[Plugin] Ransomware Protection - Deprecated


Squid

Recommended Posts

So I installed this docker and have been fiddling about with it. Before uninstalling I clicked the "delete previous bait files" to remove all the bait files. After uninstalling there are still a load of these squidbait files in all my folders. Is there anyway i delete these all in one go. Thanks

Link to comment

Those would have been created on a previous version on the plugin that had a bug within it, and the system didn't keep track of them.

 

Easiest solution is to navigate via the network to those shares, then do a search for squidbait, highlight them all and then delete...

Link to comment

Ah Squid that sounds correct " version on the plugin that had a bug within it, and the system didn't keep track of them."

 

Its a painful process going through each share and folder/sub folder to delete these :S 

 

Windows explorer, all shares public, search and delete got it now.

 

Thanks for this docker btw.

 

 

Edited by Mylo75
Link to comment
6 minutes ago, Mylo75 said:

Ah Squid that sounds correct " version on the plugin that had a bug within it, and the system didn't keep track of them."

 

Its a painful process going through each share and folder/sub folder to delete these :S

 

Thanks for this docker btw.

TBQH, on my systems I don't both bother using Bait Files any more.  I strictly use the bait shares....  The bait files while offering more protection were just too prone to be inadvertently deleted / changed in my daily usage of my servers

Link to comment
18 minutes ago, Mylo75 said:

 

Yea my mistake, I was tired deleting all those wee Squid files :o

I had thought about adding in a utility to delete them all when the bug was discovered, but decided against it because for all I know those files named Squidbait* might actually belong on your array for your own purposes, and the last thing I wanted to do was inadvertently delete your own files.

 

The latter versions tell you about creation errors (if you have the bait files set to be recreated), and clicking the link brings up a list of where the stragglers left from prior versions are...  A straggler is a file that as far as RP is concerned belongs on the array because it is a pre-existing file named the same.  IE: If you do have a file of your own named Squidbait*, then RP will not overwrite it, nor will it monitor it for changes)

Link to comment

Uninstalled and now I have this entry on every disk. 

Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>

 

I'm sure its somewhere obvious, but I haven't found it to remove it as of yet. O.o

Link to comment
1 minute ago, kizer said:

Uninstalled and now I have this entry on every disk. 

 


Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>

 

 

I'm sure its somewhere obvious, but I haven't found it to remove it as of yet. O.o

Old bug from a prior trip.  Just click in the box where you're seeing it, and delete the contents.  Disk won't actually be read-only.  Just the comment got left in there a while ago.

Link to comment
23 hours ago, Squid said:

I had thought about adding in a utility to delete them all when the bug was discovered, but decided against it because for all I know those files named Squidbait* might actually belong on your array for your own purposes, and the last thing I wanted to do was inadvertently delete your own files.

 

The latter versions tell you about creation errors (if you have the bait files set to be recreated), and clicking the link brings up a list of where the stragglers left from prior versions are...  A straggler is a file that as far as RP is concerned belongs on the array because it is a pre-existing file named the same.  IE: If you do have a file of your own named Squidbait*, then RP will not overwrite it, nor will it monitor it for changes)

 

Wasn't having a go at you Squid, just in case you thought that. 2 mins got rid of the stragglers, made all shares public, went to Windows Explorer on my desktop, searched for Squid and sapped them. :D

Link to comment
On 01/04/2017 at 6:37 PM, CHBMB said:

@Squid Fingers crossed he doesn't delete the thread to destroy the evidence..... :D

 

11 hours ago, kizer said:

 

Ouch lol

 

It's alright @kizer this one has backfired on me.....

It's been the post I've made that people have liked or found the most helpful.  Which speaks volumes about the quality of my other posts clearly when my comedy is better..... :(

Link to comment
19 hours ago, CHBMB said:

 

 

It's alright @kizer this one has backfired on me.....

It's been the post I've made that people have liked or found the most helpful.  Which speaks volumes about the quality of my other posts clearly when my comedy is better..... :(

Lol, Its all well. I' off to find posts to mess up. xD

Link to comment

Let me start this off by saying, I have NOT read the entire thread for this issue. I searched for .DS to see if anything was posted and there was nothing.

 

That might give some clue as to why I am posting.

 

I have been doing some general updating to the server (along with installing some new excellent plugins - of which I think this is) and I found a conflict between this plugin and user scripts.

 

I ran the included "This script will delete all .DS_Store files on your array created by Apple's Finder" script on the user scripts plugin and the ransomware plugin kicked in. Doh!

 

When I say "conflict" I believe the ransomware plugin is behaving as intended BUT the files in question are inconsequential. Are we able to set an exclusion list? or a safe plugin list? ....

 

Just thinking out loud!?

 

EDIT: also, is it possible for everything to work as intended and still have the SMB folders hidden. It bugs me that when I open my share list up I have this huge list of "dummy" shares and I have to "scan" to find what I want!?

Edited by danioj
Link to comment
Let me start this off by saying, I have NOT read the entire thread for this issue. I searched for .DS to see if anything was posted and there was nothing.
 
That might give some clue as to why I am posting.
 
I have been doing some general updating to the server (along with installing some new excellent plugins - of which I think this is) and I found a conflict between this plugin and user scripts.
 
I ran the included "This script will delete all .DS_Store files on your array created by Apple's Finder" script on the user scripts plugin and the ransomware plugin kicked in. Doh!
 
When I say "conflict" I believe the ransomware plugin is behaving as intended BUT the files in question are inconsequential. Are we able to set an exclusion list? or a safe plugin list? ....
 
Just thinking out loud!?
 
EDIT: also, is it possible for everything to work as intended and still have the SMB folders hidden. It bugs me that when I open my share list up I have this huge list of "dummy" shares and I have to "scan" to find what I want!?

This was on a bait share. Because the file names used within are random I have no real way of knowing what files belong there hence any deletion triggers. (the alternative would be to instead of having 20 monitors there is in excess of 1 million which will significantly increase memory requirements and significantly slow down response time.)

The exception youre looking for would come via that script.

You should be able to hide the shares over the network by putting a . in front of the custom name.

Sent from my LG-D852 using Tapatalk

Link to comment
On 1.4.2017 at 6:17 PM, Squid said:

Old bug from a prior trip.  Just click in the box where you're seeing it, and delete the contents.  Disk won't actually be read-only.  Just the comment got left in there a while ago.

hello

 

there is no box - that line is shown in GUI - shares - disc shares  - comment - it is not select- or editable

 

cheers - ahab666

Link to comment
23 minutes ago, ahab666 said:

hello

 

there is no box - that line is shown in GUI - shares - disc shares  - comment - it is not select- or editable

 

cheers - ahab666

Oops.  You are correct there.  (don't know what I was thinking, nor what @kizer was thinking).  On the flash drive, edit /config/disk.cfg (notepad will do just fine) and remove the comments from these lines:

 

diskComment.1="Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>"

 

(There will be an entry for each disk)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.