+ Post New Thread
Results 1 to 14 of 14
Virtual Learning Platforms Thread, Have we been hacked? in Technical; Went into Moodle view source and I found (see attached) this between the normal code. What the heck happened here? ...
  1. #1
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,208
    Thank Post
    225
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30

    Have we been hacked?

    Went into Moodle view source and I found (see attached) this between the normal code.


    What the heck happened here?


    Wes
    Attached Files Attached Files

  2. #2


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    Nothing attached?

  3. #3
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,208
    Thank Post
    225
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    yeah sorry hit submit too quickly


    Wes

  4. #4

    Join Date
    Jun 2009
    Posts
    24
    Thank Post
    0
    Thanked 7 Times in 4 Posts
    Rep Power
    12
    Yes, you have.

  5. #5
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,208
    Thank Post
    225
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    Anyway to remove this without reinstalling the site?



    Wes

  6. #6
    CSNM-Carl's Avatar
    Join Date
    Jan 2008
    Location
    Teesside
    Posts
    344
    Thank Post
    145
    Thanked 62 Times in 50 Posts
    Rep Power
    45
    I'd recommend you restore the site from your latest backups (before it was hacked) both the site data & database.

    Then upgrade Moodle to the latest stable version and ensure you have permissions set correctly on files/folders, including having the moodledata/ directory outside of the website root.

  7. #7
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,208
    Thank Post
    225
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    I think I found the offending file and it's now alright just running a few tests on it though.

    Wes

  8. #8

    Join Date
    Apr 2006
    Location
    UK
    Posts
    939
    Thank Post
    39
    Thanked 70 Times in 54 Posts
    Rep Power
    30
    Which version of Moodle are you/were you running?

  9. #9
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,208
    Thank Post
    225
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    1.7.1+ I think, haven't upgraded for some time as we have some custom code inserted throughout the moodle code base.

    Wes

  10. #10
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by wesleyw View Post
    1.7.1+ I think, haven't upgraded for some time as we have some custom code inserted throughout the moodle code base.

    Wes
    You'll want to upgrade as a matter of course because any of the popular Opensource applications are routinely targetted by script kiddies and spammers.

    I'd recommend getting to grips with diff() tools like examdiff (pro is definitely worth the money) and if you can, Subversion or CVS to manage your code updates so you can roll back in case of problems.

  11. #11
    monkeyx's Avatar
    Join Date
    Nov 2006
    Posts
    364
    Thank Post
    8
    Thanked 52 Times in 41 Posts
    Rep Power
    25
    May also be worth checking the guest account access, as I think some vunerabilities used this account.

  12. #12

    Join Date
    Sep 2006
    Location
    West Midlands
    Posts
    410
    Thank Post
    73
    Thanked 75 Times in 58 Posts
    Rep Power
    44

  13. #13

    Join Date
    Dec 2007
    Location
    Preston
    Posts
    366
    Thank Post
    14
    Thanked 84 Times in 77 Posts
    Rep Power
    30

    email based self authentication/registration

    Did you have your moodle with email-based self authentication? If so that's how they'll have got in. The later versions of Moodle -1.9 onwards -have this turned off by default - and if you absolutely DO need it then you can set certain allowed email addresses and banned ones (spammers tend to use hotmail/gmail etc) and/or captcha. But I agree with the above posters: you absolutely must upgrade - 1.7 is really old now - 1.8 is really old even! And just because you've got rid of some stuff off your front page doesn't mean there isn't stuff elsewhere on your Moodle.

  14. #14
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,208
    Thank Post
    225
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    Authenticates via internal imap box.

    Wes

SHARE:
+ Post New Thread

Similar Threads

  1. hacked?
    By uk101man in forum *nix
    Replies: 3
    Last Post: 2nd August 2007, 11:22 AM
  2. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  3. Are we being hacked?
    By Paul_L in forum General Chat
    Replies: 2
    Last Post: 13th September 2006, 08:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •