A recently disocever bug, CVE-2019-11043 opens the door for a newly identified ransomware named Nextcry. If you configured your Nextcloud to run on nginx as reverse proxy (I’m doing that and will still do that) you could be affected. Update php-fpm NOW.
Mitigation
On this Nextcloud page you find instructions how to mitigate the issue. I post it here as personal mirror
You need two changes in your ``nginx.conf`:
location / {
rewrite ^ /index.php$request_uri;
}
Becomes
location / {
rewrite ^ /index.php;
}
And
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+).php(?:$|\/) {
fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
Becomes (Add $try_files $fastcgi_script_name =404;)
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+).php(?:$|\/) {
fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
Backups!
And a kind reminder, that the only viable protection against Ransomware are occurring offline backups on separate media. I burn my backups still on Blue-Rays, as this is the only fool-proof way of protecting your data against software threads like Ransomware or stupid user errors (Doh!).