<a href="http://erasmus.redlands.edu/moodle/search.php?query=buy+soma">buy soma</a>
<a href="http://erasmus.redlands.edu/moodle/search.php?query=generic+soma">generic soma</a>
A Google search for "moodle buy ambien" gets more than 332,000 hits: http://www.google.de/search?q=ambien+moodle+buy
Viagra sells even more: http://www.google.de/search?q=moodle+buy+viagra (472,000 hits).
The problem persists as you can see if you have a look at the source of http://www.jeffmehring.com/login/index.php using your browser.
I have already created an issue in the tracker: MDL-19122
Sorry for using plain text format, everything else gets broken with all those HTML tags.
A large number of those hits you found are old user profile spam and most of the rest are hacked old non upgraded sites - fore example during last December/January some thousands of sites were hacked using old vulnerabilities & wrong settings and permissions.
<a href="http://chicago.metromix.com/registered_users/Bielilikl">Buy Viagra Jelly</a>
<a href="http://atlanta.metromix.com/registered_users/Feomqidpo">Buy Vermox</a>
<a href="http://www.quizilla.com/lyrics/9327955/cheap-ceftin">Cheap Ceftin</a>
<a href="http://www.quizilla.com/poems/9327954/order-zoloft">Order Zoloft</a>
<a href="http://www.quizilla.com/stories/9327953/buy-actos">Buy Actos</a>
<a href="http://chicago.metromix.com/registered_users/Nuiscoevfa">Buy Ceftin</a>
<a href="http://www.kaboodle.com/orderpropranololr">Order Propranolol</a>
The problem is that people dont worry about and dont upgrade
Thanks for that information.
With Drupal you get a status report similar to the one from Moodle (Site Administration > Server > Environment), but instead of checking only if the minimum requirements are met it tells you whether you are using an outdated version of Drupal (see screenshot).
What if Moodle provided similar information? IMO you can't blame people for not acting on information their Moodle installation doesn't provide them.
It's a good idea - some kind of a regular check of updates.
So far moodle (Martin) has sent email for registered sites about security updates - yet no new system will help those sites that use old code from past years and have never upgraded or dare not upgrade or don't know how to do it or administrators are worried about loosing some data if sites have some modifications.
Frank, can you check if there are any tracker issues for this kind of improvements?
- Security overview report (MDL-17222)
- META: Security overview report STABLE (MDL-18039)
- Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report (MDL-18078)
http://tracker.moodle.org/browse/MDL-18039 is still open...
This update check could be done for example with a simple form that posts current version(s) from some check file or files or database to moodle.org and gets back the current version(s) of latest files from moodle.org (some small script) and after comparison of versions suggestion of upgrading could be shown.
In practice code of moodle is upgraded weekly so if people are not using CVS only major changes could be used for this form feedback (security bug fixes etc)...
"If you have Moodle 1.9.4 and later, you'll find a new Security Report under Admin -> Reports -> Security"
I think the current status report for the Moodle environment (Site Administration > Server > Environment) already has all the relevant information and must only be tweaked a little to give a warning if the Moodle version is too old (and insecure).
A Drupal installation even sends an automatic e-mail to the site administrator if there's a security update available so one can't miss it.
Dear "Block my posts I'll still post when I want : - ) ",
I really did not say all this stuff is "old" - but most of those sites that get hacked or still have user spam are using old, non upgraded versions of moodle. We have seen that user profile spam for years and most likely are going to see it for years because attitudes don't change in 10 years.
All web applications - also current moodle - can have security holes and professional hackers and spammers can use the tiniest possible chance you give them but if settings are correct and you don't allow anybody (any bot) to self-enroll and fill user profiles with nasty stuff (this issue can be prevented with correct settings) or directly write to your php files (permissions of web accessible files can't allow writing to anybody) and your site is not otherwise open to attacks and injections (for example php setting register_globals is not enabled) your moodle site should be rather safe. The same holds good for other scripts and programs on your site (phpMyAdmin etc). The latest stable code is usually the best choice and upgrading should be routine for all administrators - not once in 5 years but regularly.
About that particular site - it does not show version of moodle but in source charset=iso-8859-1 so it can't be upgraded moodle 1.8 or moodle 1.9 (unicode required)
FactSheets (resources) are from year 2006 and otherwise it looks like a site that was quickly set up to get some cash with motto "Better protection at lower cost" - it is irony yes but not about moodle, it's irony about CyTRAP Labs - RiskIT
First name: nature medicine viagra
Surname: buy diet online phentermine pill viagra
email address: email@example.com
Now my site is in Ireland and I have no connection with Indonesia (or Russia or Afghanistan where other 'users' came from). But I do have collaboration with some studetns in USA where others came from.
So I guess it is some kind of bot that is registering on my site. I am using version 1.9.3 and the last occurrance of this was today.
Can anybody advise? Can I block specific sets of registrations?
A couple of pages that might help you in the docs:
I presume you're allowing users to register themselves ? Is it not possible to prevent that at all? If you have to use self -registration, there is something here too:
Thanks a million. Really helpful. I've already implemented some of this since you sent the links.