General help

moodle virus?

 
 
Picture of Bret Miller
Re: moodle virus?
Group Particularly helpful Moodlers

Someone has most certainly hacked your website. How they did it, I can't say from that message. It happened to our drupal website in August using a SQL injection flaw. You need to:

1. find and clean up the hacked code

2. reset you administrator passwords and ftp/ssh passwords

3. upgrade your code to close security holes so you don't get re-hacked.

If this is on a hosted account, your provider may be able to scan your account for known hacks. This will catch files, but may not catch code inserted into content if that's how it was done. That was where ours was.

HTH,
Bret

 
Average of ratings: -
Picture of d.w jones
Re: moodle virus?
 

we have gone into the moodle code in IE9 and in chrome. we noticed some randome code at the start of index.php in IE9 that was not there under chrome. deleted the code and the home screen in IE9 came back to normal. the virus aleart in sophos also went away, this explains why sophos had a virus aleart but no virus was found during the scan.

our moodle is run on our own servers.

 

thank you all for your advice and interest in helping

 
Average of ratings: -
Picture of d.w jones
Re: moodle virus?
 

Its back, the red screen sad

 
Average of ratings: -
Picture of Cathleen White
Re: moodle virus?
 
My network admin has been going through the main index pages manually looking for the code. The mystery page is the "Notifications" page under "Site Administration." It seems to be a redirect page, but we can't find its file. That's our last (known) red screen.
 
Average of ratings: -
Picture of Rob Johnson
Re: moodle virus?
Group Particularly helpful Moodlers

The notifications page should be /admin/index.php.

 
Average of ratings: -
Picture of Howard Miller
Re: moodle virus?
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

It won't do. You need to completely delete the Moodle code and replace it with clean code. Hopefully your database and moodledata are unaffected.

The most likely thing is that you had incorrect permissions on the Moodle code. It is vital that the web server user does NOT have permissions to write to the Moodle code area.

 
Average of ratings: -
Picture of d.w jones
Re: moodle virus?
 

a new issue has turned up, has anybody else had this appear for them?


 
Average of ratings: -
Picture of Ray Morris
Re: moodle virus?
Group DevelopersGroup Particularly helpful Moodlers

The message means you edited settings on that page and didn't save them.  It's asking if you are sure you want to leave the page without saving your settings.

 
Average of ratings:Useful (1)