Comment

Comment on That's all folks, Plex is starting to charge for sharing

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

source

Sort:hotnew top

MaggiWuerze@feddit.org ⁨4⁩ ⁨days⁩ ago
You don’t need to post it. Bots are scanning every ip, 24/7, looking for servers to infect, endpoints to abuse and data to extract.

Go set up a ssh tarpit on your server and watch the flies drown in it. I will not expose anything on my server that has so many known vulnerabilities

Your content might be legitimate, but the vast majority use Plex and Jellyfin as a media Server for pirated content and still want to share it with their friends or family. And just FYI, most blurays and DVDs also forbid this kind of sharing in their license

source
- dogs0n@sh.itjust.works ⁨4⁩ ⁨days⁩ ago
  I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.
  
  If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.
  
  source
  - FreedomAdvocate@lemmy.net.au ⁨18⁩ ⁨hours⁩ ago
    
    I find it hard to believe that there are bots scanning for jellyfin exploits
    
    You are very, very naive and uneducated on what bad actors do on the internet then. Basically any popular service that exposes a port to the internet WILL have bots scanning for that port specifically.
    
    source
    dogs0n@sh.itjust.works ⁨9⁩ ⁨hours⁩ ago
    Yes, you are right, but I think my point was missed.
    
    Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?
    
    There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.
    
    Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.
    
    source