blueirissoftware.com website down (2023.07.07)
- Thread starter iamaven
- Start date
aaronwt
Getting the hang of it
I'm hoping I don't get hit by this. Right now, my seventeen cameras are still working fine with my BI machine. So I will not remotely access the PC unless it stops working or comes up in evaluation mode.
Left Coast Geek
Getting comfortable
mine just came up in eval mode, and yeah, I found the bi site down. says I'm running 5.7.7.8 and my license expired 4/22/2022 ?!?
smoothie
Pulling my weight
- Joined
- Dec 19, 2015
- Messages
- 223
- Reaction score
- 178
Mine is currently running normally fingers crossed hopefully it remains that way. I put a wildcard domain block in my Pihole DNS server for blueirissoftware.com, blueiris.pro and blueiris.software; my OS also resolves the AAAA records along with the A records but so far there haven't been any valid responses of the AAAA records so it appears Blue Iris was NOT running IPv6 on their sites. Those sites are now inaccessible from my network which hopefully means my BI instance is isolated but if there are any hardcoded IP addresses within BI to check for updates it could still get through. I am on a much older version, I have current maintenance through 2024 but I have been lazy and haven't updated my instance mostly because it was working fine and I didn't need any of the new features. I am on 5.4.9.14 x64 (7/23/2021) if anyone was curious. My BI machine does much more than just BI and so I was really hoping NOT to have to totally isolate the machine entirely. I also leave my BI console open at all times on the machine, it seems to check when I open the console after a reboot, I already had "no automatic updates" set and my system shows it last checked for News & Updates last night (7/7/23) just after 10:30pm.
Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,835
- Reaction score
- 6,403
Not sure since it's been a while but I don't think that it looks there. I think that it's an Amazon-hosted IP that it goes to. I remember long ago wondering why it was phoning out and that's my recollection.
Check your Pi Hole logs for traffic coming from the BI server IP and you may see it.
atl404
n3wb
are you saying it goes direct to an ip or uses some other domain? i’ve also blocked blueirissoftware.com at my dns server and haven’t had issues yet. i haven’t seen other suspicious queries yet
Smilingreen
Known around here
Yeah, I ain't going there.......tempting, though.... 
smoothie
Pulling my weight
- Joined
- Dec 19, 2015
- Messages
- 223
- Reaction score
- 178
I would but I have multiple VMs sharing the same IP and I can't tell which is requesting what from where. This is also why I was hoping not to totally isolate that machine.
GaryCAa
Young grasshopper
Reentered my serial and maintenance numbers and things returned to normal. Noticed my camera groups are missing. Did this happen to anyone else?
Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,835
- Reaction score
- 6,403
I don't recall now whether it was to an IP or to a domain hosted at Amazon. I'm not at home where I can check my logs easily. Also, was long ago when I noticed it so it could be done completely differently now. I just blocked everything out to the WAN from that host. Can still get there via my VPN the way that mine is set up.
atl404
n3wb
I did a check for updates after blocking blueirissoftware.com and see a query for blueirissoftware.com, but nothing else that stands out. I don't have detailed netflow logs to see what other traffic may have been sent.
CloudyDave
n3wb
- Joined
- Jul 2, 2017
- Messages
- 6
- Reaction score
- 4
Yesterday I posted a question asking if I was the only one having problems getting to their web site. I didn't read all of the replys to this thread but I did get a response back from tech support stating that "we are experiencing some technical difficulties with out server". Its currently being worked on, but their is no indication as to when it will be back up. But they state, "it should be back up and running soon".
Since I haven't installed it yet I can't say how this outage impacts all of you.
Since I haven't installed it yet I can't say how this outage impacts all of you.
looney2ns
IPCT Contributor
Just an FYI:
I would suggest that you DO NOT download anything from the BI website during it's current downtime.
It's possible it is a malicious payload a bad actor placed there.
I would suggest that you DO NOT download anything from the BI website during it's current downtime.
It's possible it is a malicious payload a bad actor placed there.
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,903
- Reaction score
- 21,275
It is not malicious. It was placed there by Ken. It is 100 percent safe. VirusTotal
It would be silly for a malicious actor to do it this way rather than simply upload to a working website.
CloudyDave
n3wb
- Joined
- Jul 2, 2017
- Messages
- 6
- Reaction score
- 4
That's Funny. Well not really. I just downloaded it and was thinking the same thing. But just because it doesn't trip any malware flags doesn't necessarily mean it's not a bad actor! Takes a while for malware to be discovered, then a malware identifier to be sent out to all of the AV programs...... by then too late....
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,903
- Reaction score
- 21,275
The developer has already replied to emails and posted on their facebook page indicating that their server is down and the file has been uploaded. The malware engines can detect viruses new viruses based on code using AI among other techniques.. Again what kind of foolish malicious actor would take down a site then upload a malicious file rather than simply uploading the file to the working site. Why would you then even download any file from the BI website or any site- even its working fine...if you dont trust it move on to an alternative product you can trust.