Can we get a log file that has just the login attempts? Success or fail?
This would make something like fail2ban easy to use. A user could specify the number of login attempt failures before the IP address is banned. I’ve tried to do this with the existing debug log but you have to turn debug on to get this info. And that log file can get large quickly.
Thanks for your suggestion. I suppose the main challenge on this one will be that users don’t authenticate on your server but on Plex‘ backend. They’ll only get to your server after being authenticated…
if you turn debug mode on and do a regex search in the log (401). You can actually find the login failure. The issue is you have to have debug enabled and that can fill a file quickly. If they created a log with the access attempts it would be easy to IP ban someone hitting your server. One of the main things I dont like about the “remote connection” is that if someone knows your IP address they can enter it manually with the port ID and hit the login prompt. Port scans could reveal this info fairly easily.
I’d prefer to ban IP’s that might attempt to do this and not have my IP associated with flooding plex with authentication requests.
The login is not against your machine, but against plex.tv
And fail2ban is already implemented on there
Try it go to your external IP address and port. Your user ID (your email) is displayed they only have to guess your password. If they fail your password they not only lock themselves out of the account they lock YOU out of the account because it’s a fail against your account. Basically a denial of service attack.
Maybe the correct solution is get them to stop revealing account info if someone goes to the external ip and port. I personally would prefer to have the ability to ban the IP from future attempts.
I think you’re mistaken…
If you open your server – no matter if this you’re using the public IP / port or the local IP:32400, while you’re not yet signed in, Plex will bring up a login dialog from app.plex.tv. If you’re already signed into the web app in that browser, Plex will offer you to sign-in using those credentials.
If you open the same IP using a private window (or a browser where you’ve not yet signed in), Plex will show you no e-mail / account / …
If somebody else opens your server’s IP, they’re asked to sign into Plex Web – they’re not seeing your e-mail address or account ID.
No, it isn’t. That is your web browser helpfully filling it in. Other people don’t have your browser data.
You are correct. Something I am happy to be wrong on.
Anyone else having issues with plex right now? can’t seem to connect.
