This forum post has been removed
Number of replies: 3
The content of this forum post has been removed and can no longer be accessed.
Hi Alan
These are attempts to login in to Moodle? As what user?
What is the time delay between attempts? How many tries come in sequence?
If you are sure that somebody attempts to break in, you can complain to the NIC. Or block the offending IPs by adding a firewall.
You said, "a open Moodle site for demos of language courses". What did you mean by "open"? How is the demo access is organized?
These are attempts to login in to Moodle? As what user?
What is the time delay between attempts? How many tries come in sequence?
If you are sure that somebody attempts to break in, you can complain to the NIC. Or block the offending IPs by adding a firewall.
You said, "a open Moodle site for demos of language courses". What did you mean by "open"? How is the demo access is organized?
In reply to Visvanath Ratnaweera
This forum post has been removed
The content of this forum post has been removed and can no longer be accessed.
Hi Alan
Apologies for the slow response from this side.
> The log shows a single IP repeatedly ( sometimes 100s of times) hitting 'Guest User' - 'Login' - '1'. There appears to be no attempt at actual login with any random username strings or such.
There is a possibility that a "robot" is trying to index your content for a search engine. Clever robots find out Moodle courses which are open for guests. But then it shouldn't try a login/password (Moodle "guest" does not require authentication). Set the Apache logs to full and check the agent. Try to find out every thing about the IP address. If you have strong suspicions you can always complain to the NIC and/or block the IP address by firewall.
> we once suffered a MYSQL buffer overflow on our work system. It logged in as root and planted an IRC bot. Fortunately our firewall prevented it building external connections. The culprit was an old dated version of the php photo app 'copperbase' which we had tried and inadvertently left active.
Yes, that's always a nasty experience. You were lucky, otherwise the flood or reverse traffic will jam everything.
Apologies for the slow response from this side.
> The log shows a single IP repeatedly ( sometimes 100s of times) hitting 'Guest User' - 'Login' - '1'. There appears to be no attempt at actual login with any random username strings or such.
There is a possibility that a "robot" is trying to index your content for a search engine. Clever robots find out Moodle courses which are open for guests. But then it shouldn't try a login/password (Moodle "guest" does not require authentication). Set the Apache logs to full and check the agent. Try to find out every thing about the IP address. If you have strong suspicions you can always complain to the NIC and/or block the IP address by firewall.
> we once suffered a MYSQL buffer overflow on our work system. It logged in as root and planted an IRC bot. Fortunately our firewall prevented it building external connections. The culprit was an old dated version of the php photo app 'copperbase' which we had tried and inadvertently left active.
Yes, that's always a nasty experience. You were lucky, otherwise the flood or reverse traffic will jam everything.