Someone from another country trying to access my plex server, repeatedly?

Hello

Recently installed a new router - a Netgear R8900, and it emails me logs of what is going on. I should add that I have had a PLEX server running in a Windows VM (ESXI) for several years now and never noticed any problems

Anyways, here is a sample of a log entry:
[LAN access from remote] from 34.241.199.208:33810 to 192.168..:32400, Wednesday, October 17, 2018 00:03:13**

That IP appears to be from Dublin Ireland (don’t know anyone there) and the log message is repeated every minute, to the second. There are dozens if not hundreds of log entries.

I did have remote access enabled, it is turned off now, but I was using a custom public port. The ip address they are trying to (or are actually connecting to) is my Plex Server. UPnP is also disabled
.
Anyone know what is going on and should I be concerned?

If someone knows the port # searching for Plex servers is easy. Since Plex has a default port (and a lot of people don’t change it) it’s easy to find plex servers.

Just change your port.

Or you can see how secure Plex is and leave it…

I appreciate the reply - but I was already using a ‘non standard’ port - it was up in the 32800’s while the standard port is 32400

and, I really don’t want to test how secure PLEX is if I can help it…

yeah, that was a joke…

There are some Plex.tv front end servers around that IP range. This might be one of them.

Well, that would make me feel better - is there anyway to confirm it or narrow it down to actually being PLEX related?

That “somone” is high likely one of the Plex AWS Servers:

When you resolve the ip 34.241.199.208, you can see that it resolves to an AWS EC2 instance.

According Full list of IPs / hostnames Plex uses for remote access? there is no official list of plex services, as instances are automaticly created/destroyed by treshhold triggers (as in usage). There is no way to fix ips for those machines. It will be any free ip from the AWS Ip range.

The Plex back end systems do communicate with the Plex Media Servers and if the server is enabled for remote access, the remote access functionality is checked by doing specific requests (GET /identity) from plex.tv servers hosted on Amazon AWS servers.

There may also be events from pubsub servers and these are not part of the amazon cloud - these servers are geographically aligned and may change and Plex Media Servers get the current list of pubsub servers (at this point in time) through this request https://plex.tv/services/pubsub/servers

Thanks to all for your help.

I disabled remote access last night and the router log entries have stopped. What you guys are saying about the Plex backend servers make sense. I will just let it go at that.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.