Martin Dougiamas tells us how to prevent spam

“One of the most common security issues that we see in Moodle sites is profile spam.

Profile spam is primarily a problem on sites with the combination of these two settings:

1. email authentication is enabled, allowing people to self-create an account on the site
2. the admin setting forceloginforprofiles is disabled, allowing anyone to see and link to user profiles

Some older versions of Moodle had these as default.

The problems with these settings is that spammers can create a page on the Moodle site which they can fill with links and pictures of porn and other nasty stuff. This in turn comes up in Google searches for those things, and is used to boost ratings to porn sites or hacking sites designed to take over your personal computer. Note that this content is designed for people using search engines, and is usually not available from within the Moodle site itself (since spammers don’t join any courses) so users and admins are usually not even aware their site is having this problem.

Please pass the word to all Moodle admins that you know to check these Moodle site settings and make sure their sites are not vulnerable to profile spam. Email authentication should be disabled if not needed, and if it can’t then forceloginforprofiles should definitely be enabled.

Please also use our spam-cleaning tool to scan your site to find affected profiles and delete them. This page in the docs has more details: Reducing_spam_in_Moodle and you can also get help in the Security and Privacy forum.” – from Moodle.org Moodle Announcements

Source: Moodle.org Moodle Announcements

Moodle has released updates to four of its most recent branches. The latest point update, 1.9.4, addresses security vulnerabilities and includes a number of minor fixes and enhancements to the open source learning management system. – from THE Journal: read more

Martin Dougiamas also speaks about this in the Moodle Announcement: New releases: Moodle 1.9.4, 1.8.8, 1.7.7 and 1.6.9

I was looking through the U of M Moodle link and I ran across a link to an old interview with Martin Dougiamas by my current boss! So I asked him (he was right next to me in his office at the time), “Hey, Tim! you interviewed Dougiamas?!” He came out and said yeah had! Download the podcast interview on his blog, The Savvy Technologist. I have not listened to it yet but I plan to listen this afternoon. It was back in 2005, so it will be interesting to hear Martin’s thoughts and see if it corresponds to what Moodle is now.

Other links

• Patrick Malley – The Future of Moodle Templates
• Moodle Blog – Moodleblog.org