markebenson 0 Posted February 26, 2021 I have a dahua dvr gets hacked about every three weeks. Have changed passwords. The camera names change from hacked one, hacked two uprgade frimware 3. etc. system version 3.200.0001.2 web 3.1.0.4 build date 2014-5-16 no help from dahua any advice? Thx Share this post Link to post Share on other sites
tomcctv 190 Posted February 26, 2021 Hi. Not what you want to hear but it’s time for a new dvr last update for that version was 2017 ... yours looks like no update since 2015 your also out of date for all the app updates you can’t repair the early dahua systems 2014-2017 the problem is in the units software..... DVRs are not expensive Share this post Link to post Share on other sites
markebenson 0 Posted February 27, 2021 I realize i can replace the dvr or all 30 dvrs of the same model that I we have. Was looking for a more technical answer from someone that is familiar with this hack. Thx Share this post Link to post Share on other sites
tomcctv 190 Posted February 27, 2021 5 hours ago, markebenson said: I realize i can replace the dvr or all 30 dvrs of the same model that I we have. Was looking for a more technical answer from someone that is familiar with this hack. Thx I am very familiar with the hack problems I did say your not going to like the answer. It is well documented there is no fix ... it is built into the software. If you still have units working just don’t connect them to the internet. so what technical are you looking for ? can you change software .... no ... only updates but your system is 4 years out of updates last support from dahua 2017 .... this is why they won’t help so what technical information are you looking for on a 7 year old system (2017 last update for 2013 upwards build) also using remote apps and pps.... your system comes to end of life using DMSS as dahua will be removing that app this year .... it’s replaced by DMSS plus.. your unit is too old for the change 2013 to 2017 software build units 1000s got hit ..... not from hack coming into unit .... the unit created the path in and out of your network what answer are you looking for Share this post Link to post Share on other sites
markebenson 0 Posted February 28, 2021 19 hours ago, tomcctv said: I am very familiar with the hack problems I did say your not going to like the answer. It is well documented there is no fix ... it is built into the software. If you still have units working just don’t connect them to the internet. so what technical are you looking for ? can you change software .... no ... only updates but your system is 4 years out of updates last support from dahua 2017 .... this is why they won’t help so what technical information are you looking for on a 7 year old system (2017 last update for 2013 upwards build) also using remote apps and pps.... your system comes to end of life using DMSS as dahua will be removing that app this year .... it’s replaced by DMSS plus.. your unit is too old for the change 2013 to 2017 software build units 1000s got hit ..... not from hack coming into unit .... the unit created the path in and out of your network what answer are you looking for Here is what info I am looking for and let me add that I have 30 of the exact model unit and only experiencing the problem at 1 location so far. 1: Will changing the default port from 37777 to a non standard port prevent this particular hack? 2: Disabling telnet - it is my understanding that this particular hack is done through the telnet feature although I do not know how do disable it. Thx Share this post Link to post Share on other sites
tomcctv 190 Posted February 28, 2021 5 hours ago, markebenson said: 1: Will changing the default port from 37777 to a non standard port prevent this particular hack? 2: Disabling telnet - it is my understanding that this particular hack is done through the telnet feature although I do not know how do disable it. Hi. This will only block whoever has access remotely and given the details both your above options are inbound connection ....... changing ports or passwords or even local Ip change every month or so is good security practice but your units build dates and software has outbound connection built in to software and you have no control over that. other than not connecting units to internet P2P connection is the main problem ..... setup or not by you ..... the units still setup to a China server and that’s the pathway back to your units..... server is we’re the hack starts....... no port needed no password needed dahua have paid a heavy cost over this use of software along with hikvision some of us have had to deal with a lot more than 30 units are all your units at one location or are you talking customers Share this post Link to post Share on other sites
markebenson 0 Posted March 1, 2021 20 hours ago, tomcctv said: "P2P connection is the main problem ..... setup or not by you ..... the units still setup to a China server and that’s the pathway back to your units..... server is we’re the hack starts....... no port needed no password needed" Please explain why our equipment would communicate to a China sever. We do not use ddns service. We use our own static ip. I do all networking, we own our routers. No third party. The 30 units are at different locations. Thx Share this post Link to post Share on other sites
tomcctv 190 Posted March 1, 2021 Hi. 45 minutes ago, markebenson said: Please explain why our equipment would communicate to a China Because the software instructs you recorder to connect to China server same issue with hikvision .... that model was designed to do the connection 55 minutes ago, markebenson said: I do all networking, we own our routers. No third party. The third party is your recorder P2P even if you did not pick the P2P setup once recorder is connected to the internet it will setup there is a device called the ARM plug which connects to network cable before it enters the recorder which detects unauthorised connection but it depends on your type of business if cost is viable.... are all systems individual customers or a corporate setup what location are you in ? for more about your problem google dahua hikvision ban also dahua botnet hack 2013 to 2017 Share this post Link to post Share on other sites
markebenson 0 Posted March 8, 2021 I am in Florida. We use a router with a built in firewall. Both the Wan and lan have a static ip. Ony port 37777 is open and for inbound only. Outbound traffic is blocked. The dvr could only be using port 37777 or perhaps doing something over port 80 In which case port 80 can be taken off the menu in the dvr settings as well. I find no evidence of traffic with China in our router log. What i did find the last time this machine was hacked a few days ago is a login from an unknown IP which traces back to Poland. Would not changing or adding firewall rules to this port prevent reoccurance? Share this post Link to post Share on other sites
tomcctv 190 Posted March 8, 2021 10 hours ago, markebenson said: What i did find the last time this machine was hacked a few days ago is a login from an unknown IP which traces back to Poland. Would not changing or adding firewall rules to this port prevent reoccurance? The ip is Amsterdam being used in 3 locations in Poland so you can’t find the start changing ports or passwords will not help .... you can sell your system on eBay to Mexico and the new owner will still have the problem also don’t think it’s a little guy sitting at his computer attacking your system look at the time of each action in your log it’s all the same time which indicates an attack without a software change you can’t stop it other than remove dvr from internet Share this post Link to post Share on other sites
markebenson 0 Posted March 11, 2021 Thank you for your input. I know the passwords would make no difference. Its certainly a bug put on the net to mess with dvrs. Out of curiosity I have changed the port number. I will update the results in a month or two. Share this post Link to post Share on other sites