Comment on Plex got hacked.
dogs0n@sh.itjust.works 3 weeks agoBut most of the people (specially the plex ones) don’t have the technical background
Seems weird to say, because I had to setup Plex one time on a server for testing and it was a bit harder than setting up Jellyfin, so I wouldn’t call most Plex hosters dumb.
Plus they are still hosting something on their servers, they would still need to secure it in some ways?
You’re exactly the kind of Jellyfin user the rest has to thank for the devs lax approach to security. If you actually demanded even basic security, the devs would maybe at least consider it a priority.
But until it no longer provides an unsecured API, you should maybe think about whether you want to portrait it as secure.
Same with Plex, except more serious, they have data breach after data breach and I read comments here of people applauding the response and probably most will continue to use it.
If your threat model includes being scared people are gonna guess whats on your server and try playing it, then thats up to you, personally It’s not something I’m worried about in contrast.
thelittleblackbird@lemmy.world 3 weeks ago
Jellyfinn has a nice record of problems during the authentication and escalating privileges, even the developer team recommends to use it behind a vpn and don’t expose it to internet.
If course, you can use a reverse proxy with and external Auth framework to mitigate it, pair it with fail2ban, geo restrictions and a second factor, but those things are not in the scope of the regular user.
Let’s face reality, plex is not such widespread for being the default option in kali Linux…
dogs0n@sh.itjust.works 2 weeks ago
I think the only advice I have seen is to use jellyfin behind a reverse proxy (instead of directly exposing it), because they are hardened.
Where have you seen this official advice for a vpn?
thelittleblackbird@lemmy.world 2 weeks ago
Here …jellyfin.org/t-protection-against-everything
dogs0n@sh.itjust.works 2 weeks ago
Hm, I’m not so certain that they are stating you should be using a VPN, I think they were addressing someone who was quite concerned and a VPN does mitigate all concerns usually, so it’s simple and common advice for them folk to hand out.