Moodle Blog

Is your Moodle safe?

Saturday, 24. May 2008 von admin

I’ve hacked into three Moodle sites this week… well, ok; no, not really; I got in perfectly legitimately: I just went to the Login page – created myself an account, clicked on the confirmation email and got free access to anywhere and everything on these Moodles. One is a secondary school not too many miles from me; the other two are primary schools. Worryingly, when I had logged into one primary school – in Skelmersdale – I gained immediate access to editing the front page… Naturally I owned up immediately to all three (once I had thoroughly investigated their content)email based self registration And fortunately for them, these are Moodles in their infancy with very few users and not a lot of content. However, it does highlight the importance of having someone knowledgeable and competent as Admin, and this is where those tempted to go the Moodle way can be dissuaded by the commercial companies who will argue that it is only they who are trustworthy enough to admistrate – and  charge schools thousands to do so. Not true; but it is vital that whoever has Admin rights within the school is aware of the different types of authentication. These three (and how many more?) were set -inadvertently methinks – to ’email based self authentication’ whereby anyone can get an account simply by filling in the form.  They should have set their authentication to ‘manual’ and only allow in those they wish. I’m a trustworthy CRB cleared educator – but who knows what could be offered to someone unscrupulous who chanced upon these school Moodles?  Even more of a concern: the Skelmersdale primary Moodle I got into is actually managed by a paid company who advertise themselves to schools. (Not a Moodle partner by the way) Here’s the link to Moodle docs – is your Moodle safe?


The Blog Posts

Search the blog



WP-Design: Vlad -- Powered by WordPress -- XHTML 1.0