What is test123.php

Server Version#: 1.14.1.5488
Player Version#: 3.77.4

I’ve started getting antivirus warnings about a test123.php script on my plex server. Anyone know what this is? I have plex setup using the pms-docker image:

We blocked this dangerous page for your protection:
http://MY_REMOTE_PLEX_IP/test123.php
Accessed by: vpnkit.exe
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent

We blocked this dangerous page for your protection:
http://MY_REMOTE_PLEX_IP/test123.php
Accessed by: vpnkit.exe
Threat name: Cloud.Malware.133aaW@baaaa
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

I have idea what that is. There is no test123.php in Plex.

I scanned the, as distributed, files. There is no such filename.

It unfortunately sounds like you have a virus on that system.

I’ve just had the same error (or rather continue to have it). Mine is being accessed by caddy.exe that I’m running as a web server/reverse proxy for my media services on the server.

I’m not sure it’s related just to Plex though - I have Plex and a number of other services running on my server, could be any one of them. Do you have anything else running on the same server?

I have a number of docker images running:
duckdns
heimdall
jackett
sonarr
radarr
tautulli
plexrequests
pms-docker

For some reason detection has stopped after restarting the plex container. Full system scan didn’t find the file though.

Then i assert you have bigger Docker issue which isn’t Plex related.

Now that I know it’s Docker, and see the name of the containers, You need to verify each of them

Also, that reverse proxy, if done incorrectly, makes you wide open to infiltration.