moodle virus?

Re: moodle virus?

by Bret Miller -
Number of replies: 7
Picture of Particularly helpful Moodlers

Someone has most certainly hacked your website. How they did it, I can't say from that message. It happened to our drupal website in August using a SQL injection flaw. You need to:

1. find and clean up the hacked code

2. reset you administrator passwords and ftp/ssh passwords

3. upgrade your code to close security holes so you don't get re-hacked.

If this is on a hosted account, your provider may be able to scan your account for known hacks. This will catch files, but may not catch code inserted into content if that's how it was done. That was where ours was.

HTH,
Bret

Average of ratings: -
In reply to Bret Miller

Re: moodle virus?

by d.w jones -

we have gone into the moodle code in IE9 and in chrome. we noticed some randome code at the start of index.php in IE9 that was not there under chrome. deleted the code and the home screen in IE9 came back to normal. the virus aleart in sophos also went away, this explains why sophos had a virus aleart but no virus was found during the scan.

our moodle is run on our own servers.

 

thank you all for your advice and interest in helping

Average of ratings: -
In reply to d.w jones

Re: moodle virus?

by d.w jones -

Its back, the red screen sad

Average of ratings: -
In reply to d.w jones

Re: moodle virus?

by Cathleen White -
My network admin has been going through the main index pages manually looking for the code. The mystery page is the "Notifications" page under "Site Administration." It seems to be a redirect page, but we can't find its file. That's our last (known) red screen.
Average of ratings: -
In reply to d.w jones

Re: moodle virus?

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

It won't do. You need to completely delete the Moodle code and replace it with clean code. Hopefully your database and moodledata are unaffected.

The most likely thing is that you had incorrect permissions on the Moodle code. It is vital that the web server user does NOT have permissions to write to the Moodle code area.

Average of ratings: -
In reply to Howard Miller

Re: moodle virus?

by d.w jones -

a new issue has turned up, has anybody else had this appear for them?

Attachment Capture.JPG
Average of ratings: -
In reply to d.w jones

Re: moodle virus?

by Ray Morris -

The message means you edited settings on that page and didn't save them.  It's asking if you are sure you want to leave the page without saving your settings.

Average of ratings: Useful (1)