I didn’t know it existed so I’m posting about my experience here, along with a question about the security of my server.
I was on facebook looking up groups about plex and it turns out they’re nearly all shady groups that should be shut down. On that topic I discovered that they use the website https://www.shodan.io and search plex and sure enough public IP addresses show up. Then they post those IP addresses that get into Plex servers. I didn’t think it could possibly be that easy so out of disbelief I clicked a link and up comes someone else’s server.
I didn’t think it was possible to do that (so easily) so, the obvious next question is… how secure is my plex server? Should Remote access be turned off?
and the port was? Let me guess - 32400.
What are the chances someone will run through all the ports checking for my non-standard port?
What happens if they find it?
What happens if they hack their way into it?
What happens when they try to watch my media through my 6Mbps upload pipe?
Let me tell ya what will happen, they’ll go looking for somebody else’s server 'cause mine sucks!
LOL
I wish them all the luck in the world - enjoy a few episodes of Perry Mason (those will stream OK) until I change my port and my password, then they can start all over.
Chances are the servers you are finding are running very out of date pms or have the disableSecurity flag set.
@adamskoog said:
Chances are the servers you are finding are running very out of date pms or have the disableSecurity flag set.
… and I think about that every time one of these threads pops up wanting info about how to downgrade to a previous version because it’s OP can’t be bothered fixing their issue so they can use the latest version, and/or deal with Plex’s bug army until they can get it fixed. <— that can be annoying - there’s no denying that fact, but it’s not worth downgrading, IMO.
@adamskoog said:
or have the disableSecurity flag set.
Is that a setting in the GUI?
Clients can ‘fallback’ to an insecure connection partially or completely and - if adventure is something you enjoy - Plexweb/Settings/Server/Network will allow you to live ‘adventurously’.
Options include: Required, Preferred and the adventure of Disabled.
That’s what I figured, just wanted to double check that it was the setting being referred to. Thanks.
@TurboJailer said:
Is that a setting in the GUI?
No it is a hidden setting in old versions of PMS. It has always been hidden.
But some user made a prepackaged, unofficial version of Plex Server for FreeBSD and set this preference to ‘active’.
Every user on FreeBSD/FreeNAS who used this pre-packaged version was vulnerable.
Current versions of PMS ignore the setting.
