When trying to test the security of my Nextcloud installation using
https://scan.nextcloud.com/ I receive the following error:
Scan failed! The scan for the specified domain failed. Either no Nextcloud or ownCloud can be found there or you tried to scan too many servers.
I’ve tried several times and it never works. I’ve made sure the URL is correctly typed and publicly accessible.
Nextcloud version: 12
Apache: 2.4 (CloudLinux)
PHP version: 7.1
Either you can’t access your cloud from outside or you used the scanner too often, we can’t tell you like this which one is the case.
I experienced the same problem. Did not ever scan before and NC is completely accessible so looks like a problem with the scanner to me.
I could scan a host. Send a message with the host name to
@LukasReschke, he can debug it further.
I did set up a new NC-12 on HostEurope shared webhosting (formerly using OC-9.0.8), no update, fresh install in new directory, new sql-database!
After finishing installation I tried security scan:
=> working for OC-9.0.8 AND NC-12
=> working for OC-9.0.8, NOT working for NC-12.
Notification from OP is shown. Any hint about this behaviour?
I got your message and I got an error scanning your Nextcloud as well.
The scanner mainly checks your version and analyzes your http-headers, if HSTS etc. is set up correctly, you can test that also yourself.
@LukasReschke Can you have a look at the security scanner? Is there a repo to report such errors?
OC-9.08 and NC-12 are hosted on same webspace with same .htaccess settings and so on.
OC security scan is working, NC security scan is NOT working with NC security scanner, sorry.
Any hint how to solve this issue?
I’ve reported the issue at the
nextcloud.com repository -> https://github.com/nextcloud/nextcloud.com/issues/535 Not sure if it’s the right place, though
At the moment the scanner is down - the website works but the actual scans don’t happen. They will come back up - time is needed
Same for me. Even after the update to 12.0.1 today.
@jospoortvliet can you fix this soon. There are more and more users asking for it.
@LukasReschke any ETA perhaps?
While you are on it I hope you can fix the rating system as posted here too:
I am scanning an installation with the Nextcloud security scanner, but instead of showing an F at the top left next to the domain name (a well secured server with A or A+ does show the grade), nothing is shown. This would be important to easily show how bad the state of the installation is to non-IT related people (especially management).
@jospoortvliet Maybe this can be fixed at some point?
Found this thread while trying to look for a solution to the above said issue.
I had thought my NC install was so bad that it cannot detect the instance. LOL
Appreciate the effort put in to solve the issue. Thank you team NextCloud
NC-12.0.1 is NOT detected by
OC-188.8.131.52 IS detected…
Sadly it is still not fixed.
the scan just checks the version number (
nextcloud.com/changelog tells you the last version) and the https-headers which can be tested with other tools:
Sure I can use a barrage of tools to do this, but it is still part of the security features Nextcloud provides. I do not think that it is a good idea to have it not working for a month after all. It should be at least marked as not working or taken down if not needed/useful anymore.
I put an issue on github:
A bit of otherwise unhelpful background: this is managed by Lukas, who is quite busy with many other things. Running the scanner sadly generates quite a bit of work dealing with automated complaints that can (and did) get the servers shut off.
As soon as Lukas has time, I’m sure he will get to this.