so i’ve port-forwarded plex through my firewall so i can have remote access… when i go to my public ip and the specific port i mapped it to from an outside source (like cell phone tower) i am presented with plex login page…meaning anyone hitting up my ip looking for open ports will find it. not if they don’t know my login i thought no problem. however i logged in with a separate email that has never had a plex account. i could not see any of my personal media, however after hoping through plex.tv the destination address is my server and port with web/index.html… where i can watch news, podcasts, etc… it cannot find any severs, but it still going through my ip to do all this. i do not think this is correct.
That’s exactly what I said. I never said they had access to any of personal media. But it shows my public IP and web/index from my sever. Why can anyone load the web app and use my server for this?
Thanks blim, I was concerned because I recently had my Plex account hacked and trying to find out how they managed to add a managed user, change my account email address. I was concerned it was the fact I had to port forward Plex and open it up to the web. Still seems weird. But your previous post where you asked the same question cleared it up for me. Even though it still kinda bothers me ;).
Yeah, to clarify, there is no security issue here that I can see.
The media server serves up the web interface; this loads for anyone, by design, so that a person can sign into it.
When you sign in, all the data flows directly to plex.tv, including any access to Podcasts, News, etc. Your server just provided the initial web interface.
This does not give a user any access to media on your system.
I noticed it didn’t give them access to anything of mine. I was worried I had done something wrong with port forwarding. Thank you all for the help and clarification.
