Unwanted hyperlink between quiz and a course topic AND a security breach.

Unwanted hyperlink between quiz and a course topic AND a security breach.

by Declan Maher -
Number of replies: 11

Hi all,

Moodle version 2.3

 

Recently I set up a quiz with the following security level included: "Full screen pop-up with  some Java script security."  Two anomalies occurred

(1) When scanning through the questions prior to the quiz being available to the students, I noticed that one word in a specific quiz question was hyperlinked to the same word in the title of a course page file .  Clicking the hyperlink in the quiz question brought me directly to the associated course topic!!! and this access also allowed complete access to the remainder of the course page topics!!!!!! If anyone can tell me how this hyperlink was generated and  how I can prevent it from occurring again  in future quizzes, I would be very grateful..

(2)  The participant records for the quiz clearly show that a small % of the examinees accessed the course page and its various topics  during the exam period when only the quiz should have been accessible.  Hyperlinks had to the best of my knowledge been eliminated by me prior to the exam becoming available to the examinees(see anomaly one above).  Could anyone offer a suggestion as to how these few  students were able to access the course page  during the exam?.  Access to the course page by these examinees  was via  the same IP address of the in-house college PCs that they were simultaneously using to answer  the quiz questions.

 

Thank you for reading this.

Average of ratings: -
In reply to Declan Maher

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Hello. You have probably got, in your course, activity names auto-linking filter enabled. See Course administration>Filters. You can either turn it off for the course or in the Quiz administration>Filters you can turn it off for the quiz.

Average of ratings: Useful (3)
In reply to Mary Cooch

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Declan Maher -

Thank you Mary - yes, the activity names auto-linking filter was indeed enabled.

Average of ratings: -
In reply to Mary Cooch

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Joseph Rézeau -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Mary gave the correct answer. I would add that I personally find it irritating that the activity names autolinking filter is enabled by default on a moodle site. This is not the first time that we have had reports from users confused by this unwanted autolinking.sad

Joseph

Average of ratings: -
In reply to Mary Cooch

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Teacher 123 -

Mary,

Thank you so much. I had that same problem. The hyperlink was on a key term that was in my quiz. I almost had a heart attack when I saw it, since I am giving this quiz tomorrow. 

Average of ratings: -
In reply to Declan Maher

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Joshua Bragg -

There is nothing preventing students from opening new tabs, or even a different browser during the attempt. That feature doesn't really do much other than disable copy and paste and make the window full screen. Determined students can get around it easily. 

Secure Exam browser has more security features baked in. I've never used it but it sound like you may prefer it. 

Average of ratings: Useful (1)
In reply to Joshua Bragg

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Declan Maher -

Thank you Joshua for your comments.  You say that There is nothing preventing students from opening new tabs, or even a different browser during the attempt AND  Determined students can get around it easily.  Can you provide me with an example as to how this can be done if the window is full screen

 

Is Secure Exam browser some form of add-on?  Where is it located?  Apologies if I seem to be asking naive questions

Average of ratings: -
In reply to Declan Maher

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

There is Safe exam browser if that helps.

Average of ratings: Useful (1)
In reply to Mary Cooch

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Declan Maher -

Thanks Mary, seems to be just what I am seeking.

Average of ratings: -
In reply to Declan Maher

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Joshua Bragg -

First, thanks Mary for correcting me.  I wasn't sure I had the name right but I was on my phone and was lazy... smile

Declan, all of these will work:

Alt+Tab = switch windows

Ctrl + T = opens new tab

Alt + F4 = closes the current window, the student can reopen the window later, the timer does keep going

and the lovely windows key to open the start menu.

I just tried it with IE9 and latest Chrome on Windows 7 and the minimize, restore and close buttons were still shown so its pretty straight forward there.

I seem to remember from years ago that with Windows XP and an old version of IE that you could truly get a full screen popup without the buttons or a visible start menu.  However, all the keyboard shortcuts still worked.

Average of ratings: -
In reply to Joshua Bragg

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Declan Maher -

Joshua, that is very enlightening - thank you for showing me  how easy it is to bypass the current security arrangement.   Must get Safe Exam Browser installed.

Average of ratings: -
In reply to Declan Maher

Re: Unwanted hyperlink between quiz and a course topic AND a security breach.

by Teacher 123 -

Joshua and Mary, 

Thank you so much for your posts about Safe Exam Browser. I will begin using this for the new school year. 


Average of ratings: -