by chance I observed a rather strange behavior of my Plex server. In the activities dropdown menu below the dashboard link a lot of entries kept popping up like “Media download by xxx@yyy.com Media.mp4”
xxx@yyy.com is my account but I was not aware that I am downloading any media. I am not quite sure If my account got hacked or this was just a glitch?
As a precaution I did change my password incl. F2A and deleted out all of the approved clients.
Any suggestions on this?
When you changed your password, did you check the box next to Sign out connected devices after password change?
If not, change your password again and be sure to check the box.
Please pull your log files, Settings → Troubleshooting → Download Logs and post them to the thread.
If you want to look for yourself, look in the Plex Media Server.log file (and .1.log, etc).
Example: Downloading a movie to my phone over the mobile network. The first line is the request. Search for keywords Request, (WAN), and download=1. Once the download starts you’ll see progress entries.
Feb 23, 2022 22:18:05.249 [0x7f0c0cd73b38] DEBUG - Request: [174.249.218.2:13325 (WAN)] GET /library/parts/139642/1579069109/file.m4v?download=1 (12 live) TLS GZIP Signed-in Token (FordGuy61)
....
....
Feb 23, 2022 22:18:05.675 [0x7f0c0eef7b38] DEBUG - Activity: updated activity c2018e82-bfad-4657-ac0f-e73641735d20 - completed 0.0% - Media download by FordGuy61
Feb 23, 2022 22:18:05.911 [0x7f0c0eed4b38] DEBUG - Activity: updated activity c2018e82-bfad-4657-ac0f-e73641735d20 - completed 0.1% - Media download by FordGuy61
Once you have the IP address downloading the file, you can perform a reverse lookup to see if it looks familiar.
For example, if you do a reverse lookup on the IP address from my log files, it goes back to Verizon, my mobile carrier.
There are many online tools for performing a reverse lookup, such as mxtoolbox.com.
Do you have any devices with stuff set to auto sync? IE a phone, or tablet that has either the old sync, or the new download feature enabled?
Thanks a lot for your reply!
Yes, I did sign out from all devices. Seemed a good thing…
I did check my logs… All I can find is my own static IP but with “funny” ports, I do not use. It seems that a new activity is created from that IP then a media download ist started and updated, but after some time terminated without completing .
Feb 23, 2022 21:28:42.766 [0x7fac5d3e4b38] DEBUG - Activity: updated activity c5a55555-3b5b-48c4-8bb8-02e2fdf2bd1a - completed 0.5% - Media download by xxx@yyy.com
...
Feb 23, 2022 21:28:42.777 [0x7fac5d3e4b38] DEBUG - Activity: Ended activity c5a55555-3b5b-48c4-8bb8-02e2fdf2bd1a.
Hej, thanks!
not that I am aware of any of those…
after some deeper search I discovered also completed transfers but often with rather short completion times such as:
Feb 23, 2022 21:49:54.478 [0x7fac5c420b38] DEBUG - Activity: updated activity 677ae3a4-f342-42fc-a799-cc154a6906ea - completed 0.0% - Media download by xxx@yyy.com
Feb 23, 2022 21:49:54.579 [0x7fac5d3e4b38] DEBUG - Activity: updated activity 677ae3a4-f342-42fc-a799-cc154a6906ea - completed 100.0% - Media download by xxx@yyy.com
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
