Jump to content
mikacctv

IP adress changed by something or someone

Recommended Posts

Hi,

 

I have an AVTECH KPD674 DVR.

 

It is connected to the network since 4 years and has always worked with eagleeyes.

It is IP fix configured (no DHCP).

 

Since 2 weks, when it is connected to the network, the IP adress and the gateway are changed.

I removed the accounts, creted a new one with new login and new password but a few hours later the IP adress and gateway were changed.

 

Any idea ?

Could my DVR be hacked by someone ?

 

Regards.

Share this post


Link to post
Share on other sites

Hi,

 

 

It is connected to the network since 4 years and has always worked with eagleeyes.

It is IP fix configured (no DHCP).

 

Since 2 weks, when it is connected to the network, the IP adress and the gateway are changed.

I removed the accounts, creted a new one with new login and new password but a few hours later the IP adress and gateway were changed.

 

Any idea ?

Could my DVR be hacked by someone ?

 

Regards.

Share this post


Link to post
Share on other sites

Thanks for your answers.

 

I already have a DDNS service, this is not the problem.

 

The problem is that the local IP adress configured in the DVR is changed by someone or something.

My local network adress is 192.168.xxxxxx

 

But as I said, since a few days, if the DVR is connected to the network, the ip adress is changed like this :

 

298351_1.jpg

 

All values have been changed, not by me !

 

Thanks.

Share this post


Link to post
Share on other sites
Thanks for your answers.

 

I already have a DDNS service, this is not the problem.

 

The problem is that the local IP adress configured in the DVR is changed by someone or something.

My local network adress is 192.168.xxxxxx

 

But as I said, since a few days, if the DVR is connected to the network, the ip adress is changed like this :

 

298351_1.jpg

 

All values have been changed, not by me !

 

Thanks.

It could be related to the Dahua security backdoor flaw! I have a few customer dvr affected too.

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for the answers.

 

How does it work ? Is it like a virus that is in the DVR or only an attack from the internet ?

If I flash the DVR, will it be OK again ? Maybe for a few days only ?

 

I will write to AVTECH in order to ask a new firmware that corrects the flaw but as the KPD674 is an old model I think they won't make a new firmware.

Share this post


Link to post
Share on other sites
Hi,

 

Thanks for the answers.

 

How does it work ? Is it like a virus that is in the DVR or only an attack from the internet ?

If I flash the DVR, will it be OK again ? Maybe for a few days only ?

 

I will write to AVTECH in order to ask a new firmware that corrects the flaw but as the KPD674 is an old model I think they won't make a new firmware.

hello mine is doing exactly the same thing, do you know anything about it? it started a few weeks ago

Share this post


Link to post
Share on other sites

The same thing happened to me and then when trying change everything back I noticed that the firmware had changed to S838-S838-S838-S838. I don't recall updating it but if I did there were no update messages. And as far as I can remember the previous firmware was something like 1001.- recurring. Hardly go into the settings anymore cause it's been working great since I bought it in 2011.

Share this post


Link to post
Share on other sites

Sorry for the late reply. I wasn't able to register an account back when mikacctv first asked the question and for some reason it worked this time

 

This is almost certainly what's known as "BrickerBot" attempting to disconnect a hacked/insecure camera from the Internet. Are you able to retrieve the user database by requesting http:///cgi-bin/user/Config.cgi?/nobody&action=get&category=Account.* ? If so then anyone on the Internet can get admin access to it and it'll end up being targeted by malware such as Imeij.

 

I recommend securing the camera behind a VPN or even just to limit access to it by a firewall. Simply changing the port is not a long-term fix. Avtech may also be able to offer a firmware upgrade which fixes the vulnerability (but they've been slow/unhelpful so far).

Share this post


Link to post
Share on other sites

I have the same problem with my dahua hcvr5108c-v2. The static ip address keeps on changing to:

IP : 10.95.190.83

Gateway 10.95.190.206

Primary DNS :1.2.3.4

Secondary DNS: 1.2.3.5

I correct it and every single time it changes to this. I changed passwords, default ip addresses in my dvr and router and all ports in my dvr. Still keeps on changing.

Apart from this all my camera feeds are watermarked HACKED. All camera names are changed to hacked1, hacked2 and so on.

What or who is screwing with me?Also i dont seem to find any new firmware on dahua's website.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×