Subscriber Discussion

Dahua International Sites Down 13+ Hours, Now Restored

Avatar
Brian Karas
Jul 25, 2017
IPVM

All of Dahua's websites/countries served from the http://www1.dahuasecurity.com/ server (everything other than North America, China and Russia) have been down for 10+ hours today (we first noticed the outage at 7AM EDT, how long it was down before that is unclear).

The pages are returning 404 errors for any resource/URL requested, example:

While websites do go down from time to time, an outage for a major corporate site that lasts more than an hour or two is rare (and potentially a sign of a major underlying issue).

This came to our attention as we were checking firmware links for the Dahua buffer overflow vulnerability report we released this morning. With these sites being down, Dahua users affected can not download the patched firmware.

Update: After 13 hours, the site / links are now active. Download firmware to fix the vulnerability here.

UD
Undisclosed Distributor #1
Jul 25, 2017

Yes but ALL www.dahuasecurity.com servers are up and running 

Please post all the story and not just the part that looks bad.

 

 

Avatar
Brian Karas
Jul 25, 2017
IPVM

That URL/server only serves the US site, unless you know of international sites also on the www.dahuasecurity.com domain.

I pointed out in the original post that the US, Russia, and Chinese sites were not affected.

(1)
(1)
UD
Undisclosed Distributor #1
Jul 25, 2017

As far as I can tell www.dahuasecurity.com has all the dahua websites including the US.

I can get ALL the sites no problem:)

JH
John Honovich
Jul 25, 2017
IPVM

As far as I can tell www.dahuasecurity.com has all the dahua websites including the US.

That's incorrect. www.dahuasecurity.com has links to other Dahua website but they fail, as demonstrated below:

(1)
(1)
UD
Undisclosed Distributor #1
Jul 25, 2017

How odd, I can access all the sites, to double check I cleared my cashe and went deep in to some sites like the Italian one.

I wonder if its an issue thats just showing up in the US.

I am in Europe 

Avatar
Brian Karas
Jul 25, 2017
IPVM

In the US, attempting to access anything using a www.dahuasecurity.com URL redirects you to http://us.dahuasecurity.com/ (which is working).

Accessing any of the other sites from the drop-down that go to www1.dahuasecurity.com returns a 404 error.

 

UD
Undisclosed Distributor #1
Jul 25, 2017

How odd.

Try cut and paste this to see if it works 

http://www.dahuasecurity.com/it/

Avatar
Brian Karas
Jul 25, 2017
IPVM

In my "US" browser, that redirects to the US Dahua site, and returns a graceful "page not found":

In my "UK" browser, it returns Dahua's Italy site (as you would expect).

Avatar
Brian Karas
Jul 25, 2017
IPVM

I just tried accessing Dahua URL's from Tor, using an exit node in the UK. I still get 404's for www1.dahuasecurity.com URLs, but do get redirected to the appropriate UK site when going to www.dahuasecurity.com.

Dahua clearly made some changes to their server infrastructure recently, as we were able to reach the firmware download link for the vulnerability last week, and then it 404'd when testing this morning. Whatever changes they made appear to have a regional effect, resulting in errors for some, and proper pages for others, based on source IP/geography.

UD
Undisclosed Distributor #1
Jul 25, 2017

That would seem to make sense, from this end we don't see any problem :)

Avatar
Brian Karas
Jul 25, 2017
IPVM

This is actually still a significant problem for Dahua. Redirecting website visitors based on geo IP is nice when it works, but the IP databases are not always reliable. On top of that, users that use VPNs or anonymizer proxies may wind up at the wrong site (or, with a 404 error). Additionally requests, spiders/crawlers sometimes originate from foreign IP's, for example if they are run from Amazon EC2 instances.

The good news is that average users can likely download firmware and see the sites. The bad news is that this is still another Dahua engineering/technology snafu where things are not quite fully polished.

UD
Undisclosed Distributor #1
Jul 25, 2017

I agree :)

JH
John Honovich
Jul 25, 2017
IPVM

Dear Dahua distributor,

We posted 'all the story' including in line 2 where we say "everything other than North America, China and Russia". North America is served by www.dahuasecurity.com, China by www.dahuatech.com and Russia by dahuasecurity.pro

not just the part that looks bad

News is inherently things that are out of the ordinary, whether good or bad. We don't post topics like "Axis website still running today" or "Hikvision no new vulnerabilities today" because we like or dislike those companies but because its expected that websites are not down for 10 hours (now 11) in a day, vulnerabilities are not uncovered daily, etc.

Finally, while you are here, how are things with you and Dahua? Presumably your experience is better than this Dahua distributor, yes/no?

(1)
(1)
UD
Undisclosed Distributor #1
Jul 25, 2017

What makes you think I am a Dahua distributor:)

(1)
JH
John Honovich
Jul 25, 2017
IPVM

Because we can see the domain of your email address and your website prominently promotes Dahua.

This is germane to someone criticizing our coverage of Dahua. I am not sure why you are belaboring this. You will simply draw more attention to this.

(1)
(1)
UD
Undisclosed Distributor #1
Jul 25, 2017

I know you know who I am as I registered with my real details, I am not hiding and I amnot trying to criticise you coverage of Dahua.

I think IVPM makes a valuable contribution but i do think it's easy sometimes to jump at the first sign of a problem.

If this then turns out to be not the full story it devalues the important information that is posted.

Not looking for a fight

I did however find it a little odd you disclosed me as a dahua distributor when I posted as undisclosed distributor.

 

:)

UD
Undisclosed Distributor #1
Jul 25, 2017

The reason for my comment regarding just posting bad news is that with a little checking you would find that www.dahuasecurity.com is working and ALL the other sites can be accessed by a drop down on the home page.

Your original post makes no reference to this.

I think it's very important to be careful to keep a balanced view in order to ensure when genuine issues are uncovered they carry the weight they should.

:)

RS
Robert Shih
Jul 26, 2017
Independent

Actually, they weren't accessible through the drop down menu at all. They only showed up on the drop down list. No other nations were working except the North American and Chinese sites. And yes, I sell Dahua.

Edit: Didn't know about Russia, but didn't test them. UK and Australia were definitely no goes though.

(1)
UD
Undisclosed Distributor #1
Jul 26, 2017

Looks like somthing strange happend, I am in the UK and in could access all the sites on www.dahuasecurity.com no problem.

I wonder If it's somthing to do with the DNS and it's taken time to populate an update they carried out.

 :)

JH
John Honovich
Jul 26, 2017
IPVM

Update: After 13 hours, the site / links are now active. Download firmware to fix the vulnerability here.

UD
Undisclosed Distributor #1
Jul 26, 2017

Something odd is going on as I still cant access anything on www1.dahuasecurity.com domain, but you say its now available in the US.

But www.dahuasecurity.com is working and as far as I can tell have not gone down at all. ( at lease from the UK)

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions