Yesterday, I updated my server to 0.9.16.3. Shortly after, I realized that a user I deleted a few months ago was streaming video from my server. I shutdown my server, and started it back up. Immediately after starting my server back up, I noticed that the deleted user connected right away, and was streaming the same video. I’m not sure the specifics on how Plex connects to other agents/servers, but I looked at my logs, and saw an IP associated with the user. I blocked that IP in my pfSense firewall, however, the user was still able to stream. I can attach the logs, if needed. The auth tokens are XXX’d out. It appears the user connected with a super token, as I found these in the logs (verbose logging enabled).
Mar 28, 2016 23:22:07:056 [2780] DEBUG - Auth: Came in with a super-token, authorization succeeded.
I was wondering if there’s any method to block this user from streaming my videos?
Unless you shared with the user your own plex credentials, this should not be possible.
Is your server running on FreeNAS / FreeBSD?
For safety, inspect both your ‘Plex Home’ and your ‘Friends’ user lists again. (under Settings - Users)
As a first counter measure, change your own Plex password.
go here: https://plex.tv/users/edit
set your cursor into the field ‘New password’
this will trigger this checkbox to show up: tick it
This will invalidate all client’s access tokens, so they have to re-authenticate with your server. Those users who are still eligible to access your server will have no trouble doing it, but the ‘removed’ user won’t be able to do it.
This user does not have my Plex creds. I took the countermeasure of changing my password, and forcing the sign of all connected devices yesterday, but the deleted user/friend was still able to connect.
Confirmed that the user is not in Plex Home or Friends lists.
The user was still connected last night after these steps were taken…
Is there further information I could provide to resolve this?
Please PM me the user’s user name.
Which platform does your server run on?
PM’d
Windows 7 Pro x64 on a VMware ESX host.
Did you set the advanced server preference disableRemoteSecurity ? (which would be a very bad idea)
https://support.plex.tv/hc/en-us/articles/201105343-Advanced-Server-Settings
No, disableRemoteSecurity is not an entry in my Windows registry under Computer\HKEY_CURRENT_USER\Software\Plex, Inc.\Plex Media Server.
@burlingamepj said:
No, disableRemoteSecurity is not an entry in my Windows registry under Computer\HKEY_CURRENT_USER\Software\Plex, Inc.\Plex Media Server.
Good!
Do you remember, how you did remove the user? which app did you use to do it? Do you still remember which screens you went to?
It turns out, your sharing information is in a weird state. We’d like to investigate.
Secondly, could you please share a screenshot from your Settings - Users - Friends page? (per PM, as before)
Sure, when I removed the user, I was doing it in Chrome on the same host that my Plex Server runs on, so the WebUI. In there, I went to Settings --> Users --> Friends. Then, I click the red X to delete the user. It was about a month ago, so I’m not sure if I was prompted to confirm or not.
PM’d screenshot of my friends page.
thanks for the screen shot!
It turns out you are still sharing with 2 other users.
Do you want us to destroy both shares, or just the one you wrote me about?
I would like to disable/delete/remove sharing with all users. My goal is to not share with anyone.
Been following this thread and just wondering if @OttoKerner could share how this happened or what happened that allowed the users to keep having access after they were deleted on users end?
@n0x1ous said:
Been following this thread and just wondering if @OttoKerner could share how this happened or what happened that allowed the users to keep having access after they were deleted on users end?
That’s what we were trying to find out internally.
But we just found out that although both sharees were removed from the Friends list, but their shares were not destroyed at the same time (which really should happen at the same time, and which actually happens everytime we test this now).
@burlingamepj your ‘ghost’ shares have been removed now.
You may want to restart your server to make absolutely sure it ‘gets’ the changes.
We will keep on investigating the cause, especially whether other user are affected too.
Thanks!
I’ve restarted my Plex server. I’ll continue to monitor streaming activity, and update here if I see a ‘ghost’ user connect.
@OttoKerner, not sure if something was changed internally at Plex, but a different issue has come up. Since it seem unrelated, I opened in a different category.
I have the same problem I have a user that keeps playing even though it is not in my friends list … try to find it and it is not in addition to everything try to add it to delete it and tell me that it already exists.
Feel free to PM me the username that this is occurring with.
