Online credentials theft is moving towards more sophisticated methods which is making it increasingly difficult for users and companies to protect themselves. So, you need some methods/services to reduce the attacks directed at your online services. Latch, a service by ElevenPaths provides your end users to lock the service account or selected features conveniently, when they dont want to use them. Read More
Security of your Moodle site from brute force attacks is a major concern for your Moodle Administrators since any loophole in the security may result in infected or even a total crash of your Moodle site.
By default in Moodle core there is an option under Site Policies to lockout any account based on the number of incorrect logins within a certain period of time but this may also be abused in denial of service attacks. Read More
Another new feature added to the most popular open source LMS i.e. Moodle in the latest version is to keep your site upgrades secure using the Upgrade Key. Upgrade key is a new mechanism to protect your Moodle site during Moodle core update and/or a plugin installation/update. Read More
During the iMoot 2015 #imoot15 Shane Elliot, the Managing Director of Pukunui International, a leading online education services company, has shared his presentation about the security of your Moodle Site for Non Techies.
In the presentation he discusses the basic questions about the security of a Moodle site like “Is my site secure?” “Can anybody in the world see my course?” “I heard that the server got hacked – I don’t even know what that means!” “What should I do?” Read More
Marina Glancy, the Development Process Manager in Moodle HQ has shared a presentation about the security in the Moodle plugins during the MoodleMoot Australia (#MootAu15).
The presentation includes the typical security vulnerabilities and their probable remedial actions like Cross-site scripting (XSS), Cross-site request forgery (CSRF), Privilege escalation (incl. unauthorised access), Information leakage, SQL injection, Command-line and code injection, Illegal files access, Denial of service, buffer overflow, timeout, etc. Read More
Moodle 2.9 the upcoming version of the most popular open source LMS which is in the code freeze state now and waiting for the QA tsting to commence from 13 April onwards, contains a lots of new features, fixed bugs and improvements in the existing functionality. Read More
In a recent attack on Moodle.org by spammers a lot of spam emails are delivered to the users from Moodle forums. Mr. Ken task started a forum thread for the same spam emails which resulted in few solutions which can be utilized on a Moodle site to stop spams.
First one is Spam Deletion Block and the other one is to have a create new account page with some kind of security questions because attackers are still able to solve the captcha option to create new accounts. Read More
Enhancing security is a major concern for all site administrators because of the increased attacks by hackers and security breaches. Google has developed an authentication service “Google Authenticator” which connects the user login details to his/her mobile. It is also known as “2-step authentication”. Read More