• March 28, 2024, 02:06:06 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2] 3

Author Topic: Cameras Hacked!  (Read 47096 times)

cardinalsfan

  • Level 1 Member
  • *
  • Posts: 13
Re: Cameras Hacked!
« Reply #15 on: February 07, 2014, 06:29:53 AM »

Does your router have hidden WiFi? I would hid the SSID after you change it and the PW.

What ISP modem do you have? You might just wired direct to the ISP modem with one PC for now until tomorrow. Turn OFF the WiFi or just disconnected the router and turn it off.

You might go ahead and remove the camera from mydlink.com for now as well. You can add it back later...

No, the SSID is not hidden.  My modem is just a standard modem issues by my ISP.  It does not include wifi, only my router does that.  I turned the router off last night.

I let lastpass make a new password for the dlinksite, it should be very hard to crack.  All my computers have had malwarebytes run and all issues removed. 

I think (and hope) it's just someone messing around and now it'll hopefully be too tough for him to mess with so he'll give up.  I guess we'll find out.

My main worry is that it's someone planning to rob the house again and he's going to turn off the cameras and commit the robbery so there are no images of the act.  I'm pretty sure it's just some punk messing with us. 
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cameras Hacked!
« Reply #16 on: February 07, 2014, 07:16:29 AM »

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

What I meant is to disconnect your main host router and connect your PC up to the ISP modem directly for a while. This will eliminate any un-authorized Wifi or LAN connections. Just one PC and the modem. This will allow you to reset and change all web site and email PWs. Then I would connect one wired PC to the main host router and factory reset the router while it's not connected to the ISP Modem. Factory reset the  router with one wired PC connected to the router and get it configured. Setup new SSID and new PW on WiFi. I would hid the SSID from being broadcast, this will help some. Then set up the camera to the router. I believe you can input the hidden SSID name and PW and it should connect to the router.

Once you have the router and camera net up, go live with the router and camera. I highly recommend that you leave the camera un-registered with mydlink.com for a time until you can ensure that nobody is doing anything with the router and camera locally. Once you do that, and you know you have re-set up the mydlink.com with a new PW, then go and re-register the camera.

You need to configure the router and camera off line before going on-line with them. This should help stave off any un-authorized users.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

cardinalsfan

  • Level 1 Member
  • *
  • Posts: 13
Re: Cameras Hacked!
« Reply #17 on: February 07, 2014, 07:22:47 AM »

I see what you're saying.  I'll work on doing all that this weekend. 
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cameras Hacked!
« Reply #18 on: February 07, 2014, 07:38:39 AM »

Keep us posted...hope we can get this nailed down and more secure... ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cameras Hacked!
« Reply #19 on: February 07, 2014, 09:07:02 AM »

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic
Re: Cameras Hacked!
« Reply #20 on: February 07, 2014, 09:45:17 AM »

I think this all happened because I didn't change the username/password from the default after the firmware update and it was easy for him to get in.

This part of your original post (referenced above) confused me from the get-go. Performing a firmware update on the DCS-932L will not impact the stored username/password combinations that you've previously defined. That said, there are only three ways the default password (blank field) can be re-instated: (1) a new password was never selected when you originally configured the DCS-932L out-of-the-box; (2) you reset the DCS-932L to the factory default settings; (3) you manually changed the password back to a blank field.
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC

cardinalsfan

  • Level 1 Member
  • *
  • Posts: 13
Re: Cameras Hacked!
« Reply #21 on: February 07, 2014, 11:23:42 AM »

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

Cox Cable
Cisco DPQ3212
Logged

cardinalsfan

  • Level 1 Member
  • *
  • Posts: 13
Re: Cameras Hacked!
« Reply #22 on: February 07, 2014, 11:29:06 AM »

This part of your original post (referenced above) confused me from the get-go. Performing a firmware update on the DCS-932L will not impact the stored username/password combinations that you've previously defined. That said, there are only three ways the default password (blank field) can be re-instated: (1) a new password was never selected when you originally configured the DCS-932L out-of-the-box; (2) you reset the DCS-932L to the factory default settings; (3) you manually changed the password back to a blank field.

My rebuttal for each item:

(1): I selected a new password for each right after I installed them last April.
(2): I haven't done this
(3): I didn't do this either

I had the password set before the required firmware update and afterwards it went back to the default.  It didn't change any of my other settings.  I know it doesn't sound right but I promise you it's what happened.  I even remember wondering why my password wasn't working when I tried to log in after the firmware update.  I didn't think much of it and left it alone.

If it makes any difference, I updated the firmware from the house from the mydlink site.  Maybe that's why it got changed.

Either way my network and cameras are locked down now.  All passwords have been changed and most now use 10 digit generated passwords to be more secure.  We'll see what happens from here. 

Thanks for all the help everyone, I'll update later if this continues to happen. 
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cameras Hacked!
« Reply #23 on: February 07, 2014, 11:49:55 AM »

I recommend from now on, anytime you do FW updates, ensure the the PW has remained or just input a new PW that way you know for peace of mine that PW is in place and has been changed by you only.

Keep us posted.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

cardinalsfan

  • Level 1 Member
  • *
  • Posts: 13
Re: Cameras Hacked!
« Reply #24 on: February 07, 2014, 11:57:28 AM »

I recommend from now on, anytime you do FW updates, ensure the the PW has remained or just input a new PW that way you know for peace of mine that PW is in place and has been changed by you only.

Keep us posted.

That's a very good idea.  No matter how it happened, it's my fault that the PW was the default and was able to be hacked.  I still have no idea how he got in but I've locked down as much as I can.  We'll see what happens from here. 
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Cameras Hacked!
« Reply #25 on: February 07, 2014, 12:25:54 PM »

 ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic
Re: Cameras Hacked!
« Reply #26 on: February 07, 2014, 01:44:04 PM »

Also, you can log into your web UI and change your password at any time if you feel it's been compromised, and only log into the web UI from a PC that you are confident is secure.

MAINTENANCE > Admin > ADMIN PASSWORD SETTING.
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2254
Re: Cameras Hacked!
« Reply #27 on: February 07, 2014, 07:35:37 PM »

I hesitate to take them offline but I guess I have no choice right now.

I think he's been in my email (the one I use to send the motion detection emails) and gmail logged his IP.  Well, it logged an IP from Firefox, which is a broswer I never use.  It also had log ins from times I haven't been on so unless it was the camera, it was him.  Anything I can do with that IP address? 

Block it in your router?

What router are you using?

Do you need port forwarding?

There are papers out there on how to hack these Cameras...And also how to search them out.

What OS are you using? Which Windows ...? Or Mac...?
What router are you using?

Some dcs camera logs show ip address accessed from. ..


Logged

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2254
Re: Cameras Hacked!
« Reply #28 on: February 07, 2014, 07:49:24 PM »

You can also do a whois lookup. . Or Google his ip... which is probably hacked to.

Trace route also. .nslookup..
Logged

cardinalsfan

  • Level 1 Member
  • *
  • Posts: 13
Re: Cameras Hacked!
« Reply #29 on: February 08, 2014, 07:36:32 AM »

Block it in your router?

What router are you using?

Do you need port forwarding?

There are papers out there on how to hack these Cameras...And also how to search them out.

What OS are you using? Which Windows ...? Or Mac...?
What router are you using?

Some dcs camera logs show ip address accessed from. ..


I don't think blocking it in my router will work as I'm more and more sure he didn't access the cams locally.  I use a Dlink DIR-655.  No need for port forwarding either.  I didn't know about the papers but between that and the default password, that might explain how this happened.  We have win 7 and win 8.1 computers in the house and 1 mac.  These cameras don't log IPs. 
Logged
Pages: 1 [2] 3