Foscam Forum • View topic - Security Concern with MyFoscam.org

Important Message from Foscam Digital Technologies Regarding US Sales & Service

Foscam.US (aka Foscam Digital Technologies and now Amcrest Technologies) is an independent United States based distributor of "Foscam" branded products. We have been offering telephone support, US local warranty and building the Foscam brand in the US for the past 7 years. Based on our experiences with Foscam and feedback from end users we have launched our own new and improved line of wireless IP cameras and security systems under the Amcrest brand. Working in partnership with the second largest security camera manufacturer in the world, Amcrest was founded with a deep commitment to end-user privacy and security, highly reliable software and hardware as well a seamless and intuitive user experience. For more information, please visit www.Amcrest.com

If you are having trouble with your Foscam cameras, we sincerely apologize for this inconvenience and would love to help. For technical support, response to inquiries and for obtaining replacements for any Foscam IP Cameras or NVR products, please reach out to tech@foscam.com or call 1-844-344-1113.

If you are interested in exchanging your Foscam camera for an Amcrest camera, we can offer you a massive loyalty discount, even if you are out of warranty. Please send an email to support@amcrest.com, sales@amcrest.com or call 1-888-212-7538

If you are subscribed to Foscam Cloud (www.foscamcloud.com), please contact cloud@foscam.us for support.

If you currently use the manufacturer's cloud service (www.myfoscam.com or linked in any way to www.foscam.com), you will need to contact them directly for support, at www.myfoscam.com.


Security Concern with MyFoscam.org

Users can ask and answer questions regarding Foscam IP Cameras

Moderators: mycam, FOSCAM

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Fri Dec 14, 2012 4:47 pm

Avacomtech Inc wrote:As stated in my prior post this is a new camera with a "NEW" UI. I can't post an image of it at the moment but hopefully you can get the gist with just the text representation.

DDNS Service Settings

Manufacturer's DDNS
Manufacturer's Domain xx0712.myfoscam.org
Validity Queries

Third Party DDNS
DDNS Service None No-Ip Oray.net ...
DDNS User
DDNS Password
DDNS Host
DDNS or Proxy Server
DDNS or Proxy Port

myfoscam.org wasn't even a choice in the previous UI. This "pre-installed" DDNS is hard coded into the camera now. Have you seen the new UI ? It's now an eye pleasing light blue.

Ray


Ray, please understand and don't take it personally. I could care less if the new UI does this or that.

My methods shown here, are using the CGI commands, which have not changed and have nothing to do with the UI or what it can do now, or what it could do before or anything that has changed in the UI.

Which is in fact, why I show how to use the CGI commands vs. showing how to use the UI.

The CGI commands have not changed nor are they nor have they been in any way confined by what the UI allows or does not allow.

Yes, the System firmware was changed to add a new DDNS to the DDNS table data, this happens often, it also has NOT removed the ability to set the DDNS to "none" using the CGI command interface with the cameras.

This is no different then being able to turn on "Sound Detection" with or without "Motion Detection" alarms, for camera alarms, using CGI commands. The UI can't do it, but the CGI commands, always have been able to do it, for cameras that have audio.

So, what the UI can or cannot do or what the UI could do and cannot do now, becomes meaningless, when dealing with the CGI command interface. Comparing the two are like trying to compare apples to oranges.

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby Avacomtech Inc » Fri Dec 14, 2012 5:24 pm

My UI method might work better for users who aren't comfortable with CGI. Some people's eyes glaze over at the sight of line commands with multiple arguments. That CGI manual may look like a foreign language to some.

Ray
Avacomtech Inc
 
Posts: 156
Joined: Wed Sep 12, 2012 3:43 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Fri Dec 14, 2012 5:33 pm

Avacomtech Inc wrote:My UI method might work better for users who aren't comfortable with CGI. Some people's eyes glaze over at the sight of line commands with multiple arguments. That CGI manual may look like a foreign language to some.

Ray



Again.

1. The camera will try and contact the Bogus DDNS on camera startup using your methods.

2. The camera will be trying from time to time, to constantly connect to the Bogus DDNS, using your methods.

3. The Camera Status displayed in the Standard Camera Interface that comes with the camera, will show that the DDNS has failed using your methods.

IMHO, the camera has enough things that it is trying to do besides asking it to continually try to connect to something ("That is not even there to connect to") while reporting that those attempts are failing, that is not wanted and not needed, to begin with.

Personally, I don't wish or want any camera I own or sell, to be dropping images to email or FTP uploads during alarms because it's busy trying to connect to a DDNS that does not even exist, at the same possible time, my camera is alarming, because someone is breaking into property I own.

If someone needs help, doing this in a proper way, using the CGI commands? I will be more than happy to provide examples, that can be used. That will work for anyone, wanting to do the same thing and work for all MJPEG based camera models.

Don
Last edited by TheUberOverLord on Fri Dec 14, 2012 9:25 pm, edited 1 time in total.
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby Avacomtech Inc » Fri Dec 14, 2012 5:49 pm

I think posting something that they could just cut and paste would be very helpful. Similar to the get params command listed earlier. Also letting them know that in some cases the only way they'll know they are successful is an ' ok. ' from the camera.


Ray
Avacomtech Inc
 
Posts: 156
Joined: Wed Sep 12, 2012 3:43 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Fri Dec 14, 2012 6:31 pm

Avacomtech Inc wrote:I think posting something that they could just cut and paste would be very helpful. Similar to the get params command listed earlier. Also letting them know that in some cases the only way they'll know they are successful is an ' ok. ' from the camera.


Ray


Ok, here it is.

Do NOT do this using the DDNS of your camera, because during this process, that DDNS will go away. Please use your Local IP Address from within your local network or your current ISP IP address and port for your camera.

To get your current ISP IP Address from within your local network, you can use this:

http://myipaddress.com

The safest method is to ONLY use the following command and not the last one posted here, that has the warning. Which will disable DDNS for your camera, but also allow you to restore factory defaults, at some later date, to reset the DDNS values which are cleared here, that originally came with your camera.

If you decide to use this safest method, then anytime you use your cameras reset button or restore factory defaults for your camera, you will need to execute this command again, to re-remove your DDNS:

xxx.xxx.xxx.xxx = Local IP Address from within your local network or ISP IP Address
#### = Port for camera
Username = Must be an Admin Level User Id
Password = Must be the Password for the Username above.

Note: All the commands below are entered as 1 line in your browser window. The Forum is breaking these lines into more than 1 line when displaying them.

All of the commands will return an OK, in your browser window, when processed, unless there is something wrong with the command. If you don't get an OK back and receive an error instead, check the command and make sure your edited it properly.

Simply click the "Select All" for any command to copy it and change the IP Address, Port, Username and Password, before executing that command in the browser window of your choice. All other command values can be left as is.

Code: Select all
http://xxx.xxx.xxx.xxx:####/set_ddns.cgi?service=0&user=&pwd=&host=&proxy_svr=&proxy_port=&restart_dyndns=0&cam_user=UserName&cam_pwd=Password

To be 100 percent certain, that the command above, has actually taken place correctly, read the information at the link below and follow the get_params.cgi command instructions located there, to visually check what your camera says it now has, for your DDNS information:

security-concern-with-myfoscam-org-t3728.html#p17807

You should see these values for your DDNS now in the results from the get_params.cgi command, which means the DDNS is disabled correctly:

Code: Select all
var ddns_service=0;
var ddns_user='';
var ddns_pwd='';
var ddns_host='';
var ddns_proxy_svr='';
var ddns_proxy_port=0;

To restore the factory DDNS settings, at anytime, without the need to reset the camera or use the restore factory defaults do. So that you do not need to completely reconfigure your camera, just because you want to get the original DDNS back. You can use this command:

Code: Select all
http://xxx.xxx.xxx.xxx:####/restore_factory_ddns.cgi?user=UserName&pwd=Password

To remove the factory DDNS information that was in the camera, so that if and when you ever use the restore factory defaults options or use the cameras reset button, that the Factory default DDNS will never as in ever return.

Please read the information at the link below first! The command below will remove ANY traces of your DDNS forever. You need to save the DDNS values first if you ever hope to restore the DDNS that came with the camera. You could sell the camera, maybe the buyer, wants that free DDNS. You could also change your mind in the future.

security-concern-with-myfoscam-org-t3728.html#p17807

Then do this command. If you truly wish to remove all traces of any DDNS for your camera:

Code: Select all
http://xxx.xxx.xxx.xxx:####/set_factory_ddns.cgi?service=0&user=&pwd=&host=&proxy_svr=&proxy_port=&cam_user=UserName&cam_pwd=Password

To be 100 percent certain, that the command has actually taken place correctly, use this command:

Code: Select all
http://xxx.xxx.xxx.xxx:####/get_factory_ddns.cgi?user=UserName&pwd=Password

Note: At anytime in the future, once the Factory DDNS information has been removed, you will need to use these same set_ CGI commands to restore the original DDNS values that came with your camera, using the data you have saved from the get_params.cgi output. If you did NOT save that data, then most likely, you will never be able to use the DDNS that came with your camera.

For details on these CGI commands, please see this:

download/file.php?id=402

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby skavoovie » Thu Jan 24, 2013 4:35 am

http://xxx.xxx.xxx.xxx:####/set_factory_ddns.cgi?service=0&user=&pwd=&host=&proxy_svr=&proxy_port=&cam_user=UserName&cam_pwd=Password


I can confirm that Don't post instructions works successfully. Thanks Don!


One of my 8910w models came with the following software versions installed:

var sys_ver='11.37.2.48';
var app_ver='2.0.10.2';

Even though I set the DDNS to none in the web ui, it did not obey the setting and still authenticated with the Foscam DDNS service -- even though the webUI was still set to none, confirmed and reconfirmed.

I poisoned DNS for the myfoscam.org site in my home network, and the result was the video feed would freeze about 20-30 seconds after it started. This means that I hard-coded the myfoscam.org domain to a local IP in my network so that the traffic from the 8910 would be routed to a local computer in my home instead of to the Foscam site (hosted on a Linode VPS by the way).

When I removed the DNS poisoning, the freezing stopped, proving that when the 8910 was unable to phone home to the Foscam DDNS server, the camera became unstable and unusable.

What all of you need that LIKE your cameras checking in with Foscam's DDNS service need to consider is what happens when they shut that down myfoscam.org service or it becomes unreachable? Your video feeds will be freezing left and right. I have not found a straight-forward way to submit a bug report as this is a serious bug (well, two bugs: 1- webui DDNS disabling does not actually working, 2- when myfoscam.org is unreachable video stream freezes).

Lastly, the entire concept of a dedicated domain setup for these cameras is just a HORRIBLE idea. A web crawler can start with aa0000.myfoscam.org and work its way through the list to zzz9999.myfoscam.org, etc., at rates slow enough to avoid being detected by Foscam (assuming they even have anti-harvesting protections in place at all), and start testing for cameras with default / weak / common passwords. From there, use the webcrawler to start capturing images from the cameras via CGI calls, add their own admin accounts to make sure they can maintain control, and start blackmailing or selling compromising photos, etc.

I shudder to think of the number of clueless users who have enabled UPNP support to pierce their router's firewall/NAT and have left default or weak passwords on these devices.
skavoovie
 
Posts: 2
Joined: Wed Jan 16, 2013 3:33 pm

Re: Security Concern with MyFoscam.org

Postby kudura » Mon Jan 28, 2013 9:35 pm

I just want to thank skavoovie .


I got to http://aa0003.myfoscam.org/ before hitting the first unprotected/default camera config... in berlin/germany area. way to go foscam!
kudura
 
Posts: 1
Joined: Mon Jan 28, 2013 9:31 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Mon Jan 28, 2013 10:05 pm

kudura wrote:I just want to thank skavoovie .


I got to http://aa0003.myfoscam.org/ before hitting the first unprotected/default camera config... in berlin/germany area. way to go foscam!


Would you mind providing more information on what you are trying to say? Because personally, I don't get your point.

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby Series 1 » Tue Jan 29, 2013 10:58 am

Re: 9821

This gets NTP every 60 seconds. First, DNS lookup, then three hits to the time server. Wait 60 seconds... DNS lookup, then three hits ... Repeat. That's about 12 thousand internet traverses a day (1440 minutes by eight exchanges per) for the time.
Series 1
 
Posts: 14
Joined: Sat Jan 05, 2013 10:33 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Tue Jan 29, 2013 12:10 pm

Series 1 wrote:Re: 9821

This gets NTP every 60 seconds. First, DNS lookup, then three hits to the time server. Wait 60 seconds... DNS lookup, then three hits ... Repeat. That's about 12 thousand internet traverses a day (1440 minutes by eight exchanges per) for the time.


Generally, this is the cycle for all the IP Camera models. When DDNS and/or NTP is enabled. So, this is not specific to this IP Camera model.

Of course, you can disable the DDNS and/or the NTP ("Network Time Protocol") check, if you wish as well.

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

PreviousNext

Return to Technical Support

Who is online

Users browsing this forum: No registered users and 9 guests