Hi ,
Just noticed that my library names have been changed into insulting words.
So, someone has acces to my plex server settings…
What can i do to prevent this from happening in the future ??
i already changed my password from my plex account
Damn… this sucks
(plex media server for windows , latest plexpass version)
First you need to determine if windows is hacked. It’s the most likely candidate given all the malware out there.
Next, change Plex’s external port or simply shut down external access to help isolate the intrusion path.
To put your names back, you can use one of the database backups. I am currently mobile and can’t get the link. Search for database recovery in the support documents and follow the procedure.
Remember to check that little box below the change your password-field that disconnects all connected devices. Otherwise the culprit might still have access. Another good thing is to change so that you can only login with your email (instead of the username visible here). I’d also check that your preferences.xml does not contain the “Disable Remote Security=1” - it should be set to 0. Given you’ve got the latest PMS release, local authentication should already be enforced so the issue with NAT by a lousy ISP shouldn’t be in affect, but if you for some reason are behind in upgrading to the latest version this might be an issue to look at as well.
Hi Thanks for the quick response…
My plex server is a standalone pc … it won’t be used to surf the internet.
I also noticed that there’s an 2Mbit/s upload when plex server is running.
(there are no movies playing)
Shutting down the remote acces , does not help … the upload keeps around 2Mbit/s
After Schutting down plex server, the upload will drop to 1 Kbit/s
I recently updated my plex server to the latest version… i dont now if this causes the hight upload
Just finished scanning my pc with malwarebytes and antivirus… no hits…
It seems to me if someone got acces to my plexweb and changed my library names just for fun…
But this does not explain the high upload when plex server is running
Thanks for your advice…
Will disconnect all connected devices and change login to password login
Do you now where in wich folder the preferences.xml is located ?
Thanks
If you can’t find it - you aren’t supposed to and it will not affect you. Only Unix/Linux systems were affected by that (and you didn’t write what type of system you were running so I just threw stuff out that I could think of).
Did you put your Plex media server into a DMZ (this is done via the settings of your router)?
Have you tried to create a custom domain name for your plex server?
Did you change any of the advanced settings of Plex Media Server, especially stuff under Settings - Server - Network - ‘Show Advanced’ ?
Is your home network properly isolated from the internet by a router and did you disable any firewalls on the router?
@snikhaas - I have sent you a private message. Please send your log in reply. Thanks
I just want to add something as well, how many computers on are your local network? Make sure to disable local network discovery in plex server settings, if you are on a network with other computers that you dont know. If another person is running a plex server and you have that checked, they can access your server through the local network. I actually discovered this by mistake awhile back.
Thanks for your advice.
My local network has about 12 computers on it.
There’s only one plex server running.
The issue was identified as having disableRemoteSecurity enabled within the server settings.
To disable it, change value to to 0 or better to delete the entry.
See https://support.plex.tv/hc/en-us/articles/201105343-Advanced-Server-Settings
Users should not enable this setting as it makes the server open and accessible without authentication.
