Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Plex Media Server Vulnerability?

Featured Replies

Feb 6, 2021 - New DDoS Plex Media Server Vulnerability?

Seems to be a number of recent news posts, like this one that PLEX Media Server is enabling distributed denial-of-service (DDoS) attacks across a number of vulnerable servers/systems. My understanding is that this is as much a network configuration issue as a PLEX software issue, as it seems to reply exploiting router port configuration (32400-32414) vulnerabilities. As PLEX is configured, users often enable external (internet) access to media (movies, music, etc) from one their server to other external devices (iPhones, tablets, etc) through the configuration process, when using protocols like universal plug and play (UPnP). UPnP allows systems on the same network (Server->Router) to seek each other out and share file Access. UPnP often uses simple service discovery protocol (SSDP) in order to do this.

 

This is apparently where external hackers/attackers take advantage by leveraging the exposed SSDP in DDOS amplification attacks in the specific router ports. I don't understand all the dynamics of it, and am looking for that and other insights - especially where it comes to unRAID and PLEX interacting.

 

My questions are:

 0) Should I be concerned? (I temporarily stopped/took my PLEX docker server offline on my unRAID server, and closed the port on my router. Am also on Verizon FIOS - so not sure if they are "intercepting" the DDoS within their network?)

 1) Anyone seen artifacts of a DDoS like this on their unRAID systems (either in VM or Dockers?)

 2) Anyone know if the vulnerability would likely exist with port forwarding typically seen with most home routers and a PLEX (unRAID) Server? Would/Could other local networked systems be compromised? How would you tell (on unRAID or other)?

 3) Would PLEX Media Server be more or less (or equally) vulnerable as a VM or as a Docker on unRAID?

 4) PLEX said they would be issuing a patch in the next few days, any idea how long that would take to propagate into the Docker versions that are in the Community Distributions in unRAID?

 

Thanks for reading, and thanks especially for anyone more knowledgeable than me to provide additional insight and knowledge. It's greatly appreciated, and this forum is great - thanks to those who share information, and help keep it running!

Edited by rollieindc
minor typo & unraid clarification

19 minutes ago, rollieindc said:

when using protocols like universal plug and play (UPnP)

I have always disabled UPnP on my router and do manual port forwards as needed.  UPnP has been prone to security issues and other problems that just don't make it worth using for me.  I can do what I need to do manually without UPnP.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.