Creation of ghost account after unexpected shutdown

[sretlow]

I noticed in the log: Restarted after unexpected shutdown. But when I checked the users settings I noticed a new created account. There was a new user with two chinese signs without password. I directly looked at the logs from my connection with CurrPorts to see if anybody did try (and succeeded) to login. I do log RDP and BlueIris ports incoming IP's. But there was no login between 7 and 10.30 am other than from my own IP from work. So I think that when BI server stalls and is coming up again it created a ghost account. The log from Blue Iris did show a user login (?). See first screenshot.

 

[cyberwolf_uk]

First thing do you have any ports forwarding? P2P, UPNP, etc enabled? If so disable these and start using VPN... Read VPN Primer on this Forum by https://ipcamtalk.com/members/nayr.761/

Also while you are there block your cameras from accessing the Internet.

 

[sretlow]

This is not a security breach error. This also happens when I disable all incoming connections and use VPN. But I don't want to use VPN because I can't use it from my work address. That is why I use tpo monitor al ports to this BI server.

 

[cyberwolf_uk]

OK why cant VPN be used from work? Is it port blocking?

 

[sretlow]

I can't configure or install anything. Using clients on a TS

 

[cyberwolf_uk]

I'm with you... But you say it's not a security breach but surely it is, as you have a unauthorized account on your BI server? I have dealt with many BI server and never seen this. Just for peace of mind have you ran any virus / malware sweep on your BI box?

 

[sretlow]

Yes I did. I also did a clean install at first. So no virus, no malware. No incoming IP's. It looks like a bug in the software after unexpected shutdown of BI.

 

[cyberwolf_uk]

If you think it's a bug best log it with Ken @Blueiris.

 

[sretlow]

I did send an email to support

 

[cyberwolf_uk]

Guess it's wait and see then. It is only a one man operation. I'd leave it a week then remind.