Greetings, Moodlers! I manage a couple of different websites. One of them has a guestbook that was recently hacked. Well, hijacked would probably be a better term. Our guestbook allowed HTML code to be added to posts. Our hacker put some HTML in a post that did some crazy re-direct, so nobody could get to our guestbook, and people were directed to his whacky website.
So, now I'm wondering if my Moodle site is vulnerable to such an attack, since HTML can be added to posts and stuff. Of course, he'd have to create an account and such before getting access, which he's probably not patient enough to do, but what if? Could a registered user hijack the site with HTML code? Is it best to not have HTML enabled?
I like to use HTML in my posts of assignments and such.
Just curious!
-Jesse