for some time now (since christmas) we have been experiencing a large number of password attempts on our Moodle site. At one point the bot got in and placed unwanted material in a wiki - which we quickly stepped on. What's odd is that the bot seems to know the pattern of username in the site. How might it have got hold of this information? is there anyway we can stop it from making it's attempts? track where the bot is making its attacks from?
Thankyou for your advice.
On most sites you can check server logs (error, access and auth logs) or log reports (login failures with ip) from administration menu of moodle.
Start for example from
I have mod_security set up here, it looks for suspicious behavioural patterns, strange requests, odd urls etc. If it thinks something is a bit fishy it will block the client from accessing the site, I find its pretty good at stopping bots in their tracks.
Is there a mechanism for forcing a timeout after a certain number of password retries? eg after 5 attempts password is locked for 'n' minutes. I came across a moodle site that claims to do this but can see nothing in the docs to support it