Backup files
How to protect files from encryption from viruses extortionists?
need a white list (to protect against renaming files):
a) disallow the appearance of extensions: *.cripttt *.blocked *.vault *.da_vinci_code *.better_call_saul *.breaking_bad *.cbf *.RR0D *.ENCODED *.magic_software_syndicate *.enigma *.zepto *.cerber *.xtbl *.cerber *.onion *.WINDOWS10 *.fun *.kkk *.btc *.enc *.7D174 *.cab …
b) what to do if the files extension will be such: *.cab *.zip *.doc *.docx …
need block the virus renaming and changing the original file:
if the file was document.docx synchronized, PC infected with a virus and started the extension * .cripttt, in resync it should not be encrypted
document.docx ->- document.docx (copy the original file)
document.docx -x- document.cripttt (not to copy an encrypted file)
Security
need logout session web interface or automatically after a time
need white list of allowed subnets for the web interface (192.168.0.0/255.255.255 or 192.168.0.0/24)
I’m not sure exactly what you are trying to do. Do you want to use Syncthing as a backup solution? To protect against the “crypto-locker” type of malware?
If so, you should know that Syncthing is not a backup tool. You might be able to use it as part of a backup system; I’m sure people are doing that. But I think you should instead use something that is explicitly designed for backups.
Not sure what you mean with the first one. There is no session for the WebUI, just “Basic Authentication”. It authenticates on every new request, it’s just your browser that caches the credentials so you don’t have to enter it each time. Therefore, you cannot log out, because you cannot even log in. Just close your browser or clear its authentication cache.
Configure your local firewall as you wish. But actually, I don’t see what you want to archive. There is no need to expose the WebUI for syncing files.
Can be archived with ignores. But “disallowing” certain certain file extensions doesn’t make sense in your case, because when a file “asdf.docx” is renamed to “asdf.docx.bla” and you ignore *.bla, syncthing will think that “asdf.docx” was deleted and will propagte this change (the deletion).
But as @lfam said, syncthing is not a backup solution. It will never protect you against virus-caused file changes or accidental file corruption, because it cannot distinguish between “good” and “bad” file changes.
An IP white list on the admin UI wouldn’t be completely out of the question. File a ticket on Github.
As for the other stuff I think it’s outside of our domain. I suggest syncing to a machine with real file system snapshots taken regularly, and then off site copies.
Don’t count on Syncthing protecting against ransom ware, make it not matter instead.
Looking at the video you suggest ignoring deletes. Why not use trash can versioning?
That way you can see the current state of the folder and look in the .stversions folder to find ones that have been deleted. You can also set it to delete files that are older than x days so you will not have every file that has ever been present in the share stored in one heap.
Did you choose a versioning system? If so sorry, didn’t realise. I thought you were just replying on the ignore delete option in which case you still end up with an empty file.
.stversions only works if the file is replaced at once, but if the old file with the name doc1.txt delete and create a new one with the same name, it is replaced in .stversions
You need to add the ability to not load empty files
Lacking only the whitelist and security 
