Reducing spam in Moodle: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (Profiles for enrolled users only setting in 1.7.7) |
m (French link) |
||
Line 24: | Line 24: | ||
[[eu:Spama_murriztu_Moodle-n]] | [[eu:Spama_murriztu_Moodle-n]] | ||
[[fr:Réduire le spam]] | |||
[[ja:Moodleでスパムを減らすには]] | [[ja:Moodleでスパムを減らすには]] |
Revision as of 16:36, 18 November 2008
Here are some suggestions for reducing the risk of spam in Moodle:
- Keep "Force users to login for profiles" enabled in Administration > Security > Site policies to keep anonymous visitors and search engines away from user profiles.
- Keep "Profiles for enrolled users only" enabled in Administration > Security > Site policies (in Moodle 1.7.7, 1.8.8 and in 1.9.4 onwards).
- Keep self registration disabled in Administration > Users > Authentication > Manage authentication common settings.
- Consider the spam risks involved in allowing certain capabilities, such as replying to forum posts, for visitor accounts.
If Email-based self-registration is used for self registration:
- Add spam protection to the new account form by enabling reCAPTCHA (in Moodle 1.9.1 onwards). This is quite effective against most automated spambots, but will not foil human spammers at all.
- Limit self registration to particular email domains with the allowed email domains setting or deny email addresses from particular domains, such as mailinator.com and temporaryinbox.com, with the denied email domains setting. Both settings are in Administration > Users > Authentication > Manage authentication common settings.
- Consider only enabling self registration for a short period of time to allow users to create accounts, and then later disable it.
- Keep "Email change confirmation" enabled in Administration > Security > Site policies (in Moodle 1.8.6 and in 1.9.2 onwards).
Cleaning up profiles
If your site was open and you have a spam problem then here are some things you can do to clean up the profiles:
- Browse your user list looking for patterns to detect users who need to be deleted. For example, spammers might have chosen a country that none of your real users has.
- Use the "Bulk user actions" tool under Admin > Users > Accounts to find all these users and delete them. Note that versions prior to 1.6.7, 1.7.5, 1.8.6, 1.9.2 had a bug that did not properly hide deleted user profiles, so make sure you have upgraded to a later version if you want to keep user profiles visible to the world.
- Spam Cleaner is a simple script to help you delete spammer accounts more easily:
- Download: spamcleaner.php
- Feedback/discussion: issue MDL-17144 in the Moodle tracker