Comment on That's all folks, Plex is starting to charge for sharing
cyberwolfie@lemmy.ml 5 days agoAnd apart from an undesirable bandwidth usage resulting from someone guessing their way to my file structure, how can this be used to compromise my server?
MaggiWuerze@feddit.org 5 days ago
They can stream content from your server or map out ehat you have on there by using a rainbow table. Depending on the country you live on they can use that combined with your IP to start litigating you
cyberwolfie@lemmy.ml 5 days ago
And this has actually happened before?
dogs0n@sh.itjust.works 5 days ago
My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?
Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…
MaggiWuerze@feddit.org 5 days ago
You don’t need to post it. Bots are scanning every ip, 24/7, looking for servers to infect, endpoints to abuse and data to extract.
Go set up a ssh tarpit on your server and watch the flies drown in it. I will not expose anything on my server that has so many known vulnerabilities
Your content might be legitimate, but the vast majority use Plex and Jellyfin as a media Server for pirated content and still want to share it with their friends or family. And just FYI, most blurays and DVDs also forbid this kind of sharing in their license
dogs0n@sh.itjust.works 5 days ago
I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.
If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.