I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.

If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.

p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.

You may need to reevaluate your threat model.

I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…

Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.

Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.

Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).

you will absolutely lose a bunch of them

I always see this and I have to ask: why do you care?

They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.

VPN

Have to agree with the other comment that asks why do you need to use a vpn. Fax

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.

My friends on Apple devices thing Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.

I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.

For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?

Hosting on your own hardware is much more fun though! In most cases it’s safer too, you don’t really need to worry about much as long as you dont portforward your ssh port & don’t run programs as root.

I would say it’s cheaper as well, but that depends on how expensive the static ip lease is per month.

The internet is full of bots pounding at your machines to get in. It is only a matter of time until the breach Jellyfin.

If you are talking about brute force attacks for your password, then use a good password… and something like fail2ban to block ips that are spamming you.

This point doesn’t exactly match, but: public services like google auth don’t require users use vpns. They have a lot more money to keep stuff secure, but you may see my point… auth isn’t too trivial of a feature to keep secure nowadays. They implement similar protections, something to block spammers and make users have good passwords (if you dont use a good password, you are still vulnerable on any service).

Thanks for your reply, I will definitely keep that in mind if Seafile fails to meet any critera moving on, but yeah your last point is also right, it would probably be a big pain to migrate out at this point with all my data for multiple users here.

It seems a lot has been modernising recently, I didn’t know they were also using Go, but hopefully they continue with it for new code.

NextCloud being so slow forced me to migrate to Seafile.

Seafile being less one-stop-shoppy made me not use it so much, but whenever I do it is always fast and responsive (unlike nextcloud, where 80% of the time I was looking at the loading indicator). Looking it up now though, it looks like it has a lot of new features I haven’t yet tried so I’m probably gonna start using it more now.

Only downside with Seafile is it’s deduplication (for me), because it stops me from easily accessing files directly (always gotta use a client). Likely a benefit for most though and I do rarely need to access a file directly on disk, just when I do, it’d be an easy shortcut for whatever I’m doing.