Plex Server scans for wallets?

I checked the plex logs (Plex Media Server.log) today and found the following:

Feb 15, 2022 02:11:21.543 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.mozilla/firefox": boost::filesystem::status: Permission denied: "/root/.mozilla/firefox"
Feb 15, 2022 02:11:24.640 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/opera/databases/chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0": boost::filesystem::status: Permission denied: "/root/.config/opera/databases/chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0"
Feb 15, 2022 02:11:27.737 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/google-chrome": boost::filesystem::status: Permission denied: "/root/.config/google-chrome"
Feb 15, 2022 02:11:30.833 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/BraveSoftware/Brave-Browser": boost::filesystem::status: Permission denied: "/root/.config/BraveSoftware/Brave-Browser"
Feb 15, 2022 02:11:33.928 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.bitcoin": boost::filesystem::status: Permission denied: "/root/.bitcoin"
Feb 15, 2022 02:11:37.024 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.dogecoin": boost::filesystem::status: Permission denied: "/root/.dogecoin"
Feb 15, 2022 02:11:40.120 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.litecoin": boost::filesystem::status: Permission denied: "/root/.litecoin"
Feb 15, 2022 02:11:43.217 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.dashcore": boost::filesystem::status: Permission denied: "/root/.dashcore"
Feb 15, 2022 02:11:46.311 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.electrum/wallets": boost::filesystem::status: Permission denied: "/root/.electrum/wallets"
Feb 15, 2022 02:11:49.421 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.walletwasabi/client/wallets": boost::filesystem::status: Permission denied: "/root/.walletwasabi/client/wallets"
Feb 15, 2022 02:11:52.520 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.local/share/Daedalus/mainnet/wallets": boost::filesystem::status: Permission denied: "/root/.local/share/Daedalus/mainnet/wallets"
Feb 15, 2022 02:11:55.614 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.local/share/Coinomi/wallets": boost::filesystem::status: Permission denied: "/root/.local/share/Coinomi/wallets"
Feb 15, 2022 02:11:58.716 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.ethereum/keystore": boost::filesystem::status: Permission denied: "/root/.ethereum/keystore"
Feb 15, 2022 02:12:01.811 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/Jaxx/Local Storage": boost::filesystem::status: Permission denied: "/root/.config/Jaxx/Local Storage"
Feb 15, 2022 02:12:04.905 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/com.liberty.jaxx/IndexedDB/file__0.indexeddb.leveldb": boost::filesystem::status: Permission denied: "/root/.config/com.liberty.jaxx/IndexedDB/file__0.indexeddb.leveldb"
Feb 15, 2022 02:12:07.999 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/snap/bitpay/current/.bitpay/app/Local Storage/leveldb": boost::filesystem::status: Permission denied: "/root/snap/bitpay/current/.bitpay/app/Local Storage/leveldb"
Feb 15, 2022 02:12:11.093 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/atomic/Local Storage/leveldb": boost::filesystem::status: Permission denied: "/root/.config/atomic/Local Storage/leveldb"
Feb 15, 2022 02:12:14.200 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.config/Exodus/exodus.wallet": boost::filesystem::status: Permission denied: "/root/.config/Exodus/exodus.wallet"
Feb 15, 2022 02:12:17.300 [0x7f200a167b38] ERROR - Couldn't check for the existence of file "/root/.electron-cash/wallets": boost::filesystem::status: Permission denied: "/root/.electron-cash/wallets"

Why tries plex server access to wallet files???
I found this logs for all users on my system!

Server Version#: 1.25.5.5492

1 Like

Looks like you have added /root as part of your library. Under your server settings go to manage → libaries and then edit your library. From there go to the add folders tab and remove the folders which should not be scanned and add only the ones you have media in. Example below …

Screenshot from 2022-02-15 18-39-24

I have checked now all libraries: No, I don’t have maintained /root

All media content is located in (and have there subfolders for each library):
/home/plexmediadata

Also the named paths of the log file don’t exist.
So it looks to me that the server actively searches for such folders.

Very strange. Just checked my logs and I don’t have any of that. Would you be willing to upload a copy of your server logs so we can take a peek and see what might be happening ?

I censored just some user names on my server with xxx1,2,3…
plex.txt (66.3 KB)

Understand your reluctance to upload logs but really that snipit tells very little. Lets see if a plex member of staff or ninja will jump on this thread and you can DM your full logs.

However, same errors but this time with /home/ also. Can you provide a screenshot of the add folders from your libraries as I’d like to see what you actually have in there.

I’m wondering, why plex searches for such folders. They do not exist on the server.

Not sure it does – at least I’ve never seen doing it.
In addition to dokuro’s question from above (screenshot from the Add Folder tab of the library config)… what agent are you using for the library in question? Any custom/3rd party agents/scanners?
The log snippet you’ve provided doesn’t provide those details. If it’s an actual scan you should see what library is being scanned – otherwise it might be worth checking all libraries for those information.

1 Like

If this is happening for all user directories on the system, and /root too, perhaps / has been added to a Library, so everything below it is being scanned.

Or perhaps there is a symlink somewhere within a Library, pointing back up to /.

find "/path/to/Library" -type l

@martinr92 there is nothing in the server afaik that would search those directories. If you would not mind messaging me your logs then I can pass them along to our server team to check.

You can click on my username/avatar to message them to me

It seems not to be triggered by a library scan. The “Plex Media Scanner.log” contains only one entry, but this is a few hours later (the crazy action happened at 2am).

Feb 15, 2022 05:44:18.414 [0x7f1ba3c28b38] INFO - Plex Media Scanner v1.25.5.5492-12f6b8c83 - Debian GNU/Linux PC x86_64 - build: linux-x86_64 - GMT 01:00
Feb 15, 2022 05:44:18.414 [0x7f1ba3c28b38] INFO - Linux version: 10 (buster), language: en-US
Feb 15, 2022 05:44:18.414 [0x7f1ba3c28b38] INFO - Processor: 16-core Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz
Feb 15, 2022 05:44:18.415 [0x7f1ba3c28b38] INFO - /usr/lib/plexmediaserver/Plex Media Scanner --scan --refresh --section 6 --activity 7adeaaee-6b37-4fcb-a334-9428977d88d2 --directory /home/riedltv/published/NFL Super Bowl/Season 2022

The previously uploaded logs is all I have / all what plex has logged. It seems to access this folders totally out of nowhere.

Instead of posting here screenshots of all libraries, I made some screenshots of the SQlite DB instead (hope it’s ok):
Agents Used (nothing special; no plugins):

And the locations:

@BigWheel Thanks, I will send you a private message.

1 Like

That’s clever.

Try a modified version of the command I suggested, using those section_locations.root_path entries.

find /home/plexmediadata/movies /home/plexmediadata/homevideos /home/plexmediadata/shows /home/riedltv/published /home/plexmediadata/esc -type l

Can I ask - is /home/plexmediadata dedicated to media? Or is it also the location of your Plex metadata, Preferences.xml, etc?

I would like ask regarding -

Do you have any media downloading automation and does that automation run from your home directory ?

@martinr92

I am reviewing some longs from @BigWheel .

I believe these are your logs.

Per your OP,

Are you using a customized configuration - override.conf file ?

This is so scary, PMS looking for crypto wallets

Also @martinr92 i didn’t notice you don’t have debug logging enabled. please turn it on and when you can reproduce get the logs after it happens.

his logs indicate it is just looking at folders in his home directory in which he happens to have crypto wallet stuff . Plex isn’t trying to access those specifically.

1 Like

Or more likely a bug or configuration issue, picking up all directories that begin with . (ex: .mozilla and .config).

Don’t jump to conclusions.

3 Likes

I see this as a configuration issue.

If I have media in /home/chuck/movies' and '/home/chuck/tv', but mistakenly tell PMS to look in /home/chuck (incomplete path), standard Linuxreaddir()will see all thedot` files in my home directory as well as any other subdirectories in /home/chuck.

Linux default permissions will deny access.

This is what’s being seen in the logs presented.

4 Likes

Yes it is very scary.

To be once more clear:
Those folders DO NOT exist.
I don’t have any crypto / wallet things installed on my server.
So it can’t be a “configuration issue”.
Also the “readdir()” makes no sense, because this folder do not exist.

This happened only once and is not reproducible.
In my opinion someone / something is using some king of vulnerability of plex (maybe through the web server port).

@BigWheel Can I permanently enable the Debug Logging without any performance impacts?