Comment on That's all folks, Plex is starting to charge for sharing
dogs0n@sh.itjust.works 4 weeks agoI find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.
If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.
FreedomAdvocate@lemmy.net.au 3 weeks ago
You are very, very naive and uneducated on what bad actors do on the internet then. Basically any popular service that exposes a port to the internet WILL have bots scanning for that port specifically.
dogs0n@sh.itjust.works 3 weeks ago
Yes, you are right, but I think my point was missed.
Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?
There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.
Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.