Avatar
Please consider registering
Guest
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Register Lost password?
sp_Feed sp_TopicIcon
HAve I been hacked?
sp_NewTopic Add Topic
Avatar
fairweathergardener
New Member
Members
Forum Posts: 2
Member Since:
November 21, 2016
sp_UserOfflineSmall Offline
1
November 21, 2016 - 4:27 pm
sp_Permalink sp_Print sp_QuotePost
sp_ReportPost

Hi Everyone
IVe been having problems with my analogue box for a few months now - interfering with my Internet and also Live View on web interface not behaving. Well, I got a new system and while I was dismantling the old one and checking settings for transfer across etc, I noticed it had been hacked. Please see this link https://www.securitycameraking.com/secur ... revent-it/
and http://www.pcworld.com/article/3089346/ ... tacks.html.   This led me to believe I have been hacked.  HAve I? 

In the first link, that's exactly what I found on my box - an additional user called "system" which said your box has been hacked please secure. I also had the same web interface issues with Live Preview.

My installer put this in nearly 3 years ago and at the time he only told me to change my admin password which I did. I left the factory password alone as that's what I was advised to do. It was the usual Dahua 888888. So I think that's where and why it was hacked so easily. For what nefarious means I don't know. I haven't been burgled while this was going on, so it's not for that purpose. I did have all the internet issues whereby intermittently since the web interface issues (which is since it was hacked), and my internet would slow down so it was unusable even with an ethernet cable straight into the router. Then it would free up again for a while before it happened again. I don't know if that was hackers using my CCTV box as a route for DDos attacks (not that I now what they are, just that they use up all your bandwidth - can someone explain please?) or maybe it was the firewall kicking in on the router/home hub and stopping our access so we couldn't be hacked - is this possible in theory?
My BIG question is though, with all this in mind, does anyone know if, once the CCTV box has been breached, home data on laptops, Macs, iPhones etc is compromised or could my theory about the firewall be correct? I had DMZ ticked on my router for at least the past 6 months, but not prior. What does this do? I was just told to do that. The router was set up as a DNS with port forwarding. 

And another question....are the new P2 P boxes secure or not? 

Avatar
Guest
Guest
Guests
2
November 21, 2016 - 5:45 pm
sp_Permalink sp_Print sp_QuotePost
sp_ReportPost

If you see a user "system - you have been hacked please secure your system" or something of that nature, then yes you were hacked.

Most likely the attacker used the recorder as a bridge to your network. You need to remove that username completely, and make sure to make some password adjustments.

 

The most important thing for you to do here is make sure "DMZ" is not enabled in your router/modem/firewall. This is how they are gaining access through the telnet port of 23.

DMZ stands for demilitarized zone, it opens up every port available to one device on your network leaving your device vulnerable on the internet. To gain access to your machine remotely you need to have port forwarding done, and remove the DMZ. 

Avatar
fairweathergardener
New Member
Members
Forum Posts: 2
Member Since:
November 21, 2016
sp_UserOfflineSmall Offline
3
November 21, 2016 - 6:09 pm
sp_Permalink sp_Print sp_QuotePost
sp_ReportPost

Heath Phillips said
If you see a user "system - you have been hacked please secure your system" or something of that nature, then yes you were hacked.

Most likely the attacker used the recorder as a bridge to your network. You need to remove that username completely, and make sure to make some password adjustments.

 

The most important thing for you to do here is make sure "DMZ" is not enabled in your router/modem/firewall. This is how they are gaining access through the telnet port of 23.

DMZ stands for demilitarized zone, it opens up every port available to one device on your network leaving your device vulnerable on the internet. To gain access to your machine remotely you need to have port forwarding done, and remove the DMZ.   

I have a new box now. It's P2 P and that's how I have it set up at present. Is that ok? That doesn't involve the DMZ and I've also changed the passwords . Old box has been reset to factory defaults and I'm not using it now. 

Avatar
Guest
Guest
Guests
4
November 22, 2016 - 9:49 am
sp_Permalink sp_Print sp_QuotePost
sp_ReportPost

You should be fine with p2p, there is no ports open to the machine in that case. 

I would verify and make sure DMZ and any unnecessary port forwarding is disabled within your router.  

Forum Timezone: America/New_York
Most Users Ever Online: 727
Currently Online:
Guest(s) 28
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Techpro Security: 404
shockwave199: 179
tubac: 167
Jer7of9: 155
Gilberto: 150
MrDeepFreeze: 136
Night Hawk: 100
Mark: 90
West Coast Jones: 66
ShawnInFL: 64
Newest Members:
jadedblu12@gmail.com
gasman21
Jamie Teeters
scubamaster
JustGene
Robertkanny
Donald
LeoFreskos
Bula dinor 000x securitycameraking.com mv
cingusmartly
Forum Stats:
Groups: 5
Forums: 28
Topics: 1504
Posts: 6003

 

Member Stats:
Guest Posters: 144
Members: 23019
Moderators: 7
Admins: 5
Administrators: Damon Delcoro, Brad Besner, Jose Malave, Damon Delcoro, Tony Petruzzi
Moderators: Zeke Richey, Eric Wilson, Yarden Pinhasi, Joe Shopsin, jwilhelmi, Jorge Nava, Tyler Rittel