My CCTV has been HACKED
Basically I noticed that my external viewing stopped working and found that I had been hacked.
All cameras colour/contrast settings set so that showing black instead of camera picture (although camera still working if reset contrast etc..
Each camera name changed to ‘HACKED’
Network settings changed as in pic below.
PPPoE username and password changed
So I googled and read that it could be down to default passwords or backdoor through the actual cams.
I reset all of the passwords, changed my network settings back, renamed the cameras back and exposed to internet again to see if it happened again as there are risks with updating firmware I might brick the cameras.
All was ok for a few days and then I was HACKED again in exactly the same way except that the cameras were mostly renamed to HACKED but one ws named Upgrade and one named firmware.
It was almost as if someone was telling me that they had hacked me and that I needed to update my firmware.
Therefore, I am now going to update firmware on cameras and DVR, reset passwords and look at my port forwarding and avoid defaults and unnecessary port forwarding rule
My Setup:
Cameras wired connections to iappollo DVR
DVR wired connection to network bridge
Bridge wireless connection to Router
Setup:
Max Connection 128
HTTP: 80
TCP: 37777
UDP: 37778
HTTPS: 443
RTSP 554
Router setup with dynamic DNS
Router port forwarding setup for Ports above.
But I have gaps in my understanding of the network settings on the dvr ports etc and have some questions.....
1. Maximum Connection 128 – is this maximum concurrent users? If so If I want to allow a maximum of 2 external concurrently would I set to 2 or do I need it higher because my router is connected and cameras are connected etc.?
2. HTTP port 80. I assume that this is to allow me to externally connect to the DVR via an internet browser? If that is the case and I only want to be able to connect via mobile phone and the mobile phone app only uses 37777, am I right in assuming that if I turn off port forwarding for port 80 on the router I can still connect via 37777 via TCP on mobile app?
3. TCP 37777, assume I need this one but should I change the number as bots likely to scan this port more often than some obscure port number? If yes Any port numbers I can not use or should use?
4. UDP 37778 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 377778?
5. HTTPS 443 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 443?
6. RTSP 554 - for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 554?
7.
If I need to upgrade firmware is it just on the DVR or do i need to do it on each camera? How would I do it for the cameras via the apollo DVR?
8.
So I only need to access my cctv from two mobile phones via app IDMSS plus. In this app I only and the only port that I enter on the app is 37777 , does that mean that this is the only port that I need to forward on my router in order to get the live view on my mobile or would the app need to use other ports such as 554 to make the live view appear (and port number is invisbly embedded n the code of the app or something?
9.
Last question, I only need (want actually) to access my CCTV from two o2 mobile phones. Is there a way to block everything except these two mobile phones? I assume that this could only be done by only allowing their IP address? And problem is that this changes? Could I use Dynamic DNS from the requesting end (if that makes sense?)
A lot of questions but any answers will help my understanding a great deal and any other useful info would be much appreciated.
Thanks
