Note: You are currently viewing documentation for Moodle 3.8. Up-to-date documentation for the latest stable version of Moodle may be available here: Hacked site recovery.

Hacked site recovery

From MoodleDocs


Initial steps

  • Contact your hosting provider, if you have one.
  • Immediately put the site into Maintenance mode or completely off-line until you know you've fixed everything.
  • Find all available older database and file backups
  • Backup php files, database and data files (Do not overwrite older backups.)

Damage assessment

  • Look for any modified or uploaded files on your web server.
  • Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.

Recovery

Dealing with spam

  • Spam in profiles or forum posts does not mean your site was actually hacked.
  • Use the Spam cleaner tool (Administration > Reports > Spam cleaner) regularly to find spam (Moodle 1.8.9 and 1.9.5 onwards).

Prevention

  • Always keep your site up-to-date and use the latest stable version. It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. CVS is an easy way to do this.
  • Regularly run the Security overview report (Administration > Reports > Security overview) (Moodle 1.8.9 and 1.9.4 onwards).

See also

Using Moodle forum discussions: