Please follow the below template, it will help us to help you!
Expected Behaviour:
OS: Raspberry Pi OS (Bookworm)
Raspberry Pi 4
Device is on a vlanned network and is served to three of them with vlan specific addresses. (Noting this as you will see it in the debug token).
There should be no errors in error-pihole.log.
Actual Behaviour:
While investigating an what was initially thought to be an unexpected shutdown (it was actually expected due to raspibackup operation), I found this in the lighttpd error log (error-pihole.log).
2025-01-14 21:01:44: (mod_fastcgi.c.449) FastCGI-stderr:PHP Warning: Undefined array key "auth" in /var/www/html/admin/scripts/pi-hole/php/password.php on line 108
This error is occurring once per minute non-stop. How can I fix this?
No app or script is in use. The closes thing is raspibackup but all that is doing is running systemctl stop/start pihole-FTL before and after the backup hits.
PHP only generates error messages like this if password.php file is accessed.
We know there is something (a script or external app) requesting a page once a minute, but we don't know which page (password.php is used by every page in Pi-hole web interface).
Please execute this command to find out what is requesting the page (logout from the web interface before executing the command to avoid false positives):
and behold the mystery is solved! So upon querying access-pihole.log as you suggested, it revealed that the requests were coming from my RHEL server. Turns out I had connected the old pihole installation to Zabbix which is running on the RHEL server. When I rebuilt the pihole installation I used a different password and forgot to update Zabbix.
As a temporary measure I've disabled the zabbix host for pihole and the spamming has stopped.