We are using moodle 5.0.2, our users upload exe and php files in private area, how can we restrict them as there is no setting for private file area
Do you want to disable "Private Files" or do you want do restrict them from uploading files of type .exe and .php?
For disabling "Private Files" look under Site administration > Plugins > Repositories > Manage repositories
For disabling "Private Files" look under Site administration > Plugins > Repositories > Manage repositories
V odpovědi na MUHAMMAD FAIZ CHISHTI
Moodle- Private files upload allowed file type
autor MUHAMMAD FAIZ CHISHTI -
Dear Brother Marvin,
The actual scenario is that our system has been targeted, and from a certain login, malware is being uploaded. To mitigate this, we intend to whitelist only specific file extensions allowed for upload in the Private Files area. Below are the legitimate extensions we have shortlisted as required:
.rar, .zip, .gdoc, .epub, .odt, .ott, .oth, .pdf, .rtf, .docx, .doc, .gdraw, .bmp, .gif, .jpe, .jpeg, .jpg, .pct, .pict, .pic, .png, .ai, .tif, .tiff, .gslides, .ppam, .pptm, .ppsm, .potm, .odp, .otp, .potx, .sxi, .sti, .pptx, .ppsx, .pps, .ppt, .pub, .gsheet, .csv, .xlsm, .xlsx, .xls, .ods, .ots, document, presentation, spreadsheet
Our antivirus is detecting and quarantining the infected files, but we are still receiving continuous malware uploads.
We require assistance on the following:
1. Implementing a whitelist for uploads in the Private Files area.
2. Identifying the source account responsible for uploading the malware.
Kind regards,
Faiz Ali
The actual scenario is that our system has been targeted, and from a certain login, malware is being uploaded. To mitigate this, we intend to whitelist only specific file extensions allowed for upload in the Private Files area. Below are the legitimate extensions we have shortlisted as required:
.rar, .zip, .gdoc, .epub, .odt, .ott, .oth, .pdf, .rtf, .docx, .doc, .gdraw, .bmp, .gif, .jpe, .jpeg, .jpg, .pct, .pict, .pic, .png, .ai, .tif, .tiff, .gslides, .ppam, .pptm, .ppsm, .potm, .odp, .otp, .potx, .sxi, .sti, .pptx, .ppsx, .pps, .ppt, .pub, .gsheet, .csv, .xlsm, .xlsx, .xls, .ods, .ots, document, presentation, spreadsheet
Our antivirus is detecting and quarantining the infected files, but we are still receiving continuous malware uploads.
We require assistance on the following:
1. Implementing a whitelist for uploads in the Private Files area.
2. Identifying the source account responsible for uploading the malware.
Kind regards,
Faiz Ali
For
2. Identifying the source account responsible for uploading the malware
users machine might be infected.
Unfortunately, moodle's logs via GUI doesn't provide specific search for file uploads.
Probably better of searching true web server access logs.
In access_log of server, search for
"/course/modedit.php?add=resource&type"
That should show an ip address.
Then if it's a participant, use the following query from code/admin/cli/
mysql -u user -p'password' -e "use nameofmoodledb;select id,auth,username,firstname,lastname,email,lastip from mdl_user;" > users.txt;cat users.txt
change user.password,nameofdatabase to suit your server.
That will output to a users.txt file.
Then fgrep IPADDRESS users.txt
If it's not a participant, do a whois on that IP to find information about the IP address.
You could use operating system firewall to block that IP address. How one does that depends upon operating system, but Ubuntu has the ability as well
as Rocky and AlmaLinux - am sure other distros as well.
'SoS', Ken
And after a little googling ...
1. Implementing a whitelist for uploads in the Private Files area.
see:
https://docs.moodle.org/500/en/Private_files
Preventing access to Private files
Do students need the ability to use private files?
It's been my experience that providing private files to a lot of users (students) leads to abuse and could fill up your drive with files not used for moodle.
'SoS', Ken