Privacy does not exist without security. To help you keep your data yours, this scan analyzes the security of your server and gives you an overview of what to improve.
Scan failed! The scan for the specified domain failed. Either no Nextcloud or ownCloud can be found there or you tried to scan too many servers.
Shows the percentage of servers with inadequate security. A server with inadequate security is defined as Nextcloud or ownCloud with known vulnerabilities or being end-of-life.
The rating for servers is calculated as follows:
F = This server version is end of life and has no security fixes anymore. It is likely trivial to break in and steal all the data or even take over the entire server.
E = This server is vulnerable to at least one vulnerability rated "high". It is likely quite easy to break in and steal data or even take over the server.
D = This server is vulnerable to at least one vulnerability rated "medium". With bit of effort, like creating a specially crafted URL and luring a user there, an attacker can likely steal data or even take over the server.
C = This server is vulnerable to at least one vulnerability rated "low". This might or might not provide a way in for an attacker and will likely need some additional vulnerabilities to be exploited.
A = This server has no known vulnerabilities but there are additional hardening capabilities available in newer versions making it harder for an attacker to exploit unknown vulnerabilities to break in.
Our scan is strictly based on publicly available information, that is the list of known vulnerabilities relevant for ownCloud/Nextcloud releases as well as any applied hardenings/settings we can scan without having access to the server. Find more hardening tips in our hardening guide and keep your system up to date.
This is no more than a snapshot in time. Security is an ongoing process and new insights and updates have to be applied to remain secure.
No complicated system can ever be fully secure and even an A+ rated system can be vulnerable to unknown issues and determined (state) attackers.
The rating is automatically generated based on the list of applicable security advisories. The actual risk depends on your environment and may differ.