• October 07, 2024, 07:09:17 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Unauthorized user  (Read 10046 times)

mrdenis

  • Level 1 Member
  • *
  • Posts: 4
Unauthorized user
« on: December 11, 2019, 07:41:30 PM »

Hello. Not sure how active this subform still is but I've tried searching for this issue and can't find anything.

So I've had a DCS-930L for quite a few years now. I changed it's location recently, but still in the same house and network. Today I noticed (and was told by my gf) that someone seemed to be viewing. I looked and sure enough, someone - not me - was connected. I sort of panicked an started logging out of everything and changing my passwords. I changed both the camera and MyDlink passwords, rebooted the camera and no matter what I do, the same IP keeps reconnecting.

I have no clue how this is even possible! I've changed everything so unless there is a security breach I'm unaware of, it's not possible to view the video without the password..?

I<m all up to date on firmware, and using HW Rev.A.

Any idea what's going on here? Bot? But then how is it connecting to my camera after I changed passwords?

Thanks
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Unauthorized user
« Reply #1 on: December 12, 2019, 06:12:54 AM »

Link>Welcome!

  • Link>What Firmware version is currently loaded? Found on the DCSs web page under status.
  • What region are you located?

What Mfr and model is the main host router?

How are you determining there is someone connecting to the camera?
What is this same IP address your seeing?

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Unauthorized user
« Reply #2 on: December 12, 2019, 07:29:27 AM »

Where is the IP address showing up?

What is the IP address? 

You may want to reflash the firmware or downgrade it to see if the ip still shows up.
Logged

mrdenis

  • Level 1 Member
  • *
  • Posts: 4
Re: Unauthorized user
« Reply #3 on: December 13, 2019, 07:42:27 AM »

Thanks for the input!!

  • Link>What Firmware version is currently loaded? Found on the DCSs web page under status.
  • What region are you located?

I'm running firmware v. 1.16.04 (Rev A) and I am in Canada.

Quote from: FurryNutz
What Mfr and model is the main host router?

It's a Linksys/Cisco E5400

Quote from: FurryNutz
How are you determining there is someone connecting to the camera?
What is this same IP address your seeing?

Well I'm assuming something is connecting, I'm not sure. The green LED on the camera flashes and I can see, in the camera's admin page, that there is a user connected from IP 216.167.221.44. I tried tracing the IP but it falls into a pit after a few hops. I've replicated the reboot and change password steps a few times and inevitably that IP shows up again in connected users.

I thought maybe a bot of some sorts is connecting to open cameras, but mine isn't open so it would have to be a security hole, and I can't find any indication that's the case.

You may want to reflash the firmware or downgrade it to see if the ip still shows up.

I'll try when I have a minute but this started at the most a week ago, and I've had this FW since it came out.
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Unauthorized user
« Reply #4 on: December 13, 2019, 08:21:54 AM »

Do you know anyone in Chaska, Minnesota? 

You can try blocking that IP address in your router.

Do you have any ports open to your camera?

Downgrade the firmware to the version before 1.16 and let us know if the IP comes back.

« Last Edit: December 13, 2019, 08:30:54 AM by GreenBay42 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Unauthorized user
« Reply #5 on: December 13, 2019, 08:31:15 AM »

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Unauthorized user
« Reply #6 on: December 13, 2019, 08:55:42 AM »

Can you take a screenshot of your camera where it is displaying the user and ip address and post it? ( I am assuming you are seeing this under STATUS > Active User)? What user name does it say? If it is USER please let me know asap.

Under Maintenance > Admin, are there any users created at the bottom?

Under Maintenance > Admin - Server Setting, disable User Access Control. That should turn off any user except Admin.

Do you have a DDNS account pointing to this camera? I just wonder how this user is getting through your router to the camera (private IP address).
Logged

mrdenis

  • Level 1 Member
  • *
  • Posts: 4
Re: Unauthorized user
« Reply #7 on: December 14, 2019, 06:12:19 AM »

@GreenBay42, yes I totally forgot to say I later traced it to Chaska, but no I do not know anyone in Minnesota.

I'm out of town right now and I disconnected the camera so I can't do anything until I get back, and I did not take a screenshot (wasn't really thinking about that) but yes I do clearly remember it saying USER under Active User.

I don't have a DDNS pointing no, so like you I'm slightly confused how this happened. Can you point me to any doc on this breach if it exists? Honestly I never even realized there was any user access... Fortunately this camera only points in my basement and the most anyone would have seen is me playing with my guard dog or my GF working out (good show lol). But still.... I don't like the idea obviously

Somehow my router doesn't let me block a single external IP, but I'm in the process of changing to another one anyway (this one is just the back up router).
« Last Edit: December 14, 2019, 06:16:49 AM by mrdenis »
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Unauthorized user
« Reply #8 on: December 16, 2019, 08:23:18 AM »

Some of the DCS-9xxL cameras have 2 logins - "admin" and "user" by default. The latest firmware should have removed the default USER account. I have a 930L at home and tried to login using USER but could not with the latest firmware. The UI has removed the default User / password info.

What hardware revision is the camera?  A or B?  If it is A1, development has stopped a few years ago and possibly the user account was never removed.

Easiest fix is to create an account called user and assign it a password. This should prevent that user from accessing your camera. The user would need your public IP address and a way to your camera to login. Possibly a bot but your router should have stopped that since no ports are open unless there is a hole in the router (port 80 generally is used).  Good thing about the user account they cannot see or edit any settings. They can only see live video.

EDIT: Also, in the camera UI under Maintenance > Admin, under Server Setting, disable User Access Control. This will block all users except Admin.

It is California state law now for D-Link USA (based in California) to have users change the password in the setup wizard, as well as assigning unique default WIFi network names/passwords but this being an older camera it did not apply at the time.
« Last Edit: December 16, 2019, 11:53:16 AM by GreenBay42 »
Logged

mrdenis

  • Level 1 Member
  • *
  • Posts: 4
Re: Unauthorized user
« Reply #9 on: December 20, 2019, 10:18:18 AM »

Alright well I made it back home and... well things got weird. Firstly the camera LED doesn't blink anymore and I don't see anyone connected under Status > Active users (which is good of course). But then when I went to Maintenance > Admin, not only were there no users in the list, but my User access is disabled...?

My HW is Rev A so I know it's not actively updated anymore, but my FW is the latest (1.16.04). I followed your advice and still created a user account with a password just in case, but I am completely stumped as to what happened.

Still, thanks very much for the help! If you think of anything else let me know. I'll keep an eye on it for a bit.
D

Some of the DCS-9xxL cameras have 2 logins - "admin" and "user" by default. The latest firmware should have removed the default USER account. I have a 930L at home and tried to login using USER but could not with the latest firmware. The UI has removed the default User / password info.

What hardware revision is the camera?  A or B?  If it is A1, development has stopped a few years ago and possibly the user account was never removed.

Easiest fix is to create an account called user and assign it a password. This should prevent that user from accessing your camera. The user would need your public IP address and a way to your camera to login. Possibly a bot but your router should have stopped that since no ports are open unless there is a hole in the router (port 80 generally is used).  Good thing about the user account they cannot see or edit any settings. They can only see live video.

EDIT: Also, in the camera UI under Maintenance > Admin, under Server Setting, disable User Access Control. This will block all users except Admin.

It is California state law now for D-Link USA (based in California) to have users change the password in the setup wizard, as well as assigning unique default WIFi network names/passwords but this being an older camera it did not apply at the time.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Unauthorized user
« Reply #10 on: December 20, 2019, 11:13:36 AM »

Thanks for letting us know.

Enjoy.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.