Hi you all, Im new here, Have a problem since about 3 years:
I´ve got a Dahua DH-XVR5108HE-X system in my office, with 7 cams. I´ve got full direct access to that system. Software version is V4.001.00000.15 , Build 2021-10-13. No newer updates for that using the button on the web access.
We are 3 users which usually connect to cams:
1st- Me as administrator, using admin account in LAN PC web browser or Smart PSS app
2nd & 3rd : other 2 users who login as created user accounts using the mobile app DMSS or gDMSSPlus.
Since about 3-4 years I usually get some login attemps from different IPs, which I usually revise them and I add them to BLACKLIST so they dont go on attempting to get in my system or hack my pass. I get about 2-8 attemps per week.
All accounts created by me, even the admin account have strong pass.
The problem comes when I get in the log event the following lines:
So , it seems that a hacker get access to my system, from 127.0.0.1 (usually when mobile apps get access it appears this IP) , and creates a "deafult" user (not default) , and then he access to my cams for 2 minutes and after that he deletes the "deafult" user he created.
This EXACT same thing (with different user names such as "admln" (with an L) ) has happened about 6 months ago. So first time I hope it was just an alone hacker, but it seems it could be easly hacked with whichever that method.
I think I need help here to prevent that, so I just registered in this forum to show you my case. Can someone help me with that? Thank u very much!!
I´ve got a Dahua DH-XVR5108HE-X system in my office, with 7 cams. I´ve got full direct access to that system. Software version is V4.001.00000.15 , Build 2021-10-13. No newer updates for that using the button on the web access.
We are 3 users which usually connect to cams:
1st- Me as administrator, using admin account in LAN PC web browser or Smart PSS app
2nd & 3rd : other 2 users who login as created user accounts using the mobile app DMSS or gDMSSPlus.
Since about 3-4 years I usually get some login attemps from different IPs, which I usually revise them and I add them to BLACKLIST so they dont go on attempting to get in my system or hack my pass. I get about 2-8 attemps per week.
All accounts created by me, even the admin account have strong pass.
The problem comes when I get in the log event the following lines:
- [Username : admin] [Log Type: Illegal Login ] Event Type:Illegal Login Event Action:Event Start Start Time:2024-08-15 09:54:07 IP Address:127.0.0.1 Username:admin Group:admin
- [Username : admin] [Log Type: Illegal Login ] Error Code: Wrong username or password. Time: 2024-08-15 09:54:07 Group: admin IP Address: 127.0.0.1 Username: admin
- [Username : admin] [LogType: adduser] Username: deafult
- [Username : admin] [LogType: modify user] IP Address:127.0.0.1 Username:admin Group:admin Permission
layback Channel 1:No-->Yes 2:No-->Yes 3:No-->Yes 4:No-->Yes 5:No-->Yes 6:No-->Yes 7:No-->Yes 8:No-->Yes - [Username : admin] [LogType: modify user] IP Address:127.0.0.1 Username:admin Group:admin Permission:Live Channel 1:No-->Yes 2:No-->Yes 3:No-->Yes 4:No-->Yes 5:No-->Yes 6:No-->Yes 7:No-->Yes 8:No-->Yes
- [Username : deafult] [LogType: user logout] Time: 2024-08-15 09:54:36 Group: admin IP Address: 127.0.0.1 Username: deafult
- [Username : deafult] [LogType: user logged in] IP Address:127.0.0.1 Username:deafult
- Here comes several (6 or 8 ) logins and log outs from "deafult" user
- [Username : deafult] [LogType: Delete User] Username:deafult
So , it seems that a hacker get access to my system, from 127.0.0.1 (usually when mobile apps get access it appears this IP) , and creates a "deafult" user (not default) , and then he access to my cams for 2 minutes and after that he deletes the "deafult" user he created.
This EXACT same thing (with different user names such as "admln" (with an L) ) has happened about 6 months ago. So first time I hope it was just an alone hacker, but it seems it could be easly hacked with whichever that method.
I think I need help here to prevent that, so I just registered in this forum to show you my case. Can someone help me with that? Thank u very much!!
