wingchun222

Due to the amount of times that I have to cause trips during development, my wife has now threatened me with divorce if I do any development on this plugin while she's still awake In the webGUI, go to shares, Disk Shares, click on each disk in turn and change the settings to whatever they were (or you think they were). If you don't remember ever changing them in the first place, then they were probably set to public (RP sets them to secure if they were previously public). Also delete the comment line so that its easy to see when RP changes it I've set everything back to public as I had never changed them from their original defaults. How do I delete the comment line? I figured it out!!

Due to the amount of times that I have to cause trips during development, my wife has now threatened me with divorce if I do any development on this plugin while she's still awake In the webGUI, go to shares, Disk Shares, click on each disk in turn and change the settings to whatever they were (or you think they were). If you don't remember ever changing them in the first place, then they were probably set to public (RP sets them to secure if they were previously public). Also delete the comment line so that its easy to see when RP changes it I've set everything back to public as I had never changed them from their original defaults. How do I delete the comment line?

There is no attack history present. Did you delete the attack log? Did you uninstall and reinstall the plugin hoping that would fix it? Also post a screen shot of the shares tab I think I uninstalled it with that hope then thought it over and decided it might be a plugin that is better to have installed than not so I reinstalled it and set it to put bait fiales only in root which seems to be working fine so far other than my boo boo from the initial install and setting it to put squid files in all directories without realizing what I was doing. Thank you very much for your help by the way!! The uninstall thing is something that I spent some time go over in my head about what to do. Did I want to restore normal permissions or leave it in the tripped state. I ultimately decided that due to the nature of the plugin to leave it in the tripped state so that someone wouldn't merely uninstall the plugin in case of a legitimate attack and didn't understand what was going on. Unfortunately, what that means is that in the case of a reinstall without first fixing those share settings is that the plugin assumes that what is set is what its supposed to be. I'll change the uninstall routine to restore the permissions. That makes complete sense in the event of a real attack and this is totally my fault for being an idiot obviously lol. I dont mind restoring the share permissions for each disk but I am unsure how to go about doing so. I am a linux newb and always flying by the seat of my pants when it comes to these unraid bugs that I cause myself which forces to learn some new linux

There is no attack history present. Did you delete the attack log? Did you uninstall and reinstall the plugin hoping that would fix it? Also post a screen shot of the shares tab I think I uninstalled it with that hope then thought it over and decided it might be a plugin that is better to have installed than not so I reinstalled it and set it to put bait fiales only in root which seems to be working fine so far other than my boo boo from the initial install and setting it to put squid files in all directories without realizing what I was doing. Thank you very much for your help by the way!!

I tried running this via ssh but it doesnt seem to help.

Well, i uninstalled the Ransomware plugin after the initial trip and clicking of restore permissions, then re insalled the plugin. Here is a screenshot of my shares tab

Is that what you are after my good person?

As in the laptop I use to connect toe the unraid box? If so then yes. This has been going on for a week or two now, I just now have some time to sit and try to get it sorted out.

As in stop and restart the plugin? Yes, I have rebooted the Unraid box a few times and the problem persists. Right now it is as if it has never been tripped. I can click the lock to set everything to read only, then click to restore permissions but it continues to stay read only seemingly only in /appdata/downloads

I had done that but unfortunately the problem still persists and it constitutes to say my shares are read only even after I clicked restore smb permissions on the popup.

So lets say I installed this, configured everything then I did what it told me not to and deleted a file which tripped the protection so inadvertently I tested it on my system lol. Now I have the Ransomware plugin set up properly but after the initial trip my /appdata/dowloads/ folder share on my ssd drive wont allow me to delete anything via windows (my downloads folder where i do a lot of renaming, deleting etc) but deleting things in MC works fine and none of my dockers are having any issues moving or renaming files. Also, when I go to my shares tab in Unraid under disk shares it says they are all "read only mode. restore normal settings via Ransomware protection settings". I am not sure how to un-do what I have done.

I just came across this awesome plugin so I installed it and gave it a shot. One thing I immediately noticed is that when I delete a movie from my share (of which I do quite often) it triggered the alert and turned off the smb share as it should and alerted me and I chose the appropriate response. If I am deleting files quite often will this just be what I have to get used to dealing with? How serious is this threat? I have never had any ransomware virus or anything remotely like that. I just don't get duped by clicking on stupid links etc. That being said there is a 12 year old in the house and I have no doubt he would accidentally click on some dumb shi% and get that kind of virus. I never even really though about any of this affecting my unraid box until I came across this plugin.

Thank you so very much!! This fixed it for me! It looks like you changed parameters (likely subdomains) after it was installed. That was not allowed in the older versions of this container (there was a disclaimer). And that's probably why it broke. The error message says there are two accounts on there (I'm guessing the second account was created when the script tried to renew with different parameters and things got messed up) Delete the folder "etc" in your config location and restart the container and everything should be fine

Thank you!

I am having an issue with my Nginx-Letsencrypt docker not updating my ssl certificate and I am at a loss as to what to do. I keep getting privacy errors in chrome and I am able to see it is due to having an out of date certificate. The day my certificate expired I started having this issue. I have restarted the ndignx docker, rebooted my unraid box, all to no avail. Any help would be appreciated!! Here is the output from docker logs Nginx-letsencrypt *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/firstrun.sh... Setting the correct time Current default time zone: 'America/New_York' Local time is now: Sun Jul 24 15:33:07 EDT 2016. Universal Time is now: Sun Jul 24 19:33:07 UTC 2016. Using existing nginx.conf Using existing nginx-fpm.conf Using existing site config Using existing landing page Using existing jail.local Using existing fail2ban filters SUBDOMAINS entered, processing Sub-domains processed are: -d www.jefflix.duckdns.org Using existing DH parameters rm: cannot remove ‘/etc/letsencrypt’: No such file or directory <-------------------------------------------------> <-------------------------------------------------> cronjob running at Sun Jul 24 15:33:07 EDT 2016 Updating certbot script. It will display help info, which you can ignore certbot-auto [sUBCOMMAND] [options] [-d domain] [-d domain] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. Major SUBCOMMANDS are: (default) run Obtain & install a cert in your current webserver certonly Obtain cert, but do not install it (aka "auth") install Install a previously obtained cert in a server renew Renew previously obtained certs that are near expiry revoke Revoke a previously obtained certificate register Perform tasks related to registering with the CA rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed plugins Choice of server plugins for obtaining and installing cert: --apache Use the Apache plugin for authentication & installation --standalone Run a standalone webserver for authentication (nginx support is experimental, buggy, and not installed by default) --webroot Place files in a server's webroot folder for authentication OR use different plugins to obtain (authenticate) the cert and then install it: --authenticator standalone --installer apache More detailed help: -h, --help print this message, or detailed help on a topic; the available topics are: all, automation, paths, security, testing, or any of the subcommands or plugins (certonly, install, register, nginx, apache, standalone, webroot, etc.) URL is jefflix.duckdns.org Subdomains are www deciding whether to renew the cert(s) Preparing to renew certificate that is older than 60 days Temporarily stopping Nginx * Stopping nginx nginx ...done. Generating/Renewing certificate Missing command line flag or config entry for this setting: Please choose an account Choices: ['db70471a0cef@2016-07-18T21:23:35Z (22a1)', '78963df01a2b@2016-04-16T1 6:35:50Z (6e7e)'] Restarting web server * Starting nginx nginx ...done. * Starting nginx nginx ...done. * Starting authentication failure monitor fail2ban ...done. *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 217 Jul 24 15:33:14 45315b394643 syslog-ng[227]: syslog-ng starting up; version='3.5 .3' Jul 24 15:39:01 45315b394643 /USR/SBIN/CRON[243]: (root) CMD ( [ -x /usr/lib/ph p5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Jul 24 16:09:01 45315b394643 /USR/SBIN/CRON[255]: (root) CMD ( [ -x /usr/lib/ph p5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Jul 24 16:17:01 45315b394643 /USR/SBIN/CRON[267]: (root) CMD ( cd / && run-par ts --report /etc/cron.hourly) Jul 24 16:39:01 45315b394643 /USR/SBIN/CRON[270]: (root) CMD ( [ -x /usr/lib/ph p5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Jul 24 17:09:01 45315b394643 /USR/SBIN/CRON[282]: (root) CMD ( [ -x /usr/lib/ph p5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Jul 24 17:17:01 45315b394643 /USR/SBIN/CRON[294]: (root) CMD ( cd / && run-par ts --report /etc/cron.hourly)