Last night I got this email alert from my cam that looks like it's logging illegal access to my storage from a China IP address. I'm looking for clarification on if this means my camera has been hacked/compromised. If Amcrest software can alert me to it isn't there something they can do to instead block the access?
I of course have the necessary camera ports exposed on my firewall so I can access it outside my network. Has anyone else seen this type of message? I'd like to avoid my camera contributing to a botnet somewhere. Thanks!
Got the same alert from the exact same IP address late last night as well. Haven't had a chance to login to the camera directly to look around to see if anything else is amiss but my understanding is that this would be an alert for multiple failed login attempts based on your settings.
interesting, thanks! I'm glad the alert settings worked. i'm happy to be informed of these attempts, the content of the alert just looks more like a successful attack than a thwarted one!
I have a IP2M-841B and received similar alerts a few times over the past 3 - 4 months and often it is like 15-20 alerts a night when it happens. Checking the IP addresses, the access attempts appear to be from all over the world mostly Russia and Eastern European countries but also a few attempts from Mountain View CA.
Below are some of the illegal access alerts I have received:
The very first time this happened, I contacted Amcrest and they had me wipe out and fully reset my security camera, claiming that someone had illegally accessed my camera. This thread however seems to indicate that
With this happening as frequently as it is, I have simply unplugged my camera.
I'd appreciate some input from those who know more about these cameras than I do.
1. Are these just alerts notifying me that someone tried to access my camera or did they actually gain access to it?
2. If someone was able to access my camera and use it for whatever reason, what am I doing wrong?
3. I have already wiped it out and set it up from scratch a couple of times including changing passwords a few times. What else can I do to stop this from happening?
My network got hacked just before Christmas, I believe by using my camera to gain access to the network. My router was trashed and has been replaced. My cameras are now setup with incorrect/non-existent gateway and DNS addresses so they are unable to connect to or be accessed from the internet.
I know it's not a solution that most people would be happy with but it works for me.
My AMCREST Cameras:-
2 x IP3M-941B firmware V2.620.00AC00.3.R, Build Date: 2019-12-18
1 x IP2M-841B firmware V2.420.AC00.18.R, Build Date: 2019-08-03
The Host_Address doesn't make any sense. The camera tried to attack itself? To trigger the alert someone should have tried to login with incorrect password at least 10 (as per my settings).
It is a shame Amcrest doesn't let you change the default "admin" username. That would add one more obstacle for an attacker to deal with.
@longedge Can you please tell me how you did that "setup with incorrect/non-existent gateway and DNS addresses" It is somewhere under Setup > Network settings?
longedge wrote:My network got hacked just before Christmas, I believe by using my camera to gain access to the network. My router was trashed and has been replaced. My cameras are now setup with incorrect/non-existent gateway and DNS addresses so they are unable to connect to or be accessed from the internet.
I know it's not a solution that most people would be happy with but it works for me.
I guess your solution is better than mine. I have my camera unplugged and has been this way for the past 2 weeks.
It appears that these cameras are hacked quite often and makes you wonder why Amcrest isn't addressing this issue.
