??
While researching VPN articles I came across an article about using a VPN to access an international server to stream NFL games by buying gamepass
from a European country. That game pass version is spendy ~$199 - but if, like me, you don't have access to LiveTV or Satellite or even CABLE ESPN, this provides a way to stream all NFL games including the playoffs and Superbowl . He says you can chromecast it to your TV too. That raised my eyebrows! As far as I know, it is not illegal to do this, but what I know about that isn't much, so I am not suggesting anyone do this. Here's the article about it. (This uses a VPN server in another country, so it is not what is being advocated for us on this forum for our cameras and NVRs.
How to Stream Every NFL Game Live, Without Cable

 

[bp2008]

Hi Brian,

I run version 18.3 Ui2 and I get a notification at start to update to 18.4. However, when I unzip the files into ''www'' folder and restart the BI server, I'm still on 18.3.

What am I doing wrong?

I don't know. I just double-checked and the latest version on here is definitely 0.18.4.

You don't need to restart the BI server but you do need to refresh the page in the browser.

While researching VPN articles I came across an article about using a VPN to access an international server to stream NFL games by buying gamepass from a European country.

I tried this for Netflix once, but since Netflix has contractual obligations to prevent people from doing this, they won't let you stream anything if they think you are using a VPN/proxy. I had even rented a virtual server and installed my own VPN on it so that there wouldn't be anyone else using the IP address for a VPN/proxy server, and they figured it out within 2 days and blocked me from continuing!

 

[gtj]

I don't know. I just double-checked and the latest version on here is definitely 0.18.4.

You don't need to restart the BI server but you do need to refresh the page in the browser.

That's strange. I also tried to install beta ui3 but it ruined my ui3 01 (the version you had uploaded on github for a while now). Now not only ui3 beta doesn't work but the ''old'' ui3 also crashes.

My only working page now is ui2.htm version 0.18.3

Which files should I delete in order to re-install the pages from scratch? Thanks!

 

[bp2008]

Which files should I delete in order to re-install the pages from scratch? Thanks!

Several of the files are provided both by UI2 and UI3.

Files:

livestream.htm
login.htm
timeout.htm
ui2.htm
ui3.htm

Folders:

clappr
ui2
ui3
ui3beta

Also two files inside the applet folder which are used by the custom login page:

loginScripts.js
loginStyles.css