What is test123.php

Server Version#: 1.14.1.5488
Player Version#: 3.77.4

I’ve started getting antivirus warnings about a test123.php script on my plex server. Anyone know what this is? I have plex setup using the pms-docker image:

We blocked this dangerous page for your protection:
http://MY_REMOTE_PLEX_IP/test123.php
Accessed by: vpnkit.exe
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent

We blocked this dangerous page for your protection:
http://MY_REMOTE_PLEX_IP/test123.php
Accessed by: vpnkit.exe
Threat name: Cloud.Malware.133aaW@baaaa
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

I have idea what that is. There is no test123.php in Plex.

I scanned the, as distributed, files. There is no such filename.

It unfortunately sounds like you have a virus on that system.

I’ve just had the same error (or rather continue to have it). Mine is being accessed by caddy.exe that I’m running as a web server/reverse proxy for my media services on the server.

I’m not sure it’s related just to Plex though - I have Plex and a number of other services running on my server, could be any one of them. Do you have anything else running on the same server?

I have a number of docker images running:
duckdns
heimdall
jackett
sonarr
radarr
tautulli
plexrequests
pms-docker

For some reason detection has stopped after restarting the plex container. Full system scan didn’t find the file though.

Then i assert you have bigger Docker issue which isn’t Plex related.

Now that I know it’s Docker, and see the name of the containers, You need to verify each of them

Also, that reverse proxy, if done incorrectly, makes you wide open to infiltration.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.