search

undo-ransomware / ransomware_detection

:arrows_counterclockwise: Ransomware recovery app for Nextcloud
https://apps.nextcloud.com/apps/ransomware_detection
GNU Affero General Public License v3.0
22 stars 6 forks source link

Ransomware recovery endless loading #14

Open boina opened 5 years ago

boina commented 5 years ago

Hello all and thank you very much for app!!!

The issue that I have is that wen I go the Ransomware tab it appears as loading (or scanning maybe) all the time. I include a screenshot of it. The same happens if I click on scan.

I'm using nextcloud 16.0.0 in a raspberry pi running and up to date archlinux install.

Thanks a lot, José.

Captura de pantalla de 2019-05-24 12-54-11

ilovemilk commented 5 years ago

Hi José thanks for reporting your issue. I will try to reproduce your problems in the next days. Are there any error messages in the Nextcloud logs?

Best regards Matthias

boina commented 5 years ago

Hi José thanks for reporting your issue. I will try to reproduce your problems in the next days. Are there any error messages in the Nextcloud logs?

Best regards Matthias

Hello Matthias,

Here there is more information on the system:

OS: Archlinux System: Raspberry pi 3 nextcloud: 16.0.0.9 php: 7.3.5

Database: Type: mysql Version: 10.3.14 Size: 330,3 MB

and this is the error log that I could trace related to the ransomware protection app as seen in the administrator page. nextcloud_ransomware.txt

Regards, José.

ilovemilk commented 5 years ago

Hi José

I tried my best to reproduce your issue with my Raspberry Pi Zero but I couldn't.

Can you post the web developer console logs? You can get them if you go to your Ransomware recovery app and press F12 in your browser. Maybe this can clarify the problems.

Best regards Matthias

pixelplumber commented 4 years ago

Hello, I have hit the same symptoms on two different univention installs of nextcloud. Their NC Version is 15.0.8, Ransomware Protection Version 0.5.2

In the console when loading the ransomware recovery page from the top menu the error console has 404:

The requested URL /ocs/v2.php/apps/ransomware_detection/api/v1/get-debug-mode was not found on this server.

In the network requests tab the call to https:///nextcloud/apps/files/ then seems to hang indefinitely in a waiting state while the spinner rotates onscreen as in the first screenshot.

ilovemilk commented 4 years ago

Hi pixelplumber

Thanks alot for the additional information this helps tracking the error down! I will try to fix this in the next few days.

Matthias

TomW80 commented 4 years ago

Hello,

I have the same problem. I'm using Nextcloud 16.0.3 on a Synology NAS. Is there already a fix for it?

Tom

ilovemilk commented 4 years ago

Hi,

I hadn't much time to investigate the problem because we are reworking the whole app to use machine learning for a better detection rate.

Something came to my mind today: How many file operations do you have in your database? You can check with SELECT COUNT (*dbprefix*ransomware_detection) FROM *dbname*; where you replace dbprefix and dbname with accordingly to you setup.

Thanks!

TomW80 commented 4 years ago

Hello ilovemilk,

The check with SELECT COUNT(*) FROM oc_ransomware_detection gives 655 entries.

Tom

loxK commented 4 years ago

I have the same issue seems related to scripts not loading. Every other app I use have no issue at all. Most javascripts are showing as blocked in the browser console.

sualko commented 4 years ago

@loxK can you post a screenshot of your js console? Is there a error message regarding those blocked scripts?

loxK commented 4 years ago

There isn't much

image

TomW80 commented 4 years ago

I see in Firefox 69.0.1 this:

Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf inline blockiert ("script-src").

pmetras commented 4 years ago

Similar problem here with NextCloud 16.

In Firefox (linux) console: image

In Chromium (linux) console: image

ilovemilk commented 4 years ago

I think I have figured out the problem but I will have to confirm it first. I think the problem is that the app collects to much data and doesn't remove any data by itself without interaction of the user. This results to a large database table and the view can't list all the data because of a missing pagination.

I will try to produce a large database but if somebody of you could just drop the content of the table oc_ransomware_detection and check if it's working again that would be great! :) Attention after dropping the content you will loose the all the results.

pmetras commented 4 years ago

I dropped the oc_ransomware_detection table content and accessed the page but I've still the same problem with the spinning icon and Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). error in the console: image

e-alfred commented 4 years ago

It seems like there are two separate issues at hand:

loxK commented 3 years ago

@ilovemilk why closing the issue is still there in lastest version

ilovemilk commented 3 years ago

There will be a new release in the next week with a complete rework of the App. The frontend is now implemented with VueJs instead of JQuery with a complete new UX design. The app internally is reworked to be more structured and uses an OpenAPI REST interface.

So this problem will be resolved with the new release. I just need some time to write some FAQ and app description to tackle some other issues, finish the build process and test the application with real malware samples.

I you want I can reopen the issue until the new release is out! :)

ilovemilk commented 3 years ago

I just release a new version and I hope this solves the problem! :)

loxK commented 3 years ago

Thanks heaps! It is fixed for me, first time seeing that app running! [happy dance]

ilovemilk commented 3 years ago

I really happy this is solved after such long time! :) I'm closing this for now.

TomW80 commented 3 years ago

Hello,

Unfortunately, the problem still exists with me. I am using Nextcloud 18.0.6 on a Synology NAS

I see the following error:

Uninitialized string offset: 0 at /volume1/web/nextcloud/lib/private/Files/Node/Node.php#307 Undefined index: dirname at /volume1/web/nextcloud/apps/ransomware_detection/lib/Monitor.php#260

ilovemilk commented 3 years ago

Thanks for the report.

This concrete error should help :)

ilovemilk commented 3 years ago

It looks like you create a directory which doesn't have path? Can you tell what you are doing? What directory you are creating?

TomW80 commented 3 years ago

I have seen the following error, but the other error message of the ransomware has been coming for some time.

[ransomware_detection] Fatal: File Not Found /Backup/ProgramData/Mein Büro/Dokumente/1/Artikel/Art.Nr 11303

DELETE /nextcloud/remote.php/dav/files//Backup/ProgramData/Mein%20B%C3%BCro/Dokumente/1/Artikel/Art.Nr%2011303 from 192.168.. by at 2020-12-09T22:33:18+00:00

ilovemilk commented 3 years ago

Thanks I try to recreate the scenario! :)

ilovemilk commented 3 years ago

So I tried to recreate the problems:

Uninitialized string offset: 0 at /volume1/web/nextcloud/lib/private/Files/Node/Node.php#307 Undefined index: dirname at /volume1/web/nextcloud/apps/ransomware_detection/lib/Monitor.php#260

The path you mentioned I your comment doesn't relate to this issue. This can only pop up if the path is empty so I will add a check for this and improve the debug output! :)

[ransomware_detection] Fatal: File Not Found /Backup/ProgramData/Mein Büro/Dokumente/1/Artikel/Art.Nr 11303

DELETE /nextcloud/remote.php/dav/files/*/Backup/ProgramData/Mein%20B%C3%BCro/Dokumente/1/Artikel/Art.Nr%2011303 from 192.168.. by *** at 2020-12-09T22:33:18+00:00

Can you confirm that the file exist?

TomW80 commented 3 years ago

The file or folder is created shortly and then deleted again immediately.

jefferyyjhsu commented 3 years ago

I am also seeing similar issue even updating to NC 20.0.4. The app list on the server.

/usr/bin/php /config/www/nextcloud/occ app:list Enabled:

  • accessibility: 1.6.0
  • activity: 2.13.4
  • bruteforcesettings: 2.0.1
  • cloud_federation_api: 1.3.0
  • comments: 1.10.0
  • contactsinteraction: 1.1.0
  • dashboard: 7.0.0
  • dav: 1.16.2
  • federatedfilesharing: 1.10.2
  • federation: 1.10.1
  • files: 1.15.0
  • files_external: 1.11.1
  • files_pdfviewer: 2.0.1
  • files_rightclick: 0.17.0
  • files_sharing: 1.12.1
  • files_trashbin: 1.10.1
  • files_versions: 1.13.0
  • files_videoplayer: 1.9.0
  • firstrunwizard: 2.9.0
  • keeweb: 0.6.4
  • logreader: 2.5.0
  • lookup_server_connector: 1.8.0
  • nextcloud_announcements: 1.9.0
  • notifications: 2.8.0
  • oauth2: 1.8.0
  • password_policy: 1.10.1
  • photos: 1.2.1
  • previewgenerator: 3.1.0
  • privacy: 1.4.0
  • provisioning_api: 1.10.0
  • ransomware_detection: 0.10.0
  • ransomware_protection: 1.8.0
  • recommendations: 0.8.0
  • serverinfo: 1.10.0
  • settings: 1.2.0
  • sharebymail: 1.10.0
  • support: 1.3.0
  • survey_client: 1.8.0
  • suspicious_login: 3.2.1
  • systemtags: 1.10.0
  • text: 3.1.0
  • theming: 1.11.0
  • twofactor_backupcodes: 1.9.0
  • twofactor_totp: 5.0.0
  • unsplash: 1.1.7
  • updatenotification: 1.10.0
  • user_status: 1.0.1
  • viewer: 1.4.0
  • weather_status: 1.0.0
  • workflowengine: 2.2.0 Disabled:
  • admin_audit
  • encryption
  • files_external_gdrive
  • user_ldap

When I click on the Ransomware Detection on top, it will only show a spinning circle and then the current page will be reloaded. image

Is my situation related to this ticket?

Thanks!

One side question, when I try to run app code check I get the following errors.

/usr/bin/php /config/www/nextcloud/occ app:check-code ransomware_detection An unhandled exception has been thrown: Error: Undefined constant 'T_DOUBLE_COLON' in /config/www/nextcloud/3rdparty/nikic/php-parser/lib/PhpParser/Lexer.php:385 Stack trace:

0 /config/www/nextcloud/3rdparty/nikic/php-parser/lib/PhpParser/Lexer.php(38): PhpParser\Lexer->createTokenMap()

1 /config/www/nextcloud/3rdparty/nikic/php-parser/lib/PhpParser/Lexer/Emulative.php(39): PhpParser\Lexer->__construct(Array)

2 /config/www/nextcloud/3rdparty/nikic/php-parser/lib/PhpParser/ParserFactory.php(23): PhpParser\Lexer\Emulative->__construct()

3 /config/www/nextcloud/lib/private/App/CodeChecker/CodeChecker.php(60): PhpParser\ParserFactory->create(3)

4 /config/www/nextcloud/core/Command/App/CheckCode.php(95): OC\App\CodeChecker\CodeChecker->__construct(Object(OC\App\CodeChecker\StrongComparisonCheck), true)

5 /config/www/nextcloud/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\App\CheckCode->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

6 /config/www/nextcloud/3rdparty/symfony/console/Application.php(1000): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

7 /config/www/nextcloud/3rdparty/symfony/console/Application.php(271): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\App\CheckCode), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

8 /config/www/nextcloud/3rdparty/symfony/console/Application.php(147): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

9 /config/www/nextcloud/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

10 /config/www/nextcloud/console.php(100): OC\Console\Application->run()

11 /config/www/nextcloud/occ(11): require_once('/config/www/nex...')

12 {main}

ilovemilk commented 3 years ago

Hey thanks for reporting. The app in version 0.10.0 is just a empty application with no functionality. This due to a critical bug in the recovery for the safety of the users until it's fixed. I recommand disabling the app until a bugfix is released! :)

For more information see #56.