ZoneMinder Forums

Dear forum users,

Our Zoneminder portal was breached/hacked or something els went wrong. Our admin user password was gone.
Our ZOneminder is accessible to the internet, so everybody was able to loging and look at our camera's.

I have some questions regarding this :

1. Is there a log on the server where we can check that if a client has access to the portal, what system / camera's they looked into ?
2. Is two factor authentication supported for login?
3. Is it possible to have camera streams available on the internet, but the webportal only from the internal LAN ? Now everyone in the world can access the webportal.

All reactions are very much welcome.

1. If this is a ubuntu/debian system, then
Apache should be logging all requests in /var/log/apache2/access.log or other_vhosts_access.log

2. We do not support 2 factor authentication at this time.

#3. Technically yes. You would use a reverse proxy and only forward /cgi-bin urls.

Hi,

Thanks you for answering question 2 and 3.

We are using a older version of Zoneminder, v1.32.3.
There was no topic with 1.32.x, so I posted this here, I hope that is not an issue.

Zoneminder v1.32.3 uses httpd and webserver, or atleast the version we are using.

Any idea where the httpd logging is located?
Is there logging that show if a user is logged in, to what systems they have access to ?

Does changing password help to log out all existing users or not?

Does changing password help to log out all existing users or not?

Not by itself - but it will make it harder for them to re-connect.

Thank you for the info.