Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found

Viewing 6 replies - 1 through 6 (of 6 total)
  • Here are the details of the scan [1].

    HTTPS version of this website is not accessible:
    TLS certificate does not match the host name.

    [1] https://sitecheck.sucuri.net/results/davidkrutprojects.com

    But this site doesn’t use https.

    This is mostly a problem with shared hosting providers.

    In order to offer advanced features to their premium clients, they enable extra features in the server that, due to misconfigurations, end up being enabled for non-premium customers as well. In this case, TLS has been globally enabled by DreamHost, and even though your website is not being served via HTTPS, the URL is still responding to the request, which confuses some web browsers that are trying to load the most secure version of the website to the users.

    DreamHost is serving a generic “Site Not Found” page here [1] but they are sending a “200 OK” HTTP status code instead of a “404 Not Found”. This confuses the web browsers even more. That’s why the Sucuri scanner is sending a warning, because even though the HTTPS version of your website doesn’t exists, DreamHost is making people believe that it does, but it also is showing that the SSL certificate is invalid (for obvious reasons).

    I suggest you to talk with DreamHost to fix their setup.

    They shouldn’t be serving an error page with a “200 OK” status code.

    As for the “404 Not Found” that your are seeing in the plugin, it will disappear once this misconfiguration in your server is fixed. Please keep in mind that both the plugin and Sucuri Sitecheck keep a cache for 24 hours, it will automatically refresh after that.

    Let me know if you need more information.

    [1] https://davidkrutprojects.com/

    I am getting the exact same error. The only thing different about this site is that index.php is at the top level of the Public_HTML directory and WordPress is in a subfolder. Would index.php outside the WordPress folder cause this?

    I was also getting a big red ERROR on Sucuri Dashboard:

    SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found

    This error gives no helpful information. But on this support thread, I found the suggestion to try the external scan at https://sitecheck.sucuri.net/.

    It found two “Site Issues Detected” – both as “Unable to scan the page. 404 Not Found”, and listed the URLs:
    https://www.mysite.com/wp/wp-content/themes/my-theme/js/html5.js
    https://www.mysite.com/selectivizr-min.js?ver1.0

    This site does not have either of those files, so a 404 would be valid. But why did Sucuri attempted to find it? Because, I realized, that header.php references those URLs, in IE conditional comments like
    <!--[if lt IE 9]>

    Removing those from header.php resolved the Warning from Sucuri.

    Hello @tzeldin88

    This site does not have either of those files, so a 404 would be valid. But why did Sucuri attempted to find it?

    There is a family of malware that hides itself by masking the response to the HTTP request with a “404 Not Found” code. Sucuri attempts to discover these hidden scripts by sending a simple request to random files, not necessarily the ones that you mentioned in your comment.

    That being said, I believe the warnings in your website were triggered for a different reason than the warnings in @loosefast ’s website. I have to agree with you that the error gives no helpful information. I’ll pass this to the team that maintains SiteCheck (which is what the plugin uses to scan the websites) so they can consider to improve the error messages.

    Thank you.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.