Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Plugin] Ransomware Protection - Deprecated

Featured Replies

  • Author
9 hours ago, bobokun said:

So I uninstalled the plugin before forgetting to cleanup all the squidbait files. I'm trying to search for it in the community applications to install again so I can remove all the files/folders generated by the plugin but I can't seem to find it anymore. What's the best way to remove all these files/folders?

It should have automatically removed all of the files during the uninstall.

 

But, if (for whatever reason) you have files left over, you can just manually delete them.  Over the network, via Krusader, or at the command line.

  • 1 month later...
  • Replies 449
  • Views 115.4k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • @Squid Fingers crossed he doesn't delete the thread to destroy the evidence..... 

  • I know this thread is positively ancient, but I'm one of the apparently rare few still running this plugin on both my Unraid boxes running v6.11...and just testing it again now due to all the people s

  • It's tailored to unRaid, and takes the approach of waiting for an attack to happen against certain files and when that happens stops all smb write access regardless of how inconvenient that may be to

Posted Images

I'm trying to install this on 6.5.2 but it's not showing up in CA (2018.09.01a)??

  • Author
21 minutes ago, DZMM said:

I'm trying to install this on 6.5.2 but it's not showing up in CA (2018.09.01a)??

CA blocks new installs of it (because its been deprecated).  Only if you've previously had it installed will it allow you to reinstall.  It just doesn't work quite right under latter versions of unRaid.

Ahh ok.   I think I need to setup my off-site backup

  • 4 months later...

@Squid After seeing it in your signature, I read through the first two pages of this thread, got all excited... then i found this:
 

On 9/11/2018 at 10:38 AM, Squid said:

CA blocks new installs of it (because its been deprecated).  Only if you've previously had it installed will it allow you to reinstall.  It just doesn't work quite right under latter versions of unRaid.

perhaps you could edit your signature to 
Others: Ransomware Protection (for older unraid very) or (deprecated) or (no new installs) or (legacy app)

p.s. Not trying to bash on you, just trying to save others from the allure of the oasis in the desert. hahaha 😉

  • Author
3 minutes ago, nasforthemass said:

perhaps you could edit your signature to

Signatures are disabled by default on the forum software (unlike the previous forum software), so I and many many other users here can't be bothered to update them.

 

EDIT: done.  Removed the reference to Ransomware & Cleanup Appdata

Edited by Squid

On 8/6/2018 at 8:57 AM, Squid said:

It should have automatically removed all of the files during the uninstall.

 

But, if (for whatever reason) you have files left over, you can just manually delete them.  Over the network, via Krusader, or at the command line.

Your tone implies this is a relatively straighforward step, but the thought of a hiccup leaving me with 700,000+ files to delete, strewn across hundreds of folders....is pretty intimidating.  Any suggestions to help ensure this doesn't happen?  Or some syntax to leisurely recover, if it does?

  • Author

Windows Explorer

 

Search the share for say Squidbait*  Then highlight them all (CTRL-A) and delete.

10 minutes ago, Squid said:

Windows Explorer

 

Search the share for say Squidbait*  Then highlight them all (CTRL-A) and delete.

Same process works on a Mac using Finder, if you don’t use a pc.

  • 10 months later...
On 2/14/2019 at 12:38 PM, nasforthemass said:

@Squid After seeing it in your signature, I read through the first two pages of this thread, got all excited... then i found this:

p.s. Not trying to bash on you, just trying to save others from the allure of the oasis in the desert. hahaha 😉

I just fell for the honeypot! Damn I wish this was still a thing.

  • 1 month later...
On 1/1/2020 at 12:22 PM, squirrelslikenuts said:

I just fell for the honeypot! Damn I wish this was still a thing.

There is no need if your doing your backups regularly. <borg backup>

**For anyone that has a problem installing this to remove the files***

I have these .SquidBait files scattered all over my array.. what a mess!

 

find /mnt/user/* -name ".SquidBait*" -exec rm -fv {} \;

Bam no more :)

 

**Remove the -exec rm -fv {} \; part if you want to see their location to remove manually.

***Also, I just realized some are not hidden either so run that again using "Squidbait* without the dot "."

Edited by kilobit
updated command

  • 3 weeks later...

Alas - I thought this was such a nice idea and a really nice implementation of it. Of course, doesn't stop all ransomware attacks, but certainly better than nothing! Really too bad this is now depreciated and there isn't an alternative. (or is there an alternative?)

  • Author
33 minutes ago, adoucette said:

Alas - I thought this was such a nice idea and a really nice implementation of it. Of course, doesn't stop all ransomware attacks, but certainly better than nothing! Really too bad this is now depreciated and there isn't an alternative. (or is there an alternative?)

Personally, I use windows defender and have added my server's shares to it's controlled folder access.  The attack vector is going to initiate via Windows / Mac (probably a Mac since they seem to think they're immune ;) ) so you're always best securing at the source 

 

Be pro-active rather than reactive...

  • 3 months later...

Is this plugin still applicable?  

I read about some people loosing their data due to ransomware.....made me a little paranoid....

Personally I really liked the plugin. Even though it is clear that it does not provide 100% protection, and preventing ransomware in the first place is more important, I still felt that it provided an additional layer.

(seriously, we hear about a good number of malware designed to wait for a while and gather info about how to traverse any network locations available before launching an attack - so Unraid shares would be a target)

Wish it still worked, but had to disable it and uninstall as it stopped working for me a few Unraid versions ago.

Edited by adoucette

1 hour ago, adoucette said:

Personally I really liked the plugin. Even though it is clear that it does not provide 100% protection, and preventing ransomware in the first place is more important, I still felt that it provided an additional layer.

(seriously, we hear about a good number of malware designed to wait for a while and gather info about how to traverse any network locations available before launching an attack - so Unraid shares would be a target)

Wish it still worked, but had to disable it and uninstall as it stopped working for me a few Unraid versions ago.

Thanks for the info.  I figured any added layer of protection would be worth having.  

I didn't even think that it wouldn't work on newer versions of unraid.  Maybe @Squid can let us know if it'll still work.  

 

If you want protection for write once read many media (video or music), look into using the Immutable File attribute, mentioned many times on these forums.

 

 

  • Author

Or (assuming Windows), enable Ransomware Protection.  It will stop a program from rapidly changing multiple files, even to non-mapped network shares.

20 minutes ago, Squid said:

Or (assuming Windows), enable Ransomware Protection.  It will stop a program from rapidly changing multiple files, even to non-mapped network shares.

I've been trying to decide if i should uninstall norton (free with my isp) or keep it.  I cant run defender and norton at the same time.  

Norton and Symantec are absolute trash. So many better alternatives out there. I still wouldn't use it when it was free from my ISP. But I understand the temptation to use what's free.

6 minutes ago, BRiT said:

Norton and Symantec are absolute trash. So many better alternatives out there. I still wouldn't use it when it was free from my ISP. But I understand the temptation to use what's free.

 

6 minutes ago, BRiT said:

Norton and Symantec are absolute trash. So many better alternatives out there. I still wouldn't use it when it was free from my ISP. But I understand the temptation to use what's free.

better off using windows defender?

  • 2 years later...

I know this thread is positively ancient, but I'm one of the apparently rare few still running this plugin on both my Unraid boxes running v6.11...and just testing it again now due to all the people saying it "doesn't quite work" low and behold modifying a single one of the bait files locked up my entire array, exactly as expected.

 

So as yet another person who really, really appreciated this plugin and was super bummed to see it go - was it ever explained what exactly "doesn't quite work right" with newer versions of Unraid?  I realize it's a reactive defense more so than proactive, but more than that it's a very realistic layer in a defense 'stack' so it's unfortunate seeing it gone.  Thanks!

Edited by d.ohlin

9 hours ago, d.ohlin said:

I realize it's a reactive defense more so than proactive, but more than that it's a very realistic layer in a defense 'stack'

Agree. I wish this plug in still was maintained and worked. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.