I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Scary le Poo · 2 days ago

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Flax · 1 day ago

Hacking, even on an insecure system, would be illegal. Any copyright troll trying to sue a single user for having a private jellyfin instance which they hacked to find out about would probably have a hard time actually making a case.

“Yeah, this one guy was distributing films to himself and a few friends. I know because I hacked him” doesn’t seem like a good case.

Saik0 · 1 day ago

Nothing about this is hacking. They’re not defeating any authentication mechanism to scan your system. That’s the whole problem here. Nothing illegal about running a crawler/scanner service.

The fact that you have their content publicly accessible is not a “bad case” at all. Open FTP sites were sued plenty. It may be a bit harder to prove distribution intentions… but wouldn’t be hard to make a case that you violated copyright for the content they could enumerate.

Flax · 23 hours ago

It’s not publicly accessible, though. An account is clearly needed.

Saik0 · 20 hours ago

No… that’s the point of this thread. There is no requirement to login in order to manually access endpoints. Up to and including pulling video data.

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Collection of potential security issues in Jellyfin · Issue #5415 · jellyfin/jellyfin