Note: You are currently viewing documentation for Moodle 3.3. Up-to-date documentation for the latest stable version of Moodle is probably available here: Hacked site recovery.

Hacked site recovery: Difference between revisions

From MoodleDocs
Line 21: Line 21:
==Dealing with spam==
==Dealing with spam==
* Spam in profiles or forum posts does not mean your site was actually hacked.
* Spam in profiles or forum posts does not mean your site was actually hacked.
* Use the [[Spam cleaner]] tool (''Administration > Reports > Spam cleaner'') in Moodle 1.8.9 and 1.9.5 regularly to find spam.
* Use the [[Spam cleaner]] tool (''Administration > Reports > Spam cleaner'') regularly to find spam (Moodle 1.8.9 and 1.9.5 onwards).


==Prevention==
==Prevention==

Revision as of 13:28, 19 February 2009


Initial steps

  • Organise to take your site off-line temporarily until you know you've fixed everything.
  • Find all available older database and file backups
  • Backup php files, database and data files (Do not overwrite older backups.)
  • Contact your hosting provider, if you have one.

Damage assessment

  • Look for any modified or uploaded files on your web server.
  • Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.

Recovery

Dealing with spam

  • Spam in profiles or forum posts does not mean your site was actually hacked.
  • Use the Spam cleaner tool (Administration > Reports > Spam cleaner) regularly to find spam (Moodle 1.8.9 and 1.9.5 onwards).

Prevention

  • Always keep your site up-to-date and use the latest stable version. It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. CVS is an easy way to do this.
  • Regularly run the Security overview report (Administration > Reports > Security overview) (Moodle 1.8.9 and 1.9.4 onwards).

See also

Using Moodle forum discussions: