01304 827609 info@use-ip.co.uk Find us

Illegal login exceptions - Russian hackers?

A

AndyoSurrey

Member
Messages
13
Points
3
Hi,
This morning I noticed the alarm symbol on my admin screen go red when nothing was happening and I saw that there was a whole bunch of illegal login exceptions. Looking into the log detail I had 16 attempts of a few per second (so I assume something automated) to try to get admin access to my NVR. The log detail lists the IP address of the incoming attempt as 193.106.151.251.

I Googled the geo location of this address and it would appear to be a region of Russia. I guess clever hackers can spoof IP addresses but anyway the mere fact that someone is trying to get access to my system is a worry - although my CCTV cameras are all pointed to the outside of my house so not sure what value seeing my front drive would be for example.

I'm reasonably techie but I do not know how to go about blocking off remote access to whatever route this hacking attempt is using to get access to a remote login port.

I did read somewhere that using the iPhone HikConnect client for notifications meant that security is then compromised. I use this a lot so would want to keep that access but maybe I need to do something to secure that better?

Anyway - I am now a bit paranoid that I have hackers targeting my system so if anyone can assist with advice I would be very very grateful

Cheers
Andy
 
Hi @AndyoSurrey - it sounds like you may have port forwarding configured for remote access to the NVR, but kept these ports as the default.
I'd log into your router and check if ports have been forwarded and if they are the same as explained here, and change those if so:

Hik-Connect - Hikvision NVR using Hik-Connect - alarming for "illegal login" attempts

Just had a chat with a customer who is concerned that his Hikvision 7608-I NVR is pinging audible alarms due to repeated illegal login attempts. He has traced the IP address that the attempt was from to Russia, and is of course concerned. He has his NVR set up for remote access via Hik-Connect...
www.use-ip.co.uk www.use-ip.co.uk

Also, what NVR do you have and which firmware version is installed on it please?
 
Ah thanks for pointing to towards this My NVR is a DS760NI-I28P and running the latest firmware of V4.61.025.
 
No worries, the firmware is the latest as you say, so it's probably the ports :)

This guide might help too for checking these on the NVR:

How-to: - How do I set up remote access to my Hikvision device and change the port numbers that it uses?

To remotely access your device simply means to connect to it while you are using a different internet network to that which your device is connected. If you connect to your Hikvision device which is at home while at work, on holiday, or even at the pub, you are remotely accessing it. The...
www.use-ip.co.uk www.use-ip.co.uk
 
I prefer to use the Hik-Connect service now with P2P and no port forwarding or UPnP (though using non standard ports I wasn't getting any illegal login attempts). It's probably safest to have no port forwarding and the additional functionality you get from the app when using the service is invaluable (I couldn't manage without the push notifications). I'll use the Hik-Connect service and then also add the site using it's local IP address as a backup in case the service goes flakey (which it does from time to time)
 
You must log in or register to reply here.

Similar threads

S
Replace iVMS4200 with Security Spy?
Replies
15
Views
685
saunders1989
S
G
Issues with adding a TandemVu PTZ to my NVR?
Replies
3
Views
306
Greg1676
G
J
Dummy Me! Need Default Password for DS-2CD2042WD-I
Replies
3
Views
573
Jan J
J
S
Remotely connecting into my home ip cams?
Replies
11
Views
154
SeanJ
S
T
Cannot see wired CCTV box in 'MY Sky app' port forwarding list but can in web 192.168.0.1 connection SKY MAX router?
Replies
8
Views
336
THeMiB
T
Back
Top