I was having a bit of an issue with Plex the other day with it being accessible without using my VPN and got it working by opening the default 32400 port. I didn’t leave it like that but I was wondering who did. It turns out that a little over 3,000 people did. Pretty much any of those IP’s will give you full access to their library if you simply add /web to the end of the URL that shodan returns. What’s worse is that you can then queue up jobs to re-encode all the video or simply delete the libraries all together. I don’t advise this and simply verified that functionality on my already installed Plex server before fixing my own issue.
Search pattern is here. You’ll need to log in to view it.