I believe my account was hacked last night. Some one removed all of my libraries and changed my server name to “Cornwell is a plex thief”. I immediately changed my password, and started adding back my libraries. But I noticed that i was signed in as “[redacted]”. This is not my email address, or login. Not sure how to fix this either. Anyone have a clue how this happened?
Ok, well I tried logging in and out that didn’t seem to do it. Until I signed the server out on the server tab and signed back in. Now I am signed in with my email address. That problem is solved, but does anyone have any idea how this happened, or how to prevent it in the future?
I gave some advice in an earlier thread with similar content - https://forums.plex.tv/discussion/221027/my-plex-got-hacked - see if the answers in there might help you along.
I guess it was not your account as such that was hacked, but someone gained access to your server because it was reachable without requiring user authentication from the internet.
When it happens, it is usually because the server was configured in an unsecure way. Please provide some details about your server. OS, did you use a preconfigured “container” of PMS etc.
Until then, see https://forums.plex.tv/discussion/comment/1205875/#Comment_1205875
Thanks both for your quick responses. I am running Windows 7; server version 1.0.0.2261. I do have remote connection enabled, and have the server shared with a couple of close (computer illiterate) friends. That being said I added and set the disableremotesecurity to 0, and changed the allowed ip addresses to read as instructed. Not exactly sure what you mean by a “preconfigured container”. If I understand correctly, no I downloaded it clean from Plex, and adjusted the settings to allow for my needs/wants.
whoooooooops
I am only so experiecned but to me that reads disableremotesecurity = NO/off (0) it is a double negative.
@gv1cl0 said:
I am only so experiecned but to me that reads disableremotesecurity = NO/off (0) it is a double negative.
Trudge already corrected his post. 
If you are comfortable with this, one of us Ninjas can try and call up your server to see if it requires login credentials.
If you’d like to perform this check, send me a PM with the public IP and portnumber you are seeing under Settings - Server - Remote Access.
So, did you put your Plex server machine into a Virtualised Environment?
Did you put it into the DMZ (de-militarised zone - setting in your router)?
Did you install additions to Plex, like PlexWatch, PlexPy, Plex Tools etc.?
OttoKerner, I would love for you to check but at this time, my computer is off. That being said, to your other questinos
No I have not put Plex into a Virtualised Enviorment.
I do not believe I have put Plex into the DMZ. I will have to check my computer is on, later today.
No, I have not installed any additions.
@gv1cl0 said:
No I have not put Plex into a Virtualised Enviorment.
I do not believe I have put Plex into the DMZ. I will have to check my computer is on, later today.
No, I have not installed any additions.
That makes things easier.
Do change your plex account password as recommended in the other thread, which @Peter_W linked above.
Done. I changed my password way before I posted my first message.
Can you recommend anything else to make my PMS more secure?
Thanks
You can require login per email address, instead of plex username.
Makes it harder for attackers who only know your forum user name.
Will do. Thanks for your help.
