1

Securing Moodle and Reducing Spam

If you use Moodle you probably do everything possible to lock down who as access to the courses on your server both to protect the content but also to protect your students from outside visitors. There are quite a few steps you can take to ensure your VLE is protected ranging from the total lock down of administrator account creation only right down to email authentication.

moodle

I am fortunate enough to run courses with adult students but a number of friends run they system in schools with great success. 

I will say at this point that Moodle offers a great level of security for users and this post is just a few tips on how to best secure your system. If you have any other suggestions please so post them in the comments.

If you allow students to create their own accounts via a registration form then you are most likely to be at risk to profile spam. Profile spam involves malicious scripts that register Moodle accounts and post spam (included on one reported case inappropriate content).

The Moodle site offers some suggestions on how to keep your install protected and if you are working in a school situation it is essential you :

Here are some suggestions for reducing the risk of spam in Moodle:

  • Keep “Force users to login for profiles” This keeps the public (and search engines) away from user profiles.
  • Keep “Profiles for enrolled users only”
  • Keep self registration disabled. This obviously means the administrator has to create the accounts when needed but this will ensure a high level of security for your users.

If you have no choice than to use email-based self-registration then make sure you:

  • enable reCAPTCHA. reCAPTCHA is one of the best protections against script based account creation.
  • Limit self registration to particular email domains.
  • Only enabling self registration for a short period of time.
  • Keep “Email change confirmation” Enabled.

We also recommend having a different enrollment key for every course. Ensure you keep the participants block off the front page so that if a user does register via email they can not access a course or a user profile.

We carry out weekly checks on our user list, we ensure the total number of users has not increased and we check new user profiles. 

If you have any additional tips on securing Moodle please do post them in the comments.

Related:



This post was written by Digmo .

An educational technology blogger with a passion for photography and all things Apple. The aim of this blog is to tie together Creativity, Technology and Education. As well as traditional desk based ICT DigMo! hopes to address the growing trends in mobile education.

More Posts by Digmo   Visit Digmo's Website

Liked this? Share it!

Subscribe to RSS feed Tweet this! StumbleUpon Reddit Digg This! Bookmark on Delicious Share on Facebook

One Comment

Join the Conversation

  1. PK says:
    December 12, 2008 at 10:27 am

    My advice: Read http://docs.moodle.org/en/Security , check your rights on moodle source files directory and moodledata

    Reply

Leave a Reply