Hi, everybody!
I have a big problem. I bought a plex pass just now, so I decided to review my server status. When I logged in to server (Windows 8.1), I found its status was “Warning”. Also browsers says “Sertificate error. You logging in to Plex.tv, but the sertificate belongs to *.mac.metro-group.com you may be hacked”. Any LAN computers under NAT was logging in successfully. After deletion Plex Server away plex.tv domain resolved to mac.metro-group.com (and server can’t login). I’ve decided, that I’ve been hacked, so I’ve reinstalled server completely to Windows 10 Enterprise (With complete formatting of system drive and reinstalling Plex from distribution). I have had issue of sertificate some time ago, but it’s gone. Now plex.tv displays me "
{“error”:true,“status”:404,“code”:“error.notFound”,“message”:“API endpoint not found”,“data”:{}}
but using direct server links it’s loaded, but can’t login not by browser, nor by server.
ping plex.tv
displays me different ip any time and don’t answer to ICMP - it’s correct? (From any LAN computer)
I can Login from any computer in the LAN, except the server.
AV - ESET Endpoint Security 5 (Was completely disabled before the tests).
Please give me any advice.
upd: Now sertificate belongs to *.atoka.io
This is a warning from your browser that the cryptographic certificate in your Plex server is not issued for the domain .mac.metro-group.com. And it is entirely correct about this.
This domain has nothing to do with Plex. So where does it come from?
Is it one of yours? Did you set up a custom domain name for your Plex server?
Are you using some kind of VPN or reverse proxy with Plex?
OK, the domain belongs to the german Metro AG:
Are you perhaps in a network that belongs to this company?
Because then I assume that these guys have a corporate filter which blocks plex.tv
No, my network is completely home, connected to home provider using NAT, only KMS and AV update server belongs to my own company (simple internet connection), not connected to this companies at all. Problem blocks plex.tv ONLY, and only from this machine (I wonder, I provided complete OS reinstall)
Something is manipulating the DNS.
Was this server perhaps installed from a preconfigured image?
Have you checked for custom DNS server settings on this machine?
Try using the public Google DNS server(s) (8.8.8.8 and/or 8.8.4.4)
Thanks, my friend!
I set Google DNS to the adapter options, now login works. Server share still doesn’t work.
In that case other question: Adapter’s DNS was set to router, this way I can’t detect attacker’s aim.
- If it was server itself, It may not helped
- If it was router/provider, I hadn’t login from other LAN
@DragonZX said:
In that case other question: Adapter’s DNS was set to router, this way I can’t detect attacker’s aim.
Sorry, I don’t understand.
If you have still issues with remote access, this may have other reasons.
You need a real public IPv4 address on your router.
If your ISP only gives you a public IPv6 address and a NAT’ed IPv4 address, remote access won’t work.
See Carrier-grade NAT - Wikipedia
Depending on your ISP, you may have to make the same DNS change in your router as well.
Sorry for the late comment. It solved. External port had been blocked by firewall, so on.
As for DNS - I don’t understand what it was. Looks like ISP’s DNS has been attacked, but in next day it was allright. It’s very strange issue.
