SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found

  • Resolved themightyant

    (@themightyant)


    7 years, 6 months ago

    I have this plugin on several websites on different servers and I am getting the following error on most of them.
    SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found

    I have searched for existing solutions but the one mentioned here suggests it is a hosting issue, as this is happening simultaneously across several sites on different hosts, surely this is unlikely in this case.
    Any help greatly appreciated.

Viewing 6 replies - 1 through 6 (of 6 total)
  • yorman

    (@yorman)

    7 years, 6 months ago

    Share the address of at least one of the websites that’s returning a 404 and I will tell you why the scan is failing.

    Thread Starter themightyant

    (@themightyant)

    7 years, 6 months ago

    Thanks for the prompt reply, here are a few. (non-exhaustive list)

    
http://racecourseassociation.co.uk
http://www.theroedererawards.com
https://purelatitude.com
http://hotelalbustan.com
http://iscaschools.com
    erinallen

    (@erinallen)

    7 years, 6 months ago

    I got my TLS certificate issue resolved and now I am seeing this 404 error. The site in question for me is datacenterresearch.org.

    Any help would be appreciated!

    yorman

    (@yorman)

    7 years, 6 months ago

    Here is the result of my investigation:

    • racecourseassociation.co.uk was successfully scanned, but the HTTPS version of the website is not reachable because the SSL certificate has expired
    • theroedererawards.com was successfully scanned, but the HTTPS version of the website is not reachable because the SSL certificate does not match the host name
    • purelatitude.com was successfully scanned and HTTPS is okay
    • hotelalbustan.com was successfully scanned, and while there is a valid SSL certificate for the HTTPS version of the website, there is not a HTTP-to-HTTPS redirection which renders the SSL certificate useless
    • iscaschools.com was successfully scanned, but the HTTPS version of the website is not reachable due to TLS issues with the SSL certificate

    Meanwhile, your website “datacenterresearch.org” has multiple errors:

    • TLS connection using an obsolete cryptography
    • Missing security header for “XSS Protection”
    • Missing security header to prevent “Content Type” sniffing
    • Missing “Strict-Transport-Security” security header
    • Mixed mixed content found in all the images
    • Apache 2.4.35 vulnerability [2]

    [1] https://sitecheck.sucuri.net/results/datacenterresearch.org
    [2] http://httpd.apache.org/security/vulnerabilities_24.html

    Thread Starter themightyant

    (@themightyant)

    7 years, 6 months ago

    Hi Yorman, thanks for the follow up. My apologies about the delay getting back to you, I wasn’t notified of your follow up via email despite ticking the box, I’ll check spam.

    Re: purelatitude.com you said it “…was successfully scanned and HTTPS is okay” Yet this is also getting the same error “SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found”. Any idea why.

    Re: your other investigations are you saying that sitecheck only works over SSL? 4 of the 5 sites I sent do not yet run on HTTPS though we are looking to update these in due course.

    As I said previously this was only a sample of sites, I have dozens that use this plugin and many have the same error.

    yorman

    (@yorman)

    7 years, 6 months ago

    Hello,

    Re: purelatitude.com […] 404 Not Found

    Right now it appears to be clean [1].

    […] are you saying that sitecheck only works over SSL?

    No, but the scanner attempts to connect to the HTTPS version of the website anyway, because some times web developers forget to add HSTS [2]. The problem is, if your website(s) doesn’t work over HTTPS, the connection should fail, but your server(s) replied to the handshake successfully because some hosting providers serve these requests with a default page.

    The scanner doesn’t knows that your website is not available via HTTPS, it just knows that the connection worked and the hostname in the SSL certificate doesn’t matches the hostname.

    The expected behavior is one of these:

    • Scanner checks “example.com”, the website is available over HTTPS, the scanner executes the TLS connection, the operation succeeds and the hostname in the SSL certificate matches the domain name.
    • Scanner checks “example.com”, the website is not available over HTTPS, the scanner executes the TLS connection, the operation fails and so the scanner continues checking only the HTTP version.

    If the website fails outside of these two cases, then a warning is triggered.

    […] this was only a sample of sites, I have dozens […]

    I understand, but I cannot say with confidence that the scanner is failing to scan all your websites for the same reason. Some of them may have different misconfigurations, I prefer not to generalize, but I would say this is a cache issue. If you send me the entire list of domains, I may be able to tell you if all of them are failing for the same reasons or not.

    [1] https://sitecheck.sucuri.net/results/purelatitude.com
    [2] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found’ is closed to new replies.