Security and privacy

 
 
Picture of christian turc
only my ip addresses allowed and still getting hacked
 

How is this possible?

only my ip addresses allowed and still getting hacked

thanks.

 
Average of ratings: -
Picture of Emma Richardson
Re: only my ip addresses allowed and still getting hacked
Group Particularly helpful Moodlers

You might want to give just a little more information...why do you think you are hacked, what is happening, what is limited to only your ip address, etc,,,

 
Average of ratings: -
Picture of christian turc
Re: only my ip addresses allowed and still getting hacked
 

I am using Moodle 1.19 on a GoDaddy hosted account. This app is available to install through the control panel. after installing this software my php files get changed. How do I prevent that? Is there a way I could password protect those files? Also I tried manually to install different versions of Moodle like 2.2, 2.3 or 2.4 but the results were the same or even worse. I was not even able to get back to my site. What should I do? and thanks for replying . Chris 

 
Average of ratings: -
Picture of Ken Task
Re: only my ip addresses allowed and still getting hacked
Group Particularly helpful Moodlers

I do hope you have either a full site backup or at the very least, course backups downloaded and archived.

For others who might find this discussion/issue ... Christain and I have had a 'side bar'.    In that 'side bar' from what I gather,  it appears GoDaddy installer script installs a version less than 1.9.19+ (highest/most secure of that series).  After installation, it warns about setting the salt (which was introduce in version 1.9.6), it has php error reporting turned on, and installs moodledata in space directly accessible via the web.  (appears to be installing 1.9.7).  Even installing 2.2, 2.3, or 2.4 the moodledata folder should not be in a directory that is directly accessible via the web.

Not long ago, MS computers came with pre-installed malware from an OEM in the distrubtion channel.   Wonder GD is now suffering something similar in that php files in whatever installer they have provided for customers has already been compromised.

Surely, if php files appear in your site, GoDaddy security folks would be able to at least investigate that and report finding.

Have already suggested he check into a GD VPS.

'spirit of sharing', Ken

 

 
Average of ratings: -
Picture of Ken Task
Re: only my ip addresses allowed and still getting hacked
Group Particularly helpful Moodlers

How have you restricted to a single IP?  Even if you have, there are some nasty things out there that could take advantage of holes in php via Moodle ... remotely, requires no login/pass, etc.  Dunno how accurate or current, but see: http://bit.ly/17Uynus

Version of Moodle? 

Have you checked for the existence of non-Moodle php scripts in the moodle code folder or other web accessible folder/directory.

And what is behavior/appearance of the hack?

'spirit of sharing', Ken

 
Average of ratings: -