We've used Moodle for years and I love it. Currently, we're using 3.5. Recently I've heard that a couple of companies have stopped using Moodle due to the easy hackability of the site. As we have a lot of user personal data and assessment evidence on the site, I need to ensure that this is not actually the case. Can anyone point me to documentation or evidence that Moodle is secure or information on what I need to ensure our hosts are doing to ensure that our site cannot be hacked?
Tim, thanks for your feedback. My gut feeling is the same however I'm not a technical person so I can't be sure. The companies are in South Africa and the information was passed to the owners of the company I work with. I'll review the documentation and hopefully, I can provide enough evidence for them not to show further concern. Have a great day further and thanks again.
Thank you for the feedback and it all makes perfect sense. I am now feeling a lot more comfortable and will ensure that the hosts of our Moodle platform are on top of this.
How easy is it to hack? As easy as you configure it to be.
The real question is: how hard is it to hack, and the answer to that depends a great deal on the security of the underlying tools, your database, PHP setup, server and network security in general, and also on your IT data handling policies and their real world compliance with security issues.
For example: a security patch for Moodle came out this week in 3.5.9 (your version) which fixed several potential security issues.
Did the people who manage your Moodle know about this? Did they get the advance notice sent to registered admins well before such security releases? Did they evaluate these security issues? Have they or are they planning to install this patch soon? If the answer to any of these questions is No, then you just found out where the real issue is.
To add ...
Not really a surprise that among the top 5 reasons for breaches @ large corps/whatever is 'failure to patch'. Not only operating system, but apps ... ie, moodle code.
When one registers their Moodle with Moodle HQ version is known. Wonder how many moodle sites over the entire globe are behind version wise and could stand an update or upgrade?
And why is that? Notifications screens inform site admins Moodle code is behind ... email's sent to admin's even have 'highly encouraged ....' but no update/upgrade takes place. Bet if truth be known the majority (and some do confess this openly in forums) are fearful update/upgrade will fail.
Maybe it's time for Moodle to provide a way to at least update code within a series right inside Moodle! Even if that were a local addon not part of core.
My 2 cents ...
We used to operate by asking the clients to nominate a day or week when it would be of less importance.. And we run multi-tenanted systems for 30+ large organisations. It was a nightmare - being nice didn't get it done. So instead, we now tell them when it is going to be offline, and for how long. Generally, they accept and inform their users accordingly, but all we do is corporate elearning, so nothing that is absolutely critical. The most recent case was a local government organisation training people to be clerks in the upcoming general election in the UK. They were about to start a major recruitment drive and online training, and we said we were taking them offline for up to 3 days. Two of those were a weekend... you should have seen the backlash! We took it offline anyway, because it was a major update (3.1+ to 3.7)... we had it done in a day, moved to a new server and everything reinstated... the DNS took a few hours of that time.
Patches we do there and then - often out of office hours. We contract with clients on the basis we will NOT make the system available 24/7 and if there is a security vulnerability we *will* deal with it regardless of their protests.
However, even so, patches and updates slip through the net. We get them eventually, but occasionally a patch comes out and then a full update comes out shortly after. So we normally wait a while when a patch is announced. Another good reason to do so is in case there is a problem- sometimes I don't want to be on the 'bleeding edge' of updates ;)
But you're right - it would be useful if updates could come centrally. However, it wouldn't help us since we've chopped into the core code in a number of places to create a multi-tenanted system, and we have to cross check new code against code changes to ensure we can do things with little impact. Normally, it's all done on a dev server, checked and then pushed live after that. So there is often a delay for us... but never for very long!