… my personal Jellyfin server (nor anything else on it) has been hacked…
And I’ve never been attacked by a bear while wearing my goose feather headdress.
Comment on 4 reasons Plex is turning into the thing it replaced
xthexder@l.sw0.com 1 week agoThe security thing is ironic because my personal Jellyfin server (nor anything else on it) has been hacked, but Plex itself has had their database leaked recently. It’s actually the main reason I switched because I don’t like their auth servers being a giant common target.
AtariDump@lemmy.world 1 week ago
xthexder@l.sw0.com 1 week ago
Call it survivorship/selection bias if you want, but basically every hack I’ve been exposed to is from centralized servers getting exploited that server millions of people. Plex, along with any other public facing service with lots of users, receives targeted attacks constantly. All my server receives is automated bots looking for 10-year-old Wordpress .php exploits (I don’t even run php on my server).
kieron115@startrek.website 1 week ago
From their blog post about it:
The passwords were hashed and, I’m inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn’t matter much here, what we want is entropy) it would take a conventional computer tens to hundreds of millions of years to crack one user’s password.
xthexder@l.sw0.com 1 week ago
Yeah, I’m not really worried about it. I changed my password and moved on. It’s just that hackers have every reason to try and exploit Plex, while individual servers are hardly worth someone’s time and effort to go after when the payoff is maybe 1-2 usernames and emails
bookmeat@lemmynsfw.com 1 week ago
Simply not true. There is no person out there deciding every fry is too small. They just pick an exploit and send some bots after it. Every target is a good target because every target is a platform for more. It’s currency. The discrimination happens at the userbase level which is why jellyfin will always be safe. Kidding 😂