if you reverse proxy into a VPN this isn’t an issue
Comment on That's all folks, Plex is starting to charge for sharing
MaggiWuerze@feddit.org 5 days agoHonestly yeah. The Jellyfin Backend is basically unauthenticated for a large part, allowing anyone to map and stream your content as soon as they guessed the ids, which isn’t that hard, since they are based on the paths on your device. So if your movie sits in /mnt/media/movies/the_bee_movie that is pretty esay to guess and calculate the id from, allowing anyone to stream that content from your server
vardogor@mander.xyz 4 days ago
MaggiWuerze@feddit.org 4 days ago
The magic bullet in that sentence is VPN not reverse proxy
vardogor@mander.xyz 4 days ago
im aware, but the inconvenience of all users connecting to the VPN was mentioned. that’s unnecessary this way
cyberwolfie@lemmy.ml 5 days ago
And apart from an undesirable bandwidth usage resulting from someone guessing their way to my file structure, how can this be used to compromise my server?
MaggiWuerze@feddit.org 5 days ago
They can stream content from your server or map out ehat you have on there by using a rainbow table. Depending on the country you live on they can use that combined with your IP to start litigating you
cyberwolfie@lemmy.ml 5 days ago
And this has actually happened before?
dogs0n@sh.itjust.works 5 days ago
My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?
Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…
MaggiWuerze@feddit.org 5 days ago
You don’t need to post it. Bots are scanning every ip, 24/7, looking for servers to infect, endpoints to abuse and data to extract.
Go set up a ssh tarpit on your server and watch the flies drown in it. I will not expose anything on my server that has so many known vulnerabilities
Your content might be legitimate, but the vast majority use Plex and Jellyfin as a media Server for pirated content and still want to share it with their friends or family. And just FYI, most blurays and DVDs also forbid this kind of sharing in their license