Son going to college and still wants access to Plex

Server Version#: 1.27.2.5929
Player Version#: 8.5 (on my iPad)

Hi,

My second son is going to college in the fall and still wants access to Plex while in residence. Three years ago, I set up remote access for my first son when he went to college. While he only accessed it occasionally, it was a little slow. Because of Covid, he was only away for one year and then he returned home.

Maybe it’s only a coincidence, but I get notifications in my Malwarebytes program about various “Events”. Some Event Details are “Exploit” and “Compromise” and it’s always with the Port 32400 and the PlexMediaServer.exe file. These come various days but there seems to be on average about less than 10 each week. The “Action” taken was “Blocked Website”, so that is good.

About 6 months ago, I disabled Remote Access inside of my Plex program but kept the port forwarding alone. I thought that I may get less Malwarebytes notifications but I don’t think I got many reductions at all.

Questions:

(1) Are these Malwarebytes notifications important? I mean, is it normal and okay to get them? If so, I guess I shouldn’t worry about them? I had turned off Remote Access because I wasn’t sure.

(2) Does it matter what you have on the computer that is running Plex Server? Should you only have Plex Server or is it okay to have the Plex Server running on your normal daily computer that you always use? I’m thinking about security here. If someone can “get into” your computer via the Port Forwarding, what else can they access on the computer?

(3) It sounds like I should be able to click on Enable Remote Access and my son should be able to access everything while at college, like he was able to do at home? He currently has an ipod touch version 6 but will be getting an iPhone SE before college.

I guess my questions were mainly about security and I wanted to be sure everything was safe before I opened up remote access again. I only want him to log into my server and no one else. I also don’t want anyone else on my computer “lurking around”. Paranoid maybe.

thanks

1. Ill bet malware bytes is giving you a false positive.
2. forwarding a single secured port shouldn’t allow an outside attacker to do much, especially if you ensure that plex is updated.
3. he will need to have a plex pass for mobile device usage.

Alternatives:

1. Add him to your Plex Home. He will inherit your Plex Pass capabilities. You should PIN protect your account if you do this.
2. Pay a one-time $5 USD in-app fee to unlock the mobile app. This removes the one-minute limit on playing video. It is not a Plex Pass.

Thanks to both responses. He is currently in my Plex Home and he is currently a Managed User. Since he does have his own email account, I’ll likely change him from being a Managed User to not being one, so that he can start to access more than just “kid friendly” content (that I’ll have to give him access to). I already have a Pin on my account. Is my thinking correct?

Sounds like a good plan.

You can remove the age restrictions and still keep him as a Managed User.

However, changing him to a Plex User, using his e-mail address, will have the advantage that he can login to devices using his own Plex account (versus logging in with the server owner’s account and then changing users).

If you keep him in your Plex Home he will inherit your Plex Pass capabilities. This unlocks the mobile app, removing the 1 minute limit for streaming video.

If he is not in your Plex Home and does not have his own Plex Pass, he would need to pay a one-time $5 USD fee to unlock the app. This unlocks all devices using the same app store account (i.e. if an iPhone & iPad are on the same Apple store account, they’re both unlocked).

Thanks so much for the detailed answers.