Please help with Log details!

[itsme74]

Hello, everyone! This is my first post and hope someone can help. I’ve been trying to figure this out for a long time now.
I keep seeing this in my Log where it says “Save <P2P> config!” and I don’t know what that means. Can someone tell me why this keeps popping up? And by the way, there are only two people that have access to the cameras which is myself and my mom. My mom is 77 and knows nothing about the settings on these cameras. She lets me do all the “technical” stuff. I can’t figure out what it could be when neither of us are doing anything in the settings. I rarely check the cameras on my mobile app.
Also, one more thing, it will show a login three times in a row (one user and all three logins within seconds of each) and when the user logs out it shows three logouts and they’re all within seconds of each other but it’s just one user. Can’t figure out why it would login and logout one device three times each at the same time. In the last picture it only shows the login and logout twice but it’s usually three times login and three times logout. Thanks for any help in advance!

 

[wittaj]

sounds like you might be hacked and sounds like you are using P2P or port forwarding?

Is my NVR hacked by someone?

Hi all, Last night my Dahua DHI-NVR4208-8P-4KS2 just beeped in the middle of the night (never did that before). After looking at the log at the time of beeping it says the following: (Events occur from bottom to top): 3 Time: 2020-03-11 02:20:25 Type: Save Contents: Save config...

ipcamtalk.com

 

[itsme74]

sounds like you might be hacked and sounds like you are using P2P or port forwarding?

Is my NVR hacked by someone?

Hi all, Last night my Dahua DHI-NVR4208-8P-4KS2 just beeped in the middle of the night (never did that before). After looking at the log at the time of beeping it says the following: (Events occur from bottom to top): 3 Time: 2020-03-11 02:20:25 Type: Save Contents: Save config...

ipcamtalk.com

Yes, I’m using P2P but can’t remember if I set up with port forwarding. I don’t think I did. So you think maybe someone else is possibly logging in? I was thinking maybe the “save P2P config” may mean that someone was possibly trying to gain access to my cameras but that’s only a guess.

 

[wittaj]

Usually if you do P2P that is enough damage LOL, but some then add to it by also port forwarding.

If that was not you logging in and out and saving the P2P configuration, then it sounds like someone hacked in and was changing the P2P to make it even easier for them to get into your entire network.

Maybe they were adding their devices to allow access to the system.

Could be about anything.

 

[itsme74]

Usually if you do P2P that is enough damage LOL, but some then add to it by also port forwarding.

If that was not you logging in and out and saving the P2P configuration, then it sounds like someone hacked in and was changing the P2P to make it even easier for them to get into your entire network.

Maybe they were adding their devices to allow access to the system.

Could be about anything.

So let me ask you this. Don’t you need P2P in order to view the cameras on your mobile? What can I do to prevent this and still view the cameras on the mobile app?

 

[wittaj]

Before you do anything, I would suggest looking at your router logs and see if you notice anything off.

I would then consider factory reset of the NVR and start over (do not import config file).

But even then, if they hacked in already then they have the serial number of the NVR and could just wait for it to come back online and go thru a backdoor.

At the very least, change the password and consider turning P2P off at least for now. Then setup for the NVR to email you alerts for the time being until you figure out what is going on.

Most of us use OpenVPN that is native to many routers or use something like ZeroTier or Tailscale to access remotely.

VPN Primer for Noobs

The internet is a force of nature; no video surveillance system made was designed to be exposed to those forces.. NEVER FORWARD PORTS to your NVR or Cameras, doing such things not only exposes you to severe security problems, but everyone else on the internet too.. Hackers dont want your video...

ipcamtalk.com

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

 

[itsme74]

Before you do anything, I would suggest looking at your router logs and see if you notice anything off.

I would then consider factory reset of the NVR and start over (do not import config file).

But even then, if they hacked in already then they have the serial number of the NVR and could just wait for it to come back online and go thru a backdoor.

At the very least, change the password and consider turning P2P off at least for now. Then setup for the NVR to email you alerts for the time being until you figure out what is going on.

Most of us use OpenVPN that is native to many routers or use something like ZeroTier or Tailscale to access remotely.

VPN Primer for Noobs

The internet is a force of nature; no video surveillance system made was designed to be exposed to those forces.. NEVER FORWARD PORTS to your NVR or Cameras, doing such things not only exposes you to severe security problems, but everyone else on the internet too.. Hackers dont want your video...

ipcamtalk.com

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

Thanks so much for your help!!!