Comment on Is it normal to not have any malicious login attempts?
Hansae@lemmy.dbzer0.com 4 weeks ago
Doubt it, there are bots everywhere these days who’ll try anything they find. Its part of why having 2FA is important along with hidden accounts with things such as jellyfin.
Flipper@feddit.org 4 weeks ago
It’s possible to stream from jellyfin without an account. Jellyfin should not be connected to untrusted networks, like the internet. Several API just don’t check the key or don’t require one in the first place.
github.com/jellyfin/jellyfin/issues/5415
Hansae@lemmy.dbzer0.com 4 weeks ago
Oof, ty for that ill get to remedying it.
bobs_monkey@lemm.ee 4 weeks ago
Iirc Jellyfin isn’t exactly intended to be operated outside of your home network like Plex is. There are workarounds of course, but the onus is on the user to secure it.
greenashura@sh.itjust.works 4 weeks ago
Do you know if having authelia as middleware for jellyfin solves this issue?
clb92@feddit.dk 4 weeks ago
Not the person you asked, but I simply put Authelia in front of Jellyfin via my reverse proxy (not using OAuth to integrate with Jellyfin), and that means that you have to be authenticated for any request on my jellyfin subdomain to be able to reach my Jellyfin server. Probably means I can’t connect via the app remotely, only browser, but then I can just use my VPN and connect directly to the local IP.