I not sure how to describe more details for you.
It is hosted in DMZ zone, running on Ubuntu 16.04.
It is running on LAMP.
What else information I should provide?
thereâs an app in appstore called âissue templateâ - pls install it, fill in missing information and copy&paste itâs output here
Steps to reproduce
- Upload file with name info.html
- Upload file with name READ_Me.kk
Expected behaviour
Ransomware protection should stop these files from upload to the nextcloud
Actual behaviour
All files that prohibited to upload all successfully uploaded.
General server configuration
Operating system: Linux myhqubt002 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64
Web server: Apache/2.4.18 (Ubuntu) (apache2handler)
Database: mysql 5.7.19
PHP version: 7.0.22-0ubuntu0.16.04.1
PHP-modules loaded
- Core
- date
- libxml
- openssl
- pcre
- zlib
- filter
- hash
- Reflection
- SPL
- session
- standard
- apache2handler
- mysqlnd
- PDO
- xml
- apcu
- bz2
- calendar
- ctype
- curl
- dom
- mbstring
- fileinfo
- ftp
- gd
- gettext
- iconv
- imagick
- intl
- json
- ldap
- exif
- mcrypt
- mysqli
- pdo_mysql
- Phar
- posix
- readline
- shmop
- SimpleXML
- sockets
- sysvmsg
- sysvsem
- sysvshm
- tokenizer
- wddx
- xmlreader
- xmlwriter
- xsl
- zip
- Zend OPcache
Nextcloud configuration
Nextcloud version: 12.0.3 - 12.0.3.3
Updated from an older Nextcloud/ownCloud or fresh install: YOUR ANSWER HERE
Where did you install Nextcloud from: YOUR ANSWER HERE
Are you using external storage, if yes which one: Array
(
[0] => \OC\Files\Storage\Local
[1] => \OCA\Files_External\Lib\Storage\FTP
[2] => \OC\Files\Storage\DAV
[3] => \OCA\Files_External\Lib\Storage\OwnCloud
[4] => \OCA\Files_External\Lib\Storage\SFTP
[5] => \OCA\Files_External\Lib\Storage\AmazonS3
[6] => \OCA\Files_External\Lib\Storage\Dropbox
[7] => \OCA\Files_External\Lib\Storage\Google
[8] => \OCA\Files_External\Lib\Storage\Swift
[9] => \OCA\Files_External\Lib\Storage\SFTP
)
Are you using encryption: no
Are you using an external user-backend, if yes which one: YOUR ANSWER HERE (LDAP/ActiveDirectory/Webdav/âŠ)
Signing status
[]
Enabled apps
- activity: 2.5.2
- admin_audit: 1.2.0
- admin_notifications: 1.0.0
- announcementcenter: 3.1.0
- bruteforcesettings: 1.0.2
- circles: 0.12.4
- comments: 1.2.0
- dav: 1.3.0
- defaultgroup: 0.3.0
- drawio: 0.8.8
- federatedfilesharing: 1.2.0
- federation: 1.2.0
- files: 1.7.2
- files_accesscontrol: 1.2.5
- files_automatedtagging: 1.2.2
- files_clipboard: 0.6.4
- files_downloadactivity: 1.1.1
- files_external: 1.3.0
- files_pdfviewer: 1.1.1
- files_retention: 1.1.2
- files_sharing: 1.4.0
- files_snapshots: 0.1.1
- files_texteditor: 2.4.1
- files_trashbin: 1.2.0
- files_versions: 1.5.0
- files_videoplayer: 1.1.0
- firstrunwizard: 2.1
- gallery: 17.0.0
- groupfolders: 1.1.0
- impersonate: 1.0.1
- issuetemplate: 0.2.2
- logreader: 2.0.0
- lookup_server_connector: 1.0.0
- metadata: 0.5.0
- nextant: 1.0.8
- nextcloud_announcements: 1.1
- notes: 2.3.1
- notifications: 2.0.0
- oauth2: 1.0.5
- ojsxc: 3.3.0
- ownbackup: 17.5.0
- password_policy: 1.2.2
- provisioning_api: 1.2.0
- quota_warning: 1.1.0
- ransomware_protection: 1.0.4
- serverinfo: 1.2.0
- sharebymail: 1.2.0
- socialsharing_email: 1.0.1
- spreed: 2.0.1
- survey_client: 1.0.0
- systemtags: 1.2.0
- tasks: 0.9.5
- theming: 1.3.0
- theming_customcss: 1.0.0
- twofactor_backupcodes: 1.1.1
- updatenotification: 1.2.0
- user_ldap: 1.2.1
- workflowengine: 1.2.0
- workin2gether: 0.9.6
Disabled apps
- encryption
- user_external
Content of config/config.php
{
"instanceid": "ocx0080cp7aq",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"192.168.103.1",
"192.167.90.15",
"122.255.114.168",
"nextcloud.elken.com"
],
"datadirectory": "\/media\/mynewdrive\/nextcloud",
"overwrite.cli.url": "http:\/\/192.168.103.1\/nextcloud",
"dbtype": "mysql",
"version": "12.0.3.3",
"dbname": "nextcloud",
"dbhost": "localhost",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"mail_smtpmode": "smtp",
"mail_smtpauthtype": "PLAIN",
"mail_from_address": "nextcloud",
"mail_domain": "elken.com",
"mail_smtphost": "192.168.100.105",
"mail_smtpport": "25",
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"memcache.local": "\\OC\\Memcache\\APCu",
"updater.release.channel": "beta",
"maintenance": false,
"theme": "",
"loglevel": 2
}
LDAP config
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Client configuration
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Operating system: YOUR ANSWER HERE
Logs
Web server error log
Insert your webserver log here
Nextcloud log (data/nextcloud.log)
Insert your Nextcloud log here
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...
Yes, the list is default. The admin settings are âadditionsâ and âexclusionsâ.
As for why itâs not working. Well maybe the most important part is, that the app only blocks uploading from clients. Since you filled out your browser version it makes me assume you uploaded with the browser.
1 Like
So it is normal to not working in browser uploading?
Yes this totally makes sense, since ransomware doesnât use browser upload 
. This way your browser is kinda fallback, if you why ever need to upload a file with certain extension.
Use the client and try it again to be sure.
Well you can also use the pause button in the personal setting (or in the notification after an upload failed), but yeah. Blocking browsers makes no sense, because ransomware just encrypts your files on the harddrive and doesnt do any upload.
Yes, it make sense after your explanation. Thank you.
@nickvergessen but why donât the developer make the blocking as well in browser as some suggest that we can use it to block files that not related to works like MP3 or some other files extension that prohibited in the company. Else browser will become the loop hole for users to upload their personal file into the nextcloud.
Because this is against ransomware.
If you want to block uploading mp3 files and others, checkout the files access control app https://docs.nextcloud.com/server/12/admin_manual/file_workflows/access_control.html and block uploading the mimetype
What is the working logic of numbered places?
1- I understand. Location where files with virus extensions are uploaded.
2- ?
3- ?
4- ?
Hi! I wodner, what does the âI need help!â button do. Seems to send an API call, is that some kind of distress signal to admins?
Or is it there for future implementation purposes?
It sends a message to the administrator, so they know that you requested help.
They can then contact you in any way.
Hmm, I guess I need to test it again since, last time I didnât got any message. Maybe because I (the admin) was pushing the button. 
so yes, if you are the only admin, no one is notified 
1 Like
Could you help me how to install this app? I would also like to use this app. See my topic:
Is there any way to block also from webdav?
We use Nextcloud as network driveâŠ