Cameras seem to be hacked

A

AstroIROC

Young grasshopper
Nov 6, 2015
31
9
I have several Hikvision cameras set up in a home running on Blue Iris software the cameras periodically stop showing up in Blue Iris because the admin password does not work any longer. So I'm assuming they are being hacked. What should I do to prevent this
 
AstroIROC said:
I have several Hikvision cameras set up in a home running on Blue Iris software the cameras periodically stop showing up in Blue Iris because the admin password does not work any longer. So I'm assuming they are being hacked. What should I do to prevent this
Click to expand...

Hi AstroIROC

Are you port forwarding?
 
AstroIROC said:
I have several Hikvision cameras set up in a home running on Blue Iris software the cameras periodically stop showing up in Blue Iris because the admin password does not work any longer. So I'm assuming they are being hacked. What should I do to prevent this
Click to expand...
you must disable all port forwarding and UPNP BOTH on the router and the cameras.
there is no need for this when using blue iris.
 
  • Like
Reactions: mat200 and Mike
Sounds like they are hacked for sure. As @fenderman said, disable upnp on both the router and cameras and do not forward the camera ports. If you're using international versions of the cameras (non-chinese) then you could update your firmware (which isn't necessary). But make sure to do your homework on this first as you can come into issues when updating firmware with grey market cameras.
 
  • Like
Reactions: fenderman
as for recovering your cams, one way is a factory reset if you have physical access (via reset button on the back or inside the cam body).
Then run SADP to find them on your network and set them up again, after disabling UPNP in your router and rebooting it to clear any previously opened ports...
 
Last edited:
  • Like
Reactions: mat200
My own opinion, for what that is worth, is that you should not update the firmware just for security reasons. Instead, prevent the cameras from internet access and don't worry about their vulnerabilities anymore. In fact, use their vulnerabilities to your advantage (for resetting forgotten passwords, for example).
 
  • Like
Reactions: anijet, looney2ns, Mike and 1 other person
1) disable port forwarding, do not use scanned QR, disable uPNP at your router and in the camera, do not use P2P.
2) reset the cameras and reconfigure in blue iris.
3) block the cameras from the internet, either use a seperate network, (two nic cards in the BI PC) or at the router block the camera mac addresses
4) to remote access the BI machine use a VPN, use openVPN or a similar product. NOT commercial purchased VPN software.
5) do not use cloud anything.
6) at the camera level I do not set the gateway address, or the DNS address to valid addresses, but i do not think that this helps.

if the cameras are HACKED chinese cameras, they may have been infected before you purchased them.
 
  • Like
Reactions: Mike and mat200
Thanks for all the suggestions, I will disable the UNPN in the router and cameras. will Blue Iris still show cameras on mobile devices with port forwarding off? I'll try it both ways to see TY
 
AstroIROC said:
Thanks for all the suggestions, I will disable the UNPN in the router and cameras. will Blue Iris still show cameras on mobile devices with port forwarding off? I'll try it both ways to see TY
Click to expand...
If you are forwarding the http (web server) port of BI then yes, you can see your cameras outside of your network using the BI app.

bp2008 said:
My own opinion, for what that is worth, is that you should not update the firmware just for security reasons. Instead, prevent the cameras from internet access and don't worry about their vulnerabilities anymore. In fact, use their vulnerabilities to your advantage (for resetting forgotten passwords, for example).
Click to expand...

I tend to agree with this, especially after seeing several people bricking their cameras after updating firmware. The best thing is to never port forward the ports on the cameras themselves. If you want to port forward instead of the VPN route (which many do), then just forward the BI web server port.
 
  • Like
Reactions: bp2008 and mat200
  • Like
Reactions: AstroIROC
AstroIROC said:
Thanks for all the suggestions, I will disable the UNPN in the router and cameras. will Blue Iris still show cameras on mobile devices with port forwarding off? I'll try it both ways to see TY
Click to expand...
Your cameras were hacked because the cameras were port forwarded, not blue iris.
Blue iris does not need the cameras themselves to be port forwarded. Its pointless.
For blue iris itself, its best to use a vpn.
 
  • Like
Reactions: Mike
The cameras were not port forwarded, The sever that runs the Blue Iris software is port forwarded so the mobile Blue Iris software can access the cameras. At least that's how I'm understanding it
 
AstroIROC said:
Is there a way to get the cameras to be viewable from the internet without port forwarding.
Click to expand...
Yes def, check out the VPN portion of the wiki.

AstroIROC said:
The cameras were not port forwarded, The sever that runs the Blue Iris software is port forwarded so the mobile Blue Iris software can access the cameras. At least that's how I'm understanding it
Click to expand...

It def sounds like the cameras were port forwarded OR UPnP was turned on, on the cameras and router. Either way, disable upnp on both the cameras and in the router, remove all port forwarding rules and check out the VPN portion of the wiki.
 
Mike said:
It def sounds like the cameras were port forwarded OR UPnP was turned on, on the cameras and router. Either way, disable upnp on both the cameras and in the router, remove all port forwarding rules and check out the VPN portion of the wiki.
Click to expand...
UPnP was on on the router and cameras, but the only port forward that was used was to the sever for blue iris
 
You must log in or register to reply here.
Top Bottom