1. Visiting from the US? Why not try DIYnot.US instead? Click here to continue to DIYnot.US.
    Dismiss Notice

Hikvision Illegal Logins

Discussion in 'Alarms, CCTV & Telephones' started by skyhawker, 19 Aug 2019.

  1. skyhawker

    skyhawker

    Joined:
    3 Jan 2015
    Messages:
    235
    Thanks Received:
    0
    Location:
    London
    Country:
    United Kingdom
    I am getting quite a few alerts of illegal logins to my system. It is residential setup. Is this something to be concerned about? DVR is Hikvision DS-7208HUHI-K1

    EG:

    This is an automatically generated e-mail from your DVR.

    EVENT TYPE: Illegal Login
    EVENT TIME: 2019-08-18,22:52:05
    DVR NAME: Embedded Net DVR
    DVR S/N: xxxxxxxxxxxxxxxxxxxxxxxxx
     
  2. SpecialK

    SpecialK

    Joined:
    27 Sep 2010
    Messages:
    245
    Thanks Received:
    20
    Country:
    United Kingdom
    Assume its open on a port to the www?
    Change the port if possible or filter by IP address so only you can access it?
     
  3. JohnD

    JohnD

    Joined:
    15 Nov 2005
    Messages:
    58,462
    Thanks Received:
    2,993
    Location:
    21st Century
    Country:
    Cook Islands
    Does it have a password? Is it "PASSWORD?"
     
  4. skyhawker

    skyhawker

    Joined:
    3 Jan 2015
    Messages:
    235
    Thanks Received:
    0
    Location:
    London
    Country:
    United Kingdom
    I will try and change the port. Any guidance what to do?

    The password is a good one. Does illegal login mean they have cracked that?
     
  5. scott1980

    scott1980

    Joined:
    3 Mar 2006
    Messages:
    443
    Thanks Received:
    85
    Location:
    Manchester
    Country:
    United Kingdom
    Illegal login means that someone has attempted to guess the password and failed. I come across it quite a bit on Hikvision systems with internet access (most of them!)

    Are you using Hik-Connect or a static IP/DDNS to connect remotely?

    Aslong as you have a very secure password this should be good enough to keep anybody out (you only get 5 attempts by default and then the machince prevents any further attempts for a set amount of time) My own system uses non-default ports for remote access and I still get between 10-20 illegal login events a month.
     
  6. mattylad

    mattylad

    Joined:
    27 Apr 2008
    Messages:
    6,038
    Thanks Received:
    338
    Country:
    United Kingdom
    Google searches can show a long list of IP cameras and people do go through them looking for something juicy to see.
    could be that
     
  7. robputt796

    robputt796

    Joined:
    25 Nov 2018
    Messages:
    21
    Thanks Received:
    0
    Country:
    United Kingdom
    Unfortunately the second you put something on the internet people will try and login to it...

    There is a website called Shodan which scans the internet (any IP, any port) and stores information about what is out there, you can probably search on there for Hikvision and get to people's login pages... After that it's just trial and error to see if you can get in. Hackers chance this stuff all the time as eventually they'll find one with a weak / default password.

    If you set a decently complex password and keep your firmware up to date the only logins you need to worry about are the ones you don't recognise that get the password correct. I am guessing your using UPnP or port forwarding on your router, it sucks as many home routers do not support blocking IP ranges for port forwarding, if they did you could ban all IPs except for those for your mobile carrier / just UK IPs for example, which would cut out many of the invalid login attempts as they probably originate from somewhere sketchy.
     
Loading...

Share This Page