Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Plugin] Ransomware Protection - Deprecated

Featured Replies

So I installed this docker and have been fiddling about with it. Before uninstalling I clicked the "delete previous bait files" to remove all the bait files. After uninstalling there are still a load of these squidbait files in all my folders. Is there anyway i delete these all in one go. Thanks

  • Replies 449
  • Views 115.4k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • @Squid Fingers crossed he doesn't delete the thread to destroy the evidence..... 

  • I know this thread is positively ancient, but I'm one of the apparently rare few still running this plugin on both my Unraid boxes running v6.11...and just testing it again now due to all the people s

  • It's tailored to unRaid, and takes the approach of waiting for an attack to happen against certain files and when that happens stops all smb write access regardless of how inconvenient that may be to

Posted Images

  • Author

Those would have been created on a previous version on the plugin that had a bug within it, and the system didn't keep track of them.

 

Easiest solution is to navigate via the network to those shares, then do a search for squidbait, highlight them all and then delete...

Ah Squid that sounds correct " version on the plugin that had a bug within it, and the system didn't keep track of them."

 

Its a painful process going through each share and folder/sub folder to delete these :S 

 

Windows explorer, all shares public, search and delete got it now.

 

Thanks for this docker btw.

 

 

Edited by Mylo75

  • Author
6 minutes ago, Mylo75 said:

Ah Squid that sounds correct " version on the plugin that had a bug within it, and the system didn't keep track of them."

 

Its a painful process going through each share and folder/sub folder to delete these :S

 

Thanks for this docker btw.

TBQH, on my systems I don't both bother using Bait Files any more.  I strictly use the bait shares....  The bait files while offering more protection were just too prone to be inadvertently deleted / changed in my daily usage of my servers

11 minutes ago, Mylo75 said:

Thanks for this docker btw.

It's a plugin, not a docker. Very different things.

6 hours ago, trurl said:

It's a plugin, not a docker. Very different things.

 

Yea my mistake, I was tired deleting all those wee Squid files :o

  • Author
18 minutes ago, Mylo75 said:

 

Yea my mistake, I was tired deleting all those wee Squid files :o

I had thought about adding in a utility to delete them all when the bug was discovered, but decided against it because for all I know those files named Squidbait* might actually belong on your array for your own purposes, and the last thing I wanted to do was inadvertently delete your own files.

 

The latter versions tell you about creation errors (if you have the bait files set to be recreated), and clicking the link brings up a list of where the stragglers left from prior versions are...  A straggler is a file that as far as RP is concerned belongs on the array because it is a pre-existing file named the same.  IE: If you do have a file of your own named Squidbait*, then RP will not overwrite it, nor will it monitor it for changes)

Uninstalled and now I have this entry on every disk. 

Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>

 

I'm sure its somewhere obvious, but I haven't found it to remove it as of yet. O.o

  • Author
1 minute ago, kizer said:

Uninstalled and now I have this entry on every disk. 

 


Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>

 

 

I'm sure its somewhere obvious, but I haven't found it to remove it as of yet. O.o

Old bug from a prior trip.  Just click in the box where you're seeing it, and delete the contents.  Disk won't actually be read-only.  Just the comment got left in there a while ago.

1 hour ago, kizer said:

Wow now I feel really stupid... Lol xD

@Squid Fingers crossed he doesn't delete the thread to destroy the evidence..... :D

23 hours ago, Squid said:

I had thought about adding in a utility to delete them all when the bug was discovered, but decided against it because for all I know those files named Squidbait* might actually belong on your array for your own purposes, and the last thing I wanted to do was inadvertently delete your own files.

 

The latter versions tell you about creation errors (if you have the bait files set to be recreated), and clicking the link brings up a list of where the stragglers left from prior versions are...  A straggler is a file that as far as RP is concerned belongs on the array because it is a pre-existing file named the same.  IE: If you do have a file of your own named Squidbait*, then RP will not overwrite it, nor will it monitor it for changes)

 

Wasn't having a go at you Squid, just in case you thought that. 2 mins got rid of the stragglers, made all shares public, went to Windows Explorer on my desktop, searched for Squid and sapped them. :D

12 hours ago, CHBMB said:

@Squid Fingers crossed he doesn't delete the thread to destroy the evidence..... :D

 

Ouch lol

On 01/04/2017 at 6:37 PM, CHBMB said:

@Squid Fingers crossed he doesn't delete the thread to destroy the evidence..... :D

 

11 hours ago, kizer said:

 

Ouch lol

 

It's alright @kizer this one has backfired on me.....

It's been the post I've made that people have liked or found the most helpful.  Which speaks volumes about the quality of my other posts clearly when my comedy is better..... :(

19 hours ago, CHBMB said:

 

 

It's alright @kizer this one has backfired on me.....

It's been the post I've made that people have liked or found the most helpful.  Which speaks volumes about the quality of my other posts clearly when my comedy is better..... :(

Lol, Its all well. I' off to find posts to mess up. xD

Let me start this off by saying, I have NOT read the entire thread for this issue. I searched for .DS to see if anything was posted and there was nothing.

 

That might give some clue as to why I am posting.

 

I have been doing some general updating to the server (along with installing some new excellent plugins - of which I think this is) and I found a conflict between this plugin and user scripts.

 

I ran the included "This script will delete all .DS_Store files on your array created by Apple's Finder" script on the user scripts plugin and the ransomware plugin kicked in. Doh!

 

When I say "conflict" I believe the ransomware plugin is behaving as intended BUT the files in question are inconsequential. Are we able to set an exclusion list? or a safe plugin list? ....

 

Just thinking out loud!?

 

EDIT: also, is it possible for everything to work as intended and still have the SMB folders hidden. It bugs me that when I open my share list up I have this huge list of "dummy" shares and I have to "scan" to find what I want!?

Edited by danioj

1 minute ago, CHBMB said:

Come back here finding issues... bloody Aussies....

 

Sorry! :)

1 minute ago, CHBMB said:

Come back here finding issues... bloody Aussies....

 

Yorkshire Aussie @ that! Double trouble! LOL!

  • Author
Let me start this off by saying, I have NOT read the entire thread for this issue. I searched for .DS to see if anything was posted and there was nothing.
 
That might give some clue as to why I am posting.
 
I have been doing some general updating to the server (along with installing some new excellent plugins - of which I think this is) and I found a conflict between this plugin and user scripts.
 
I ran the included "This script will delete all .DS_Store files on your array created by Apple's Finder" script on the user scripts plugin and the ransomware plugin kicked in. Doh!
 
When I say "conflict" I believe the ransomware plugin is behaving as intended BUT the files in question are inconsequential. Are we able to set an exclusion list? or a safe plugin list? ....
 
Just thinking out loud!?
 
EDIT: also, is it possible for everything to work as intended and still have the SMB folders hidden. It bugs me that when I open my share list up I have this huge list of "dummy" shares and I have to "scan" to find what I want!?

This was on a bait share. Because the file names used within are random I have no real way of knowing what files belong there hence any deletion triggers. (the alternative would be to instead of having 20 monitors there is in excess of 1 million which will significantly increase memory requirements and significantly slow down response time.)

The exception youre looking for would come via that script.

You should be able to hide the shares over the network by putting a . in front of the custom name.

Sent from my LG-D852 using Tapatalk

On 1.4.2017 at 6:17 PM, Squid said:

Old bug from a prior trip.  Just click in the box where you're seeing it, and delete the contents.  Disk won't actually be read-only.  Just the comment got left in there a while ago.

hello

 

there is no box - that line is shown in GUI - shares - disc shares  - comment - it is not select- or editable

 

cheers - ahab666

  • Author
23 minutes ago, ahab666 said:

hello

 

there is no box - that line is shown in GUI - shares - disc shares  - comment - it is not select- or editable

 

cheers - ahab666

Oops.  You are correct there.  (don't know what I was thinking, nor what @kizer was thinking).  On the flash drive, edit /config/disk.cfg (notepad will do just fine) and remove the comments from these lines:

 

diskComment.1="Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>"

 

(There will be an entry for each disk)

Hmmmm,

I just used notepad++ and did a find/replace

find Read Only Mode.  Restore normal settings via <a href='/Settings/Ransomware'>Ransomware Protection Settings</a>

Replace with basically a blankspace

i tried that and it worked like a charm ....

 

thx for tha help

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.