In my router log, I see several ipaddresses always accessing my Plex server port 32400. One ipaddress is from the amazon.com domain and amazon said it was one of their users that run the MyPlex application that recreates thumbnails or something to our Plex servers. Recently I’ve been seeing another range of ipaddresses from the Time Warner NYC domain also constantly accessing my Plex server port 32400. These accesses are happening all day and night long at periodic but random intervals. So I am concerned that someone is hacking away at my server or is this another Plex company related server that is polling all of our Plex servers for what ever reason(s)?
The plex.tv services, the ones that you get metadata from, are host on Amazon servers, so more than likely those are the IP addresses you are seeing
Hello hthighway, you didn’t read my post carefully… I know that one of the ipaddresses is from amazon and it was explained to me that it was a valid MyPlex service of sorts. But I am seeing also the same access attempts from another ipaddress from the Time Warner Domain. Does Plex company use the Time Warner network too? I am trying to make sure I am not being attacked by hackers. Here is an example of one of the log entries in my router log showing the access from a Time Warner ipaddress 24.193.156.204 :
Jan 6 15:37:39 kernel: ACCEPT IN=eth0 OUT=br0 SRC=24.193.156.204 DST=192.168.1.214 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=13423 DF PROTO=TCP SPT=33964 DPT=32400 SEQ=3306335479 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A1E4998980000000001030306)
I’m thinking it could be a family member accessing my Plex server that is causing all those logged access entries. That would explain it. If you share your Plex with other Plex members, do their Plex servers periodically and constantly poll each other automatically or only when someone manually requests to access your Plex server for content? I am trying to understand and get to the bottom of this.
