log_analysis/anomalies/ro1.txt

=== Anomaly scan: ro1-3z8-pw.novalocal (2026-04-10T21:46:09Z) ===

--- recent log files (mtime < 7d) ---
/var/log/borg-backup.log	errors=5	warns=0	size=13318316
    > M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var
    > M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var
    > M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var
    > M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var
    > M /usr/local/www/i47i.tk/wp-content/plugins/redis-cache/dependencies/predis/predis/src/Command/Redis/FAILOVER.php
/var/log/freedns-ssl-error.log	errors=72	warns=0	size=1343992
    > [Thu Mar 19 17:06:45.696498 2026] [authz_core:error] [pid 59340] [client 20.151.11.236:41914] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
    > [Sat Mar 21 05:45:17.976155 2026] [authz_core:error] [pid 97472] [client 20.151.11.236:31811] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
    > [Sat Mar 21 06:41:09.566838 2026] [authz_core:error] [pid 69202] [client 172.235.235.248:54732] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
    > [Sun Mar 22 03:00:13.267508 2026] [authz_core:error] [pid 9998] [client 185.177.72.52:18966] AH01630: client denied by server configuration: /usr/local/www/freedns-placeholder/.htaccess
    > [Sun Mar 22 03:00:13.502429 2026] [authz_core:error] [pid 69202] [client 185.177.72.52:18982] AH01630: client denied by server configuration: /usr/local/www/freedns-placeholder/.htaccess
/var/log/httpd/i47i.tk-error.log	errors=51	warns=0	size=400820
    > [Thu Mar 19 18:50:37.024880 2026] [authz_core:error] [pid 59307] [client 20.222.18.47:21485] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
    > [Fri Mar 20 11:42:47.077024 2026] [authz_core:error] [pid 69861] [client 23.100.100.188:3532] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
    > [Tue Mar 24 23:57:24.319230 2026] [authz_core:error] [pid 81828] [client 85.203.23.121:52441] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin, referer: http://i47i.tk/cgi-bin/cgi-bin/sql.php
    > [Wed Mar 25 02:04:05.820795 2026] [authz_core:error] [pid 81829] [client 20.222.18.47:22936] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
    > [Wed Mar 25 18:35:40.714323 2026] [authz_core:error] [pid 32775] [client 20.151.201.236:22849] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
/var/log/manual-upgrades/upgrade-2026-04-05_0400.log	errors=3	warns=0	size=2495
    > Warning: Failed to create directory '/nonexistent/.wp-cli/cache/': mkdir(): Permission denied.
    >   FAILED: apache24 php_fpm jellyfin flood redis
    > {"id":"ZAa6Ntdv1W5c","time":1775361630,"expires":1775404830,"event":"message","topic":"rspworks-updates","title":"Manual Upgrade ERRORS — ro1-3z8-pw.novalocal","message":"1 services running\n\nUpdated:\\n• WordPress: 3 plugins\n\nErrors:\\n• Service down: apache24\\n• Service down: php_fpm\\n• Service down: jellyfin\\n• Service down: flood\\n• Service down: redis","priority":4,"tags":["warning","package"]}
/var/log/messages	errors=0	warns=886	size=512303
/var/log/mount_monitor.log	errors=0	warns=1808	size=526613
/var/log/mount_monitor.log.old	errors=7	warns=3614	size=1048798
    > [2026-03-24 13:05:30] CRITICAL: Mount is hung (ls command timed out)
    > [2026-03-24 13:06:28] FAILED: Mount still not responding after recovery attempt
    > [2026-03-24 13:10:30] CRITICAL: Mount is hung (ls command timed out)
    > [2026-03-24 13:11:28] FAILED: Mount still not responding after recovery attempt
    > [2026-03-24 13:15:35] CRITICAL: Mount is hung (ls command timed out)
/var/log/rclone_1fichier.log	errors=6	warns=0	size=3527222
    > 2026/03/24 13:06:28 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp: lookup api.1fichier.com: i/o timeout
    > 2026/03/24 13:10:30 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp: lookup api.1fichier.com: i/o timeout
    > 2026/03/24 13:11:28 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp 5.39.224.140:443: i/o timeout
    > 2026/03/24 13:15:35 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": net/http: TLS handshake timeout
    > 2026/03/30 06:45:30 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp 5.39.224.140:443: i/o timeout
/var/log/webmail-ssl-error.log	errors=62	warns=0	size=28197
    > [Fri Jan 09 22:57:32.624107 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/.env
    > [Fri Jan 09 22:57:45.572560 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/config.php
    > [Fri Jan 09 22:57:47.072687 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/database.php
    > [Fri Jan 09 22:57:47.392299 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/mail.php
    > [Fri Jan 09 22:57:47.693547 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/app.php

--- /var/log disk usage ---
 95M	/var/log
960K	/var/log/httpd-nextcloud-access.log
1.1M	/var/log/mount_monitor.log.old
1.3M	/var/log/freedns-ssl-error.log
1.9M	/var/log/freedns-access.log
2.2M	/var/log/matomo-access.log
2.6M	/var/log/flood.log
3.3M	/var/log/httpd-access.log
3.4M	/var/log/rclone_1fichier.log
4.3M	/var/log/freedns-ssl-access.log
5.6M	/var/log/httpd-error.log
6.2M	/var/log/redis
9.3M	/var/log/letsencrypt
9.8M	/var/log/httpd
 13M	/var/log/borg-backup.log
 24M	/var/log/webmail-ssl-access.log

--- top 15 largest files under /var/log ---