@FowlerPlexFlix said:
I have that branch in the registry and there is no key named disableRemoteSecurity.
Then there is everything alright in the registry.
Could you PM me the name of the rogue user? I can ask internally about him.
@FowlerPlexFlix said:
I have that branch in the registry and there is no key named disableRemoteSecurity.
Then there is everything alright in the registry.
Could you PM me the name of the rogue user? I can ask internally about him.
Unfortunately I do not have a name of the user, they are logging in is me, so when I see something playing it appears to be me from a different IP. I have also discovered that even after changing my log in username/password/pin and disassociating my managed users requiring them to log in with the new log in info I am providing to them, that they are still able to log in and view without entering the new info. It doesn’t seem to matter if I go into devices and remove all of them, they can still get in, even after doing all of the above and performing a reboot of my PC running Plex and my NAS as well as my ISP router.
The rogue user is logging in as me, so I have no user name for him/her but I do have their IP. I have recently discovered that my managed users have not had to enter in the new username/password I have supplied them after making those changes to my Plex server. I have removed all devices requiring them to log in but for whatever reason they are still able to get in.
I would suggest changing your Google password. If they are logged into your Google account thru chrome and you are using Chrome also, the browser may be updating your passwords for them also. I am not a fan on how Google Chrome will save your changes to all instances of Chrome you are logged into. I had a hijacking just recently jump to all my computer that were logged into chrome with my google account.
What you are describing sounds very much like your Plex server is not requiring any authentication.
Which should only happen if someone set the hidden preference.
But you already ruled that out. So I don’t know what else it could be.
What did you to enable remote access to your plex server?
Any non-standard router configurations, like a ‘DMZ’ or a ‘reverse proxy’ or a ‘reverse NAT’?
sent my log over to you
Did you pick the class A network (10...*) for your home network, or is that something your ISP did for you?
Do you still have a log from when the rogue user accessed?
Could you send me that too please?
I picked it, based off the IP I assigned to my NAS. I no longer have that log available. If I notice that user on again I will do another log dump and send it to you.
So I have made a change to my network and the problem persists. I added a managed switch and created an ACL rule. Not only did that not solve the issue, but I now have a second unknown user logging in with my credentials.
@FowlerPlexFlix said:
I added a managed switch and created an ACL rule.
What ACL rule are you referring to? On your server, or your router or somewhere else?
I have a managed 24 port switch that I created the rule on.
ISP modem/wireless router->managed switch->everything else hangs off of the switch. I created an IP ASL (new to me so maybe I didn’t do it correctly).
One of the ninjas tried to access your public IP and got the proper challenge for user name and password. So your server is secured in an orderly fashion.
Now we must find out how these rogue users are able to access you.
You account says you are sharing with 15 other users.
Are you aware of this fact?
Have you recently joined another person’s Plex Home?
You can find out by going to Settings - Users - MyHome
Take a look at the User avatars. Your own avatar should have a little yellow crown beside it. If there is no crown, or it is on another user, then you have (unwittingly) joined another user’s Home. You need to leave this Home then, or the owner of this Home can switch and become you at any time.
Do also take a look at Settings - Users - Friends
Do you know all persons listed there?
Did you re-invite persons on Oct. 5th to your server?
Do you have a PIN set on your account?
If not, everyone of your Home users can switch and ‘become’ you.
And if you have a PIN already, change it.
Good to hear it appears secure from the outside. I am aware of 13 managed users + me, I didn’t see 15. I also have a pin enabled to keep them separate from me. I haven’t joined any new Plex homes I am aware of. I looked at all of my friends (2 of them) and know both of them. I did re-invite all of my managed users again on the 5th after I made changes to log in requirements. I have changed my pin 2 times in the last few weeks, I will change it again though. Is it possible if someone is using an older version on the Plex app (prior to pin requirement) they could still access my account?
@FowlerPlexFlix said:
Is it possible if someone is using an older version on the Plex app (prior to pin requirement) they could still access my account?
No. Those old apps won’t be able to access your server at all.
Do you have the log with the latest rogue access? Please send it over.
Here’s a thought:
If you have 13 managed users, only one of them needs to be on a compromised machine. Since technically, all of those managed users initially log in to your account. Only later they switch to their sub-account.
Do these 13 users all live in your household?
It is not recommended to include people who are not living with you, simply because of the relative ease to get to your access level. (4 digit PINs are relatively fast to brute-force through)
Think about switching people who are not close to you into their own plex accounts (as ‘Friends’).
Very good point, I will consider which users can do that. None of the users live with me, most are family that are not to savvy with technology. I will see if I can access the log and send it to you.
Just sent you my recent log
@FowlerPlexFlix said:
Very good point, I will consider which users can do that. None of the users live with me, most are family that are not to savvy with technology. I will see if I can access the log and send it to you.
Um, no one other than your wife and kids who actually live in the same house should be in your home group and even then they should still all be on their own accounts for better security. Everyone else should be friends. This is your first step in eliminating the issue and only you should be logging in with your account info.