Have I been hacked?

All my media has gone? Here is what I found in logs:

Nov 09, 2019 09:14:44.829 [0x7efecbbff700] DEBUG - HTTP requesting GET https: //plex .tv/servers/64d3ec1a367b4b2b0e2265e844a3132fa94b4ba9/access_tokens.xml?auth_token=xxxxxxxxxxxxxxxxxxxx &includeProfiles=1&includeProviders=1
Nov 09, 2019 09:14:44.829 [0x7efeb33fd700] DEBUG - Request: [34.245.172.51:57694 (WAN)] GET /identity (4 live) TLS Signed-in Token (somemail @ test.com)
Nov 09, 2019 09:14:44.830 [0x7efedaffe700] DEBUG - Completed: [34.245.172.51:57694] 200 GET /identity (4 live) TLS 1ms 386 bytes (pipelined: 1)
Nov 09, 2019 09:14:44.982 [0x7efecbbff700] DEBUG - HTTP 200 response from GET https: //plex .tv/servers/64d3ec1a367b4b2b0e2265e844a3132fa94b4ba9/access_tokens.xml?auth_token=xxxxxxxxxxxxxxxxxxxx &includeProfiles=1&includeProviders=1
Nov 09, 2019 09:14:44.983 [0x7efecbbff700] DEBUG - MyPlex: updating with 2 access tokens
N

Impossible to saw with the small snip of an altered log-file that you decided to share!

You really need to feed us here, in order to help you!

Did you recently share your server with someone?
https://app.plex.tv/desktop#!/settings/users-sharing

If you did not, please contact https://www.plex.tv/contact/?option=plex-pass-billing to get it investigated.

And update your server software version!

I couldn’t give more than that because the posting limits on a new user I ended up removing code constantly from the full log file to what I posted.

No never shared with anyone. The log files show several IP Addresses looking like they have token access.

Then please contact the address shown above.

Did nothing suspicious show up on my first link above?

Nothing was in there other than myself and my daughter who I added on two days ago.

I put a ticket in through billing as instructed but was only told to change passwords etc which doesn’t help me to know if I had been hacked or not.

To be honest I dont have faith to leave the server running and entrust all my media on it so will likely wipe the server.

That was what I was asking: whether you shared your server with someone. Apparently you did, instead of “No never shared with anyone.”

So this log snippet was likely just the Plex app on her phone contacting your server.

There are also other regular contacts made by the Plex cloud servers, to determine the reachability of your server from different regions of the world.

Your server software version is still rather outdated.

Hi I added my daughter two days ago, the server logs finished 8 days ago, and there was no files there which I noticed when my daughter told me that nothing would play. I checked media folder and it had changes made on 9th November 2019 at 5:12pm (emptied I guess) and last server log was about an hour prior.

As no feedback was available from Plex as to if the server had been hacked I have no faith in the product to just re-upload my files and risk my data being stolen so I have turned my server off and will instead use smug mug for hosting my family videos and photos.

This is a shame considering the hardware investment I made for running my own Plex server for my family. (

just because you may have been hacked, doesn’t mean plex is to fault.

there are all kinds of malware and stuff that can infect any of your devices on your network, and once someone has access inside your network, anything could happen.

We have a saying where I’m from: “Don’t throw the baby out with the bathwater.”

I contacted plex directly, with asking for them to look at my logs to let me know and I was told to change my password.

I am not happy to just change my password and hope that solves it, I wanted someone to look at the logs and see if indeed the server had been hacked. Without this knowledge I am not prepared to use it. Someone could have a token sitting in my server and access it again.

This is a dedicated dell server running on its own subnet not sharing any network resources and not running anything else on the server so no its not been infected by other computers on the network. The computer I use to access the server is scanned daily and clean.

What do you mean by “hacked” anyway? Are you hacked if someone stole your password and logged into your server as a normal user? How should somebody now if it was you who logged in or the attacker?
This would also be your fault and not somebody elses.

Can you upload the log here?

maybe read my first post Coxeroni

Well there is not much information in there…

Still I tracerouted the WAN IP that got access to your server, seems to be a server of amazon.
Have you our your daughter used Plex with any amazon equipment?

My server is unplugged so you havnt pinged mine and the IP listed is not an IP of mine.

We have only been using plex via a web browser or phone app (via IOS).

Jeez, I tracerouted this. From the minimal information that you sharing, this IP is one of the only points where one can start to investigate. So I will not bother you anymore, your decision to quit with Plex seems already made. I don’t even know what happened on your server and this IP could be used from Amazon themselves or from someone using a server hosted at Amazon, what do I know…

Yeah thanks for your help