Security and privacy

 
 
Picture of Margaret Richards
Hacked - popup ads all over
 

I just realized that my moodle install was hacked last Tuesday. I don't monitor the site daily and it has minimal use but by coincidence I looked this morning and noticed that there are a number of words throughout the course that now auto-link to pop-up ads - see image attached. The words linked seem fairly random and happen at all levels of the course (text on resource pages that I created, city names in user profiles (ex: a user profile's city of London has this link but another user from London does not), gradebook links, etc.). Attached is one example. 

I looked in the course account and it looks like someone used Guest User to somehow attack the site (Guest access is not enabled in my course) - see attached -- there are hundreds of logs for this 'user'.

How do I fix this?? I am not a techie but I have a techie that can help me.  Thanks.



 
Average of ratings: -
Picture of Emma Richardson
Re: Hacked - popup ads all over
Group Particularly helpful Moodlers

I had something similar happen  here but it was not through the actual login.  I was able to fix by searching through the source code for the page that is was showing for the specific url's that were coming up and find out where exactly the code had been inserted and then remove it that way.  In my case, it had come from one teacher's course.

I am concerned that it appears that someone was able to use the guest account password entry to insert code into the website.  If that is the case, we definitely need a Tracker item on this.

 
Average of ratings: -
Picture of tatiana ramiro
Re: Hacked - popup ads all over
 

same issue at my site: popups showing from different words linking to advertisings

i don't really now is that is something we can avoid as moodle admins or it has to do wiht security setups in user browsers and computers

any ideas here?

 
Average of ratings: -
Picture of Emma Richardson
Re: Hacked - popup ads all over
Group Particularly helpful Moodlers

Unfortunately, as long as teachers/users are able to insert html into the site, I think we are always going to run the risk of something like this.  

Mine came from a course where a teacher had inserted an image into her course through an html code.  I am guessing that she inadvertently copied some additional code with the image and that was how the site became infected.  Because it was in the course description, it also affected the front page.  Luckily, I was able to pinpoint it and delete it out pretty easily.

 
Average of ratings: -
Gmads
Re: Hacked - popup ads all over
Group Particularly helpful MoodlersGroup Testers

Hi Tatiana,

You need to check the content at the front page and in those course that were recently modified/updated. Try also by taking a look at the web server error and access logs. If you cannot really find anything you would then need to search through the database or at the moodle php scripts.

If the Moodle scripts have been altered, you would have to reinstall with the Moodle package originally used, along with any non-standard plugins and/or themes used.

 
Average of ratings: -