Yes the kind of thing in this thread is a key reason for the plans happening here (for Moodle 2.0):
Development:Site-wide_groups
Martin Dougiamas
Posts made by Martin Dougiamas
Moodle in English -> Security and privacy -> Security issue: source files hacked ("hackcheckstr") -> Re: Security issue: source files hacked ("hackcheckstr")
by Martin Dougiamas -
My guess is that your config.php and perhaps other files were left writeable by the apache process, and that a spammer exploited one of the old published vulnerabilities to rewrite your files with extra code. It's impossible to know exactly which particular vulnerability without examining your server logs very carefully (it would be great if you could do this to help make sure that it is an old one, and not a new one).
It does seem likely that the "hackcheckstr" spammer could be using an automated script to comb for Moodle sites and perform the attack automatically (conveniently tagging the sites with "hackcheckstr" for easy discovery later on).
As you have noted, prevention involves:
- making sure your files are not left in a writeable state
- keeping Moodle up to date! Which means the very latest point release or weekly for a given branch.
It does seem likely that the "hackcheckstr" spammer could be using an automated script to comb for Moodle sites and perform the attack automatically (conveniently tagging the sites with "hackcheckstr" for easy discovery later on).
As you have noted, prevention involves:
- making sure your files are not left in a writeable state
- keeping Moodle up to date! Which means the very latest point release or weekly for a given branch.
Moodle in English -> Assignment -> Programming Assignment Plugin Ideas -> Re: Programming Assignment Plugin Ideas
by Martin Dougiamas -
One exists! 
http://cvs.moodle.org/contrib/plugins/mod/assignment/type/program/
http://docs.moodle.org/en/Student_projects/Automated_grading_of_programs
It would be really great if you could start there and make it better!
http://cvs.moodle.org/contrib/plugins/mod/assignment/type/program/
http://docs.moodle.org/en/Student_projects/Automated_grading_of_programs
It would be really great if you could start there and make it better!
Moodle in English -> General developer forum -> Do you want an FLV player activity module for Moodle? -> Re: Do you want an FLV player activity module for Moodle?
by Martin Dougiamas -
Just a thought: this would probably be more correctly implemented as a resource sub-type rather than an activity plugin.
Moodle in English -> General developer forum -> CVS Mirrors -> Re: CVS Mirrors
by Martin Dougiamas -
Here's another new way (subject to change):
http://moodle.org/stats/network.php
It's updated every few minutes.
http://moodle.org/stats/network.php
It's updated every few minutes.