December 28, 201411 yr I see these entries in my syslog and don't know what is being attempted by what: Dec 28 09:26:45 unRAID login[2275]: invalid password for 'UNKNOWN' on '/dev/tty1' Dec 28 09:27:24 unRAID login[2275]: invalid password for 'UNKNOWN' on '/dev/tty1' Dec 28 09:28:19 unRAID login[11795]: invalid password for 'UNKNOWN' on '/dev/tty1' Dec 28 09:29:34 unRAID login[12715]: invalid password for 'UNKNOWN' on '/dev/tty1' At the time I was playing with Plex Home Theater on a standalone Linux Mint 17.1 box (I have PMS running as a docker container). The only other containers/VMs running are my usual ones and I have never seen these messages before. Anyone have any ideas? John
December 28, 201411 yr As far as I know, Plex is not really secure. Reading on the Plex forums there are reports of people "hacking" into others account, especially if they are using PlexWatchWeb or PlexNotify. But most of those reports it has just been Plex that they are able to get into since the perpetrator(s) have been posting on the plex forums letting people know to secure their systems.
December 29, 201411 yr As far as I know, Plex is not really secure. Reading on the Plex forums there are reports of people "hacking" into others account, especially if they are using PlexWatchWeb or PlexNotify. But most of those reports it has just been Plex that they are able to get into since the perpetrator(s) have been posting on the plex forums letting people know to secure their systems. Is there any threads in particular you are talking about. I am very curious about this as well. I know unRAID isn't designed to be internet facing. The only applicaiton I use which I might want to pass though the Router Firewall is Plex... but if it's not secure by default... then I might want to revisit that idea, or at least learn how to protect myself a bit better.
December 29, 201411 yr Plex account hacked Token Exploit https://forums.plex.tv/index.php/topic/82819-plexwatchweb-a-web-front-end-for-plexwatch/?p=784938 This is a post made by the hacker on the account he hacked. https://forums.plex.tv/index.php/topic/82819-plexwatchweb-a-web-front-end-for-plexwatch/?p=802983
December 29, 201411 yr Plex account hacked Token Exploit https://forums.plex.tv/index.php/topic/82819-plexwatchweb-a-web-front-end-for-plexwatch/?p=784938 This is a post made by the hacker on the account he hacked. https://forums.plex.tv/index.php/topic/82819-plexwatchweb-a-web-front-end-for-plexwatch/?p=802983 Thanks!
March 18, 20179 yr An old thread but I have started having the same issue for the last 8 days. I have stopped any external access on the router (previously for OpenVPN, plex and nextcloud), shutdown VMs and Dockers, checked the local network devices and I'm still getting the messages. Is there any way to source what is accessing?
June 2, 20188 yr On 3/18/2017 at 4:40 AM, Ashe said: An old thread but I have started having the same issue for the last 8 days. I have stopped any external access on the router (previously for OpenVPN, plex and nextcloud), shutdown VMs and Dockers, checked the local network devices and I'm still getting the messages. Is there any way to source what is accessing? I too started getting this. I got a new router a few months ago and never figured out how to setup port forwarding to my UnRaid server so I don't anyone should have access that way. After getting this message I double checked my router I don' t see any DMZ or port forwarding enabled. I would love to hear ideas. Maybe I have a compromised system on my local network that is trying to do this? Basically if I a computer on my local network was hacked, maybe it is trying to log into the unraid box?
Archived
This topic is now archived and is closed to further replies.