Nextcloud scanning

Having installed the latest Netxcloud on my server, I added ModSecurity and CRS 3 on the Apache instance. After some tuning and the configuration of geoIP with the help of our very own Christian Folini, I watched the logs fly by during a few hours and noticed accessing my /status.php.

By going to this /status.php on my server, I get this JSON payload:

“installed”: true,
“maintenance”: false,
“needsDbUpgrade”: false,
“version”: “”,
“versionstring”: “12.0.0”,
“edition”: “”,
“productname”: “Nextcloud”

So what is ? Checking their page brings back: “Check the security of your private Nextcloud server”.

In fact the idea is good to help keeping a secure internet (hey, I got A+, after all), but on the other hand, the /status.php URL exposes the exact version of my cloud server and its potential vulnerabilities. I’m not really sure yet if I’m happy with the idea.