Multiple "SuperAdmin" Logins?!?

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
I was looking into the logs of my DS-7608NI-I2/8P as I'd been experiencing what seemed to be sporadic restarts. It's something much stranger. A user "SuperUser" is logged in with no remote host IP listed, then the camera's all restart. Two or three times a day. Currently there are no open ports set in the router and the NVR is plugged into it. A search of the forum only found one passing thread mentioning this. Nothing found in a Google search either. WTF?

SuperAdmin.jpg
 

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
Now looking a little more at the logs, the "SuperAdmin" logins are always prefaced with the above "Local: Abnormal Shutdown, Information, HDD Information 1, Information, HDD Information 2, Operation Power On". The SMART status for both HDD's seems fine. What is this!?
 

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
Could "SuperAdmin" be an OS generated user in some kind of recovery process? Wonder what Hik will tell me if anything? Still welcome any theories, no matter how wacko! This is really strange.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
its proabibly a script running as root on bootup; its not the problem, just a symptom.. the abnormal shutdown is
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
Could "SuperAdmin" be an OS generated user in some kind of recovery process?
It's just a tag used at system startup by the firmware when generating the associated log entries, and also used by the <MEGA_DSP util> restricted shell parser, about which I know nothing.
"mega_util_dev_megaeyes_user_login failed!"
It does not seem to come from a remote logon attempt.
 

ardsar

n3wb
Joined
Sep 15, 2015
Messages
16
Reaction score
3
I noticed exactly the same thing last night when i looked at the logs. For the last few evenings i have heard a beep coming from the NVR and on clover inspection i'm having abnormal shutdowns.

Does anyone know why this NVR appears so unstable. Would love to know how to solve these reboots as i am averaging 2 or 3 a day!
 

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
Yup, it's happening about every 15 minutes now. I'm disabling recording to see if It might be a HD issue then I'll disconnect one cam at a time and see what happens. Any further advice is appreciated.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
it has an external power brick right? look at the specs on it and see if you have another power brick laying around that is same specs..

do u have more than one hdd in the NVR? might try unplugging one at a time and see if issue goes away.
 

Keyboard

Getting comfortable
Joined
Oct 25, 2016
Messages
279
Reaction score
531
Location
Owings Mills, MD
I have the same model NVR as @Hotelone and made it operational just this week. Looking at my logs I see the same "SuperAdmin" several times for a remote login with no IP address. So far, I have not witnessed the system restarting itself (at least while I'm awake).

I'm hoping that we can get a definitive explanation of why this mysterious user is remotely logging into the NVR. Right now it's starting to make me nervous.

BTW, my NVR firmware is V3.4.62 Build 160503
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
SuperAdmin === root; could be maintenance scripts, bootup scripts, all sorts of shit.. when they are executed they will fire up there own shell assigned to root (SuperAdmin) and its just being logged.

nothing to worry about really.. if there is no remote IP associated then it was kicked off locally.. not remotely..
 

GH75

Young grasshopper
Joined
Mar 4, 2016
Messages
59
Reaction score
9
I truly believe nayr that its a system generated log in. But if in doubt remove the nvr from any external access.

Sent from my SM-G900P using Tapatalk
 

Ampd

n3wb
Joined
Nov 15, 2016
Messages
1
Reaction score
0
Sorry to hijack your post but was wondering if there was a way to determine if the company who sold us our system is accessing our logs? When they installed it, they told us we could not delete the main admin, which is them. Are they able to view our cameras and if so how would we know? The reason I ask is they company owners ate actually friends of our and it's just kind of creepy thinking they may be watching us.
 

Keyboard

Getting comfortable
Joined
Oct 25, 2016
Messages
279
Reaction score
531
Location
Owings Mills, MD
I hope they at least gave you the password to the admin account. If so, then change it to lock them out. If not, then yes they can access your cameras and view, modify and do whatever they want.
 

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
"Sorry to hijack your post but was wondering if there was a way to determine if the company who sold us our system is accessing our logs? When they installed it, they told us we could not delete the main admin, which is them. Are they able to view our cameras and if so how would we know? The reason I ask is they company owners ate actually friends of our and it's just kind of creepy thinking they may be watching us."

I would NEVER let this happen. If they gave you the admin password I'd create a new admin if you can and delete theirs. If they didn't give you the admin password and you can't create a new one I'd return the NVR. I suggest you create a new thread and you'll get a lot more responses and advice. This thread is a week old.
 

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
Thanks for everyone's help and advice on this. I can finally update this post after being away for the last three days. I removed a camera that's connected via Powerline that I've had some questions about in the past, then removed one of the two HD's and then reset the NVR to defaults except for user and IP settings. For the last 24 hours no resets and no "SuperAdmin" log entries. I really think that my screwing around with the settings so much made the system increasingly unstable and that the settings reset was the key. I'm going to add the other HD tomorrow, wait a day or so, then add the other cam and see what happens. Thanks again for the help!
 

CQR-View

n3wb
Joined
Oct 15, 2020
Messages
20
Reaction score
12
Location
Perth, Western Australia
I'm not sure if there is still any interest in this thread, though i my be able to shed some light on the subject.
From what i have seen on many different NVR's by numerous Manufacturers, they all seem to have a similar Login upon System Boot. My understanding, this is nothing but a parameter that is used when the system first boots up as the system requires a login to function.
Some Systems will allow certain functions to be performed, such as double click a camera on a split screen, to view in full screen mode, however when an attempt is made to access the menu, then prompts you for an Admin/User Login to be entered. Once you login with your Correct Credentials the SuperAdmin is Logged Out. Hikvision call it "SuperAdmin" others such as XM, it's called the "Default User"
 
Top