Nextcloud security scan doesn't work on 01.05.2023

j-ed · May 1, 2023, 4:26pm

Hi folks,
after updating my installation to the latest Nextcloud 25.0.6 version, I’ve tried to kick-off the security scan function on https://scan.nextcloud.com as I’m always doing it. After entering my server url, the latest scan result from End of March is displayed. If I now trigger a rescan and reload the website after a while, the status never changes and as last scan date the one from end of March is displayed. I’ve now repeated that step several time, used different web browser and used different network connections but without any success.

Can anyone confirm that a general issue currently exists with that function?

KarlF12 · May 2, 2023, 2:50am

I wonder if the scan tool hasn’t been updated for 25.0.6. As it happens, mine is on 25.0.5, and the scan says this is the latest patch.

j-ed · May 2, 2023, 12:28pm

@KarlF12 Please have a look on the last scanned date. It might be possible that it hasn’t been updated for you too:

grafik

KarlF12 · May 2, 2023, 12:56pm

No it definitely updated because my last scan was on NC 24. I guess I should patch to 25.0.6 and try it.

ernolf · May 3, 2023, 8:21am

Did you look in your webserver logfile if it realy connected your server:

grep scan.nextcloud.com /path/to/webserver/access.log

It scans the output of

https://yourcloud.com/status.php

you can control yourself if that throws the expected information. It should be the same as the output of
occ status

just my 2 cents

j-ed · May 3, 2023, 7:30pm

@ernolf First I made sure that I’m able to access Nextcloud over the internet. Next I checked the webservers log file but I cannot find any incoming connection from scan.nextcloud.com. The occ command shows the correct version 25.0.6.

Surprisingly that issue appeared right after I’ve updated to the latest version. Before that I never had an issue with the security scan function, except that the version information haven’t been updated in time

ernolf · May 3, 2023, 7:37pm

It is possible that the logfile has been rotated since then:

try

grep scan.nextcloud.com /path/to/webserver/access.log.1
zgrep scan.nextcloud.com /path/to/webserver/access.log.2.gz
etc..

here is what I have got in my logfile:

~# zgrep scan.nextcloud.com /var/log/apache2/access.log.2.gz
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /oc-shib/status.php HTTP/1.1" 301 588 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /owncloud/status.php HTTP/1.1" 301 590 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /oc/status.php HTTP/1.1" 301 578 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /nextcloud/status.php HTTP/1.1" 301 592 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /status.php HTTP/1.1" 301 572 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /status.php HTTP/1.1" 200 6465 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /status.php HTTP/1.1" 200 6463 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /owncloud/status.php HTTP/1.1" 404 13929 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /oc/status.php HTTP/1.1" 404 13925 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /nextcloud/status.php HTTP/1.1" 404 13925 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /oc-shib/status.php HTTP/1.1" 404 13915 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /nextcloud/status.php HTTP/1.1" 404 13933 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /oc/status.php HTTP/1.1" 404 13925 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /oc-shib/status.php HTTP/1.1" 404 13925 "-" "scan.nextcloud.com"
95.217.53.149 - - [23/Apr/2023:21:53:46 +0200] "GET /owncloud/status.php HTTP/1.1" 404 13929 "-" "scan.nextcloud.com"

and a new one from today looks the same.

j-ed · May 3, 2023, 7:41pm

I already did that and the last scan is exactly the one shown on scan.nextlcloud.com.
Newer scans doesn’t work anymore.

ernolf · May 3, 2023, 7:52pm

The only thing I can think of is DNS. Do you use DynDNS? Is the DNS ttl too long?

You can knock on your door from outside via a VPN or with your mobile device and see if you can be reached with external DNS.

But you’ve probably already checked all that.
Otherwise I wouldn’t think of anything else.

j-ed · May 3, 2023, 7:54pm

@ernolf Thanks for sharing your ideas. I’ve indeed checked that already. I don not have any issue accessing Nextcloud over the internet.

j-ed · May 13, 2023, 11:17am

Today I re-triggered the scan and surprisingly it succeded within a couple of seconds
Due to the fact that I haven’t changed anything on my own server, I assume that the issue was cause by the scan server itself.

95.217.53.149 - - [13/May/2023:13:12:20 +0200] "GET /oc-shib/status.php HTTP/1.1" 302 - "-" "scan.nextcloud.com" 722 5450
95.217.53.149 - - [13/May/2023:13:12:20 +0200] "GET /owncloud/status.php HTTP/1.1" 302 - "-" "scan.nextcloud.com" 723 5442
95.217.53.149 - - [13/May/2023:13:12:20 +0200] "GET /oc/status.php HTTP/1.1" 302 - "-" "scan.nextcloud.com" 717 5438
95.217.53.149 - - [13/May/2023:13:12:20 +0200] "GET /status.php HTTP/1.1" 200 170 "-" "scan.nextcloud.com" 714 5614
95.217.53.149 - - [13/May/2023:13:12:20 +0200] "GET /nextcloud/status.php HTTP/1.1" 302 - "-" "scan.nextcloud.com" 724 5444