This is probably not a Plex fault, but something that user might need to know when enabling external access to Plex
I enabled remote access on my Plex Server and, to facilitate this, set a port forwarding rule on my router so that traffic on port 32400 is passed on to the internal PMS server address. uPNP on the router is disabled.
So far, so good. Access from outside my network to PMS works fine. A penetration report from Gibson Research Services (grs.com) shows my installation operating in full stealth for the first 1024 ports.
Last .night, I looked at the QNAP server log to see five failed login attempts from ip address 92.37.142.231 . (Russia) and wondered what was going on. Gibson Research still showed the installation operating in full stealth for the first 1024 ports. Just for completeness I set the GRC system to probe port 32400. Which it reports as open!
Somehow, the would be hacker has found a way to bring up the QNAP sever login page through port 32400. Fortunately I use insanely long passwords so the hack failed. QNAP blocks any external IP address that fails 5 times.
Nevertheless, is is clear that opening up port 32400 has a vulnerability on port forwarding creates a vulnerability. As I very rarely use remote access I have now turned this off and removed the port forwarding rule. Gibson Research now reports my system operating in full stealth on all ports.
Something to be aware of fellow Plex users. As I said earlier, this is probably not a fault with the Plex software, but something the community needs to be aware of.
32400 is the default internal port that PMS needs. For remote access, there is no need to use this same port, but a lot of users do just to keep the setup simpler. There are hackers out there that are aware of Plex and that users may be using port 32400 so they randomly access this port to see if there is a PMS setup. Change the port to something more random and youâll not have this issue.
Intruder detection was already set up. The problem even happens if I specify a port other than 32400 for external access. I have posted a new thread about this.
And I closed it, since itâs more or less a duplicate of this one, and as already said, PMS simply canât be used as a port jump host to the QTS interface
Just to clarify are you saying itâs impossible to get access to the server web client via a Plex port?
Please advise in what authority you are making that statement. Somehow, access was gained and I am no newbie to server configuration so please feel free to be as technical as you wish in your response.
In theory, it could happen, when streaming plugins was present, and a nasty plugin could act as a proxy, I guess, but with never versions, not possible
There absolutely no way for PMS to interact with your QTS interface!
By default, QTS use port 8080, so are you sure thatâs not allowed in your FW?
And you could also change that port in QTS, since using default ports is never advised from a security perspective
Iâm 100% certain that port 8080 is not open at the router. UPnP is turned off with a specific port forwarding rule that the single port number that I chose forwards to port 34200 on the internal IP address of the server. grc.com âshields upâ reports the port as âstealthâ - I.e. not responding to anything.
Shields Up does show my chosen port as being âopenâ as expected.
I am only using the standard PMS software with no additional plugins - from Plex or anywhere else. I do have an HD home runner unit for live channel recording configured to the PMS.
The unsuccessful login attempts were quite a surprise. Although I am no longer using port 32400 externally, modern port scanners will find out any open ports soon enough. My concern is that somehow, there is an exploit that is able to open the web administrator on 8080.
Thank you for your continuing feedback on this. Well it seems as if âOccamâs razorâ applies again. Given your assurance that it cannot be Plex, I have now done some extended probling on the router and, guess what, even if I only allow a rule for port 34200 (or whatever other one I chose for my Plex application) it also opens port 8080 !!! I have been on the phone to my ISP and demonstrated this to them - they were also able to get to the login page of my Qnap. They are now investigating the problem.
This is clearly not a general problem with Plex.
I had thought of changing the default port from the Web Administration, but I am loathed to do that unless I have to. This is on the âIf it ainât broke, dont fix itâ rule since it is not a fault of the Qnap that the router is passing traffic on port 8080.
My question with the forum has probably reached a conclusion at this point. I would advice anyone who does permit remore access however, to check their server logs in case there are any hack attempts.
I do have most of those recommendations implemented - in particular my password is feindishly long. The firmware is also up to date. The advice regarding the ports is concerning. For the time being I have configured the Qnap so that it is now unable to be contacted at all by the router.
