enoxos 0 Posted November 22, 2010 hello there, I called my DVR's representatives to find out why my web monitoring viewer was acting up. He asked for my IP which I gave to him and he said he was able to see the video output. After some troubleshooting, we solved the minor problem. Here is the question, how the hell he logged into my DVR and was able to view the cameras? I never gave him the password since he never asked anyway. Apparently, there must be a reset password that they can use to have full control of the DVR. Is there a way to delete this reset password and have my DVR log in only with my password? thank you fellas Share this post Link to post Share on other sites
ak357 0 Posted November 22, 2010 (edited) hello there, I called my DVR's representatives to find out why my web monitoring viewer was acting up. He asked for my IP which I gave to him and he said he was able to see the video output. After some troubleshooting, we solved the minor problem. Here is the question, how the hell he logged into my DVR and was able to view the cameras? I never gave him the password since he never asked anyway. Apparently, there must be a reset password that they can use to have full control of the DVR. Is there a way to delete this reset password and have my DVR log in only with my password? thank you fellas Are u using default user name and password which come with DVR Then may be why .... Edited November 22, 2010 by Guest Share this post Link to post Share on other sites
enoxos 0 Posted November 22, 2010 Are u using default user name and password which come with DVR Then may be that why .... actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible. thanks Share this post Link to post Share on other sites
ak357 0 Posted November 22, 2010 Are u using default user name and password which come with DVR Then may be that why .... actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible. thanks U have to supply info about DVR as much as u know We can't guess or assume ( reset password usually is being use to reset unit locally only or reset is done by using DVR front buttons) Share this post Link to post Share on other sites
enoxos 0 Posted November 22, 2010 U have to supply info about DVR as much as u know We can't guess or assume ( reset password usually is being use to reset unit locally only or reset is done by using DVR front buttons) the DVR is from Q-see and the model is QSDR-0008RTC Share this post Link to post Share on other sites
empak 0 Posted November 26, 2010 I have regained control of DVRs with a unknown manufacturer password before, the master password was not on the list and could not be erased. I often wonder about the ability of the manufacturer to spy on us with dvrs. I know that we do give the dvr a few open ports to play with on most networks. a perfect spy tool, they are everywhere! ever wonder why those dvrs and cards are so cheap..... lol empak Share this post Link to post Share on other sites
kccustom 0 Posted November 26, 2010 What was acting up? I just sent that exact same model back because it kept crashing every time I used the iphone app and large blocks of recorded data would all of a sudden be un-accessible. Share this post Link to post Share on other sites
tomcctv 190 Posted November 26, 2010 Are u using default user name and password which come with DVR Then may be that why .... actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible. thanks Hi for them to get into your dvr you would have had to of given them your ip address ................. just change it Share this post Link to post Share on other sites
Kablooie 0 Posted November 27, 2010 the DVR is from Q-see and the model is QSDR-0008RTC There are 3 remote viewing passwords that need to be changed: 1 - admin password 2 - user password 3 - mobile password You indicated that you changed the admin password. What about the others? Also, for an additonal layer of security the ports should be changed from defaults. The defaults are 9000 and 80. When you change the http port (80) you'll need to use the port number with the IP address. For instance, if the DVR has an internal IP address of 192.168.1.200 and you change the port to 83 you'll need to use http://192.168.1.200:83 in a web browser to access the DVR, or 192.168.1.200:83 in the remote viewing software. Same thing goes when accessing the DVR with the WAN IP address (just substitue the WAN IP address for the internal IP address in the above example). Along the same lines, if you change the media port from 9000 to 9003 (for instance) you'll need to specify that port also. Oh, the model is QSDR008RTC (removed the extra 0). Share this post Link to post Share on other sites
rory 0 Posted November 27, 2010 I would be more concerned about it only being CIF recording. Share this post Link to post Share on other sites
Liber8or 0 Posted November 28, 2010 I just plugged in the QR-414 DVR that I received today, and was shocked to learn there is a master password, clearly documented in the manual's FAQ section, that allows you to have admin access to the box with no questions asked. Share this post Link to post Share on other sites
rory 0 Posted November 28, 2010 I just plugged in the QR-414 DVR that I received today, and was shocked to learn there is a master password, clearly documented in the manual's FAQ section, that allows you to have admin access to the box with no questions asked. Yes this is common with most DVRs. In most cases it can be changed. Share this post Link to post Share on other sites
thewireguys 3 Posted November 28, 2010 One of the first things you should do is change the default admin password. Share this post Link to post Share on other sites
enoxos 0 Posted December 5, 2010 I have regained control of DVRs with a unknown manufacturer password before, the master password was not on the list and could not be erased. I often wonder about the ability of the manufacturer to spy on us with dvrs. I know that we do give the dvr a few open ports to play with on most networks. a perfect spy tool, they are everywhere! ever wonder why those dvrs and cards are so cheap..... lol empak exactly my thoughts. if the manufacturer or the dealer has a master password (namely the reset password), they can see everything provided they know the ip. Share this post Link to post Share on other sites
enoxos 0 Posted December 5, 2010 Are u using default user name and password which come with DVR Then may be that why .... actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible. thanks Hi for them to get into your dvr you would have had to of given them your ip address ................. just change it True, but here is the deal by having a dynamic IP. only the last 2 set of numbers change when your dynamic IP resets every so often. Therefore, there is a small, but yet a chance to get it right by pure guessing. (actually it is 1 in 256*256 = 1 / 65536). If only the last set changes, then it is 1/256, pretty good chances if you ask me. Of course the issue is a privacy one and when you have a system at home, this privacy issue is not to be taken lightly to my opinion. Share this post Link to post Share on other sites
enoxos 0 Posted December 5, 2010 the DVR is from Q-see and the model is QSDR-0008RTC There are 3 remote viewing passwords that need to be changed: 1 - admin password 2 - user password 3 - mobile password You indicated that you changed the admin password. What about the others? Also, for an additonal layer of security the ports should be changed from defaults. The defaults are 9000 and 80. When you change the http port (80) you'll need to use the port number with the IP address. For instance, if the DVR has an internal IP address of 192.168.1.200 and you change the port to 83 you'll need to use http://192.168.1.200:83 in a web browser to access the DVR, or 192.168.1.200:83 in the remote viewing software. Same thing goes when accessing the DVR with the WAN IP address (just substitue the WAN IP address for the internal IP address in the above example). Along the same lines, if you change the media port from 9000 to 9003 (for instance) you'll need to specify that port also. Oh, the model is QSDR008RTC (removed the extra 0). Here is the head scratcher: I just gave my techie the Ip only without the port and he got into the system with in 5 seconds. Now, keep in mind that I was NOT using the default port and I had changed the admin password. I had also changed the other passwords as well, user and mobile, prior to talking to the techie. So, I am guessing that the techies with the master-reset password only need the IP address and they search through the ports with a brute force search engine that tries all the ports from 80 to 9000 and it is a guaranteed that they will get into the DVR. this is scary Share this post Link to post Share on other sites
enoxos 0 Posted December 5, 2010 I would be more concerned about it only being CIF recording. why only for CIF recording? what is CIF recording anyway? and how is different than other modes? thanks Share this post Link to post Share on other sites
enoxos 0 Posted December 5, 2010 One of the first things you should do is change the default admin password. changing the admin password does not solve the problem because there is another reset password that can NOT be reste and only techies know that. Share this post Link to post Share on other sites
thewireguys 3 Posted December 5, 2010 One of the first things you should do is change the default admin password. changing the admin password does not solve the problem because there is another reset password that can NOT be reste and only techies know that. sounds like back door access Share this post Link to post Share on other sites
enoxos 0 Posted December 5, 2010 One of the first things you should do is change the default admin password. changing the admin password does not solve the problem because there is another reset password that can NOT be reste and only techies know that. sounds like back door access this exactly what it is. I understand that sometimes we forget the admin pass and they can reset it by sending it to the manufacturer, but i believe that the consumer should have the choice to block any access to their DVRs regardless of what password the techies have. Or the reste could also be done by a combination of the hard buttons on the DVR that resets to its default state with a trivial admin pass. I just do not see why is it that the techies have a reset pass that allows them access to the DVR at any time. this is at least troublesome. We all heard stories of leaked videos on youtube lol Share this post Link to post Share on other sites
rory 0 Posted December 5, 2010 Here is the head scratcher: I just gave my techie the Ip only without the port and he got into the system with in 5 seconds. Now, keep in mind that I was NOT using the default port and I had changed the admin password. I had also changed the other passwords as well, user and mobile, prior to talking to the techie. So, I am guessing that the techies with the master-reset password only need the IP address and they search through the ports with a brute force search engine that tries all the ports from 80 to 9000 and it is a guaranteed that they will get into the DVR. this is scary Did you ask him what he did? Send one of us the IP to test? Share this post Link to post Share on other sites
