Problem: One of the Moodles set up isn’t really for facilitating online learning, but rather, facilitating dialogue with the community. As such, since that Moodle will be “out there” for the world in a way that makes it vulnerable, desirable to attack (it’s a Moodle for the Communications Office) as a result of its function, it’s important to protect it again spam and take-over. How can I secure it to prevent spam?
Solution:
Here are the steps I’m taking to ensure that this Moodle is protected from attack. Obviously, it goes without saying that if I need to do more, please let me know. I hope that this list of what I’m doing is helpful.
- Keep Moodle Installation Up to Date: Since it’s so easy to update Moodle, I make sure to keep our Moodles running at the latest version. Once you’ve updated Moodle several times, you’ll realize how easy it is…for practice and fun, I set up several older Moodle and then upgraded them to the latest version. The upgrades went flawlessly. Once I felt comfortable with the process, I started working on our real Moodles. No problems.
- Turn off Email Authentication unless you have to have it. Unfortunately, in this particular case, I have to have it on. As a result, I also have to make sure that the admin setting forceloginforprofiles is enabled, not allowing anyone to see and link to user profiles.
- Run the Security Report in Moodle (Reports->Security Overview)
- Run the Spam-Cleaning Tool (available here) periodically on sites with email authentication enabled.
- Enable ReCaptcha
- Keep up to date on Moodle Security – Join this group
- Make sure your Moodle files are not writeable. I notice this when enabling Read/Write access for some folders and files. Too bad there isn’t a guide as to what should be writeable and what should just be read only. Wait, it appears the Security Reports helps out in regards to this.
- Apply suggestions here.
Some additional security pages to read at Moodle:
- Security at Moodle
- Security Overview at Moodle.org
Finally, check out the Moodle Tip Roundup, Moodle Habitudes, and Moodle Mambo!
References
- Prevent Profile Spam, Martin D.
Subscribe to Around the Corner-MGuhlin.org
Be sure to visit the ShareMore! Wiki.
Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure
Discover more from Another Think Coming
Subscribe to get the latest posts sent to your email.
Another Think Coming 
When updating don’t forget the SIMPLEST way to update – CVS. If you have access to the command line or you are hosting the site on your own Windows server, this can be invaluable!!See:CVS for AdministratorsCVS for DevelopersCVS for Everyone Else
When updating don’t forget the SIMPLEST way to update – CVS. If you have access to the command line or you are hosting the site on your own Windows server, this can be invaluable!!See:CVS for AdministratorsCVS for DevelopersCVS for Everyone Else
I’ll have to investigate this. I don’t have a clue about CVS!! We’re on a Mac server with our Moodles but I can play on Windows and GNU/Linux if need be.Thanks!
I’ll have to investigate this. I don’t have a clue about CVS!! We’re on a Mac server with our Moodles but I can play on Windows and GNU/Linux if need be.Thanks!
Johnathan Moore’s presentation on security at OK Moodle Moot 2008 has some excellent suggestions:http://moodle.metrotech.org/mod/resource/view.php?id=933
Johnathan Moore’s presentation on security at OK Moodle Moot 2008 has some excellent suggestions:http://moodle.metrotech.org/mod/resource/view.php?id=933
I would think there would be CVS client for your Mac as well.Looks like there’s a native OSX client in Xcode?? See here. I also found a review on OSX CVS Clients here.Once you’ve got a CVS client, and a “fresh” CVS install of Moodle (see the previous CVS for Everyone Else link) it’s a matter of entering a simple command – cvs update -dP – and all new files are downloaded while any out-of-date files are instantly whisked away. Custom themes, blocks, and modules also stay in place… it’s a real life saver.Give it a try, you’ll like it!
I would think there would be CVS client for your Mac as well.Looks like there’s a native OSX client in Xcode?? See here. I also found a review on OSX CVS Clients here.Once you’ve got a CVS client, and a “fresh” CVS install of Moodle (see the previous CVS for Everyone Else link) it’s a matter of entering a simple command – cvs update -dP – and all new files are downloaded while any out-of-date files are instantly whisked away. Custom themes, blocks, and modules also stay in place… it’s a real life saver.Give it a try, you’ll like it!
Password salting is also something to look into for security.
Password salting is also something to look into for security.