I got alerted by my monitoring system today that my root file system grew from 30% to 90% in the last 4 hours.
I was able to nail it down to /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Cache/Transcode/Sync+/ which I’m suspicious about if that’s a legit folder.
Is anybody aware of a security issue within Plex or is this some unannounced feature to use spare CPU power of people to Transcode Videos?
To provide a bit more information. I use plexmediaserver_1.7.5.4035-313f93718_amd64.deb
No security issue nor new feature. Legit folder.
That’s the local directory for holding sync transcodes.
https://support.plex.tv/hc/en-us/articles/201972478-Where-are-sync-transcodes-stored-on-my-computer-
Note the folder name was called “Sync+” and I had a .ssh folder with a .known_hosts file at the /var/lib/plexmediaserver/Library/ with a few IPs hosted/owned by XS4ALL.
It’s very unlikely that any of my users started transcoding movies at 05:53 am. I’ve now removed the installation completely and reinstalled the latest version including purging /var/lib/plexmediaserver/
If I am not mistaken not only does actual sync jobs appear there but also other conversions. I suspect it is the butler creating stuff. The hosts-file I am not so sure about. I know that Relay function in Plex uses SSH, maybe it is that.
If you enable debug logging, it should appear in there what caused the transcoding.
Check which users you granted the right to ‘Sync’ from your server.
It is not unheard of that a user started to sync a whole library - simply because he didn’t know what it was or the consequences of it.
