Moodle Hacked?

Moodle Hacked?

by Lance Hinds -
Number of replies: 5
Not sure if this is the right place for this but if anyone knows how this happened it would be good info for us all....

Moodle Hacked at Oregon College

3/14/2008

By Dian Schaffhauser

Umpqua Community College in Winchester, OR announced in February that its Moodle course management system had been hacked earlier in the year, potentially exposing student information. According to a statement from the college, there was no evidence that personal records had been affected. The school also noted that the IT department knew how the system had been compromised and had taken steps to address the security vulnerabilities, which included shutting Moodle down temporarily.

Now all users of the college's applications--which include Angel LMS from Angel Learning, Banner from Sungard Higher Education, and the school's portal--must also set up new PINs to prevent the misuse of any data collected during the Moodle breach.

According to an article in The News-Review, a Winchester newspaper, the college became aware of the breach when the system slowed down. An IT investigation uncovered a message from the hacker that had been planted in the system. That same examination revealed that user account information--including names, passwords, and demographic details--had been stored in the software.

The campus had been a long-time user of the open source application, which was being supported by an external service provider. On the Moodle system, students received assignments, completed and turned in course work, and communicated with their instructors.

The school had migrated to Angel in 2007 but implemented Moodle internally at the same time in order to support its nursing program, which wasn't ready to move to a new platform. It was that installation that had been run without safeguards and that lacked a critical security patch, according to The News-Review.

Other instructors outside of nursing were also continuing with their use of Moodle. When IT shut down the internal deployment of Moodle, several professors said they'd be willing to cover the expense of moving the installation to an outside firm that could host the software. The college chose to pay for a similar hosting service but has assigned a task force to decide whether Moodle will continue being used in the future.




Average of ratings: -
In reply to Lance Hinds

Re: Moodle Hacked? - What really happened

by Bryan Williams -
Sadly, the reporter (Dian Schaffhauser) was a bit lazy in her story. Rather than go to the source and check her facts she simply took what was reported here and put her own spin on it. Gee, that's never happened before! wide eyes The original story actually did not report the facts correctly or completely according to the IT staff at the college.

Umpqua Community College had mistakenly installed moodledata in the public directory, an error others have undoubtedly made when using the package installers here at Moodle.org. These packages are great for exploring Moodle on your desktop as they include Apache, MySQL and Moodle with simple controls to give you a server like experience. There are caution labels included with these packages that they are insecure by default, and should NOT be put into production (those pesky warning labels).

The IT staff contacted a Moodle partner who promptly got the school Moodle site transfered into a hosted (secure) environment. For the past few weeks teachers and students have continued to use their Moodle installation without incident. NO student data was ever compromised. If there is an IT Manager reading this post that would like to connect with the IT Manager at Umpqua Community College to get the real story, please contact me offline.
Average of ratings: Useful (1)
In reply to Bryan Williams

Re: Moodle Hacked? - What really happened

by Steve Hyndman -

Yes, I would say she was lazy. Both the original article and Dian said:

"UCC had been using Moodle for many years, but it was paying another company to manage it."

But they didn't name that company...leaves everyone who reads this to wonder what company that was.

This is unfortunate. If Moodle was installed and Managed competently, then this should have never happened.

You said NO student data was compromised, but in the article, the College Director if IT seems to disagree...was she misquoted?

“Any person in the world that uses Moodle and knows the way to administer the system via the Web could log in with no passwords,” Victoria DeVore, the college’s director of information technology, wrote Feb. 21 in an e-mail message to biology professor Ken Carloni, who was inquiring about the system. “This gave them access to all users’ accounts, names, passwords and other demographic information along with changing anything they wanted!”

Steve 

Average of ratings: -
In reply to Bryan Williams

Re: Moodle Hacked? - What really happened

by Matt Gibson -
To clarify - I've used a package from the downloads bit for my production site on windows and its fine - moodledata is outside the documentroot as it should be. I think the packages that are the problem are those provided by many hosting companies which are outside of moodle.org's control.
Average of ratings: -
In reply to Lance Hinds

Re: Moodle Hacked?

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
From the article: "It was that installation that had been run without safeguards and that lacked a critical security patch"

This is why we constantly send out Moodle security info and upgrade notices to all registered Moodle admins. So register your Moodle sites (from the Notifications page) and upgrade regularly!
Average of ratings: -