Jump to content

StanCams

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Roughly 5-6 days ago some botnet started to exploit an NTP vulnerability affecting also this kind of NVR (with one or more default login accounts present). BrickerBot added a payload for it 3 days ago. Chances are that your flash partitions have been wiped.
  2. I found some info on the dark web about the recent attacks against DVRs on a paste site: http://depastedihrn3jtw.onion.link/show.php?md5=62d1d87f67a8bf485d43a05ec32b1e6f (foul language warning) Obviously no way of verifying accuracy but reported symptoms seem to match the descriptions
  3. Is it plugged into your LAN and accessible from the Internet? Try unplugging it and see if the rebooting stops. There are currently a lot of systems being hacked/attacked.
  4. StanCams

    what type of cameras are these?

    These look like 3 standard off-the-shelf dome cameras (can't tell manufacturer based on photo) mounted to a custom enclosure box which hides/protects the connectors etc PoE wiring stuff.
  5. StanCams

    [Help] Reset admin Generic AHD DVR

    Hi The GM in "GM login" stands for Grain Media (www.grain-media.com) The most common default root password for these units is "GM8182" (without quotes) Hope that helps
  6. StanCams

    Hacked or Bug?

    This is Brickerbot. Your camera is available to anyone on the Internet and it's getting attacked. Either make it LAN-only or host it behind a VPN. Or use a firewall to restrict access to whatever remote IPs you need to access it from.
  7. StanCams

    IP adress changed by something or someone

    Sorry for the late reply. I wasn't able to register an account back when mikacctv first asked the question and for some reason it worked this time This is almost certainly what's known as "BrickerBot" attempting to disconnect a hacked/insecure camera from the Internet. Are you able to retrieve the user database by requesting http:///cgi-bin/user/Config.cgi?/nobody&action=get&category=Account.* ? If so then anyone on the Internet can get admin access to it and it'll end up being targeted by malware such as Imeij. I recommend securing the camera behind a VPN or even just to limit access to it by a firewall. Simply changing the port is not a long-term fix. Avtech may also be able to offer a firmware upgrade which fixes the vulnerability (but they've been slow/unhelpful so far).
×