Moodle Security

Moodle Security
eBook: $26.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $71.98    Print cover: $44.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Follow the practical examples to close up any potential security holes, one by one
  • Choose which parts of your site you want to make public and who you are going to allow to access them
  • Protect against web robots that send harmful spam mails and scan your site's information
  • Learn how to monitor site activity and react accordingly

Book Details

Language : English
Paperback : 204 pages [ 235mm x 191mm ]
Release Date : February 2011
ISBN : 1849512647
ISBN 13 : 9781849512640
Author(s) : Darko Miletić
Topics and Technologies : All Books, Other, e-Learning, Moodle, Open Source

Table of Contents

Chapter 1: Delving into the World of Security
Chapter 2: Securing Your Server – Linux
Chapter 3: Securing Your Server—Windows
Chapter 4: Authentication
Chapter 5: Roles and Permissions
Chapter 6: Protection Against Bots
Chapter 7: Securing User Files
Chapter 8: Securing Moodle Data
Chapter 9: Monitoring User Activity
Chapter 10: Backup
Appendix: Authentication Plugins
  • Chapter 1: Delving into the World of Security
    • Moodle and security
      • Weak points
    • The secure installation of Moodle
      • Starting from scratch
        • Installation checklist
    • Quickly securing Moodle
      • Review the Moodle security overview report
    • Summary
    • Chapter 2: Securing Your Server – Linux
      • Securing your Linux—the basics
        • Firewall
        • User accounts and passwords
        • Removing unnecessary software packages
        • Patching
      • Apache configuration
        • Where to start
        • Directory browsing
        • Load only a minimal number of modules
        • Install and configure ModSecurity
      • MySQL configuration
      • PHP configuration
        • Installation
      • File security permissions
        • Discretionary Access Control—DAC
          • Directory permissions
        • Access Control Lists
        • Mandatory Access Control (MAC)
      • Adequate location for a Moodle installation
      • How to secure Moodle files
        • DAC
        • ACL
      • Summary
      • Chapter 3: Securing Your Server—Windows
        • Securing Windows—the basics
          • Firewall
          • Keeping OS updated
            • Configuring Windows update
          • Anti-virus
          • New security model
        • File security permissions
          • Adequate location for Moodle installation
        • Installing and securing PHP under Internet Information Server
          • Preparing IIS
          • Getting the right version of PHP
          • Configuring php.ini
          • Adding PHP to the IIS
            • Creating Application pool
            • Create new website
            • Adding PHP mapping
        • Securing MySQL
          • MySQL configuration wizard
          • Configure MySQL service to run under low/privileged user
            • Create a mysql account
        • Summary
        • Chapter 4: Authentication
          • Basics of authentication
            • Logon procedure
          • Common authentication attacks
            • Weak passwords
            • Enforcing a good password policy
            • Protecting user logon
              • Closing the security breach
            • Password change
              • Recover a forgotten password
            • User model in Moodle
          • Authentication types in Moodle
            • Manual accounts
            • E-mail based self-registration
              • Specifying allowed or denied e-mail domains
              • Captcha
              • Session hijacking
            • No login
          • Summary
          • Chapter 5: Roles and Permissions
            • Roles and capabilities
              • Capability
              • Context
              • Permissions
              • Role
              • How it all fits together
            • Standard Moodle roles
            • Customizing roles
              • Overriding roles
            • Best practices
              • Risky capabilities
            • Summary
            • Chapter 6: Protection Against Bots
              • Internet bots
                • Search engine content indexing
                • Harvesting email addresses
                • Website scraping
                • Spam generators
              • Protecting Moodle from unwanted search bots
                • Search engines
                • Moodle and search engines
                • Moodle access check
              • Protection against spam bots
                • User profiles
                • E-mail-based self-registration
                • User blogs
                • Moodle messaging system
                • Cleaning up spam
              • Protection against brute force attacks
              • Summary
              • Chapter 7: Securing User Files
                • Uploading files into Moodle
                  • How Moodle stores files
                  • Points of submitting user files
                    • WYSIWYG HTMLArea editor
                    • Upload single file simple/advanced assignment
                    • Forum
                    • Database activity
                • Dangers and pitfalls
                  • Classic viruses
                  • Macro viruses
                    • Applying protection measures
                • Anti-virus and Moodle
                  • ClamAV on Linux
                    • Configuring Moodle
                  • ClamAV on Windows
                    • Downloading
                    • Configuring clamd service
                    • Setting up virus signature database update
                    • Scheduling updates
                    • Final steps
                • Summary
                • Chapter 8: Securing Moodle Data
                  • User information protection
                    • User profile page
                      • Reaching profile page
                      • Protecting user profile information
                  • Course information protection
                    • Course backups
                      • Important information for users of Moodle prior to 1.9.7
                      • Security issues with course backups
                      • Scheduled backups
                  • Summary
                  • Chapter 9: Monitoring User Activity
                    • Activity monitoring using Moodle tools
                      • Moodle log
                      • Accessing the Moodle reports
                      • Logs report
                        • IP address look up page setup
                        • Configuring Moodle to use GeoIP database
                      • Live Logs report
                      • Statistics report
                      • Moodle cron
                        • Moodle cron on Windows
                        • Moodle cron on Linux
                        • Enabling statistics report
                    • Activity monitoring using OS native tools
                      • Linux
                        • Server load
                        • Disk space
                        • Web server load
                        • Web server statistics
                      • Windows
                        • Server load
                    • Summary
                    • Chapter 10: Backup
                      • Importance of backup
                      • Backup tools in Moodle
                        • Manual backup
                        • Automatic backup
                          • Content export options for automatic backup
                          • Execution configuration options
                          • When to use Moodle automated backup
                      • Site backup
                        • Database
                          • Server log
                          • Automating database backup—Linux
                          • Automating database backup—Windows
                          • Restoring database
                        • Moodledata directory
                          • Linux
                          • Windows
                        • Moodle directory
                      • Disaster recovery scenario
                      • Summary
                      • Appendix: Authentication Plugins
                        • Plugins less common in production servers
                          • LDAP server
                            • Configuring LDAP PHP extension
                          • CAS server
                          • FirstClass server
                          • IMAP server
                          • Moodle network authentication
                          • NNTP server
                          • No authentication
                          • PAM (Pluggable Authentication Modules)
                          • POP3 server
                          • Shibboleth
                          • Radius
                        • Summary

                        Darko Miletić

                        Darko Miletić has been enchanted by computers ever since he saw ZX Spectrum 48K back in 1985. From that moment his only goal was to learn as much as possible about these new contraptions. That dedication eventually led him to work as a part of the editorial staff of Serbian computer magazine "Personalni Računari" where he had a regular column about Microsoft Office. At the same time he studied Mechanical Engineering at the Belgrade University but decided he liked designing computer programs more than designing machines. In 2004, he moved to Argentina and soon started working with e-learning using various web technologies and, as of 2008, his focus is entirely on the Open Source Learning Management System, Moodle. He also led the development of IMS Common Cartridge v1 support for Moodle (1.9 and 2) which is now part of standard Moodle release. Currently, he is working as chief software architect in at Loom Inc. where he leads the development of Loom. Loom is the Managed Open Source LMS developed specifically to provide a personalized, comprehensive, e-learning experience. It merges the benefits of Open Source technology with the reliability of enterprise support, the dynamic scaling of cloud hosting, and power of customization. It offers complete services including content development, implementation management, faculty and administrative training, and custom programming needs. It is dedicated to developing products and services such as Weaver that are focused on utilizing the data with the LMS to support student retention, to facilitate faculty performance, and to bring about learning outcomes that maximize the success and satisfaction of our clients. In his spare time, Darko tries to promote electronic books, works on few open source projects, translates SF stories from Serbian to Spanish, and reads a lot.

                        Code Downloads

                        Download the code and support files for this book.

                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        Moodle Security +    Learning Joomla! 3 Extension Development-Third Edition =
                        50% Off
                        the second eBook
                        Price for both: £25.30

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Use CAPTCHA to make sure that humans are creating new accounts on Moodle – not Spambots
                        • Configure PHP and Apache servers to protect your Windows and Linux systems from malicious threats
                        • Assign the most appropriate permissions to different files to ensure the right level of protection
                        • Create custom roles to control who accesses what
                        • Protect your site from external attacks with secure HTTP
                        • Organize regular anti-virus scans to ensure no new risks have been introduced to the system
                        • Monitor the security of Moodle easily with notifications and security reports
                        • Minimize the downtime of Moodle in the case of actual damage

                        In Detail

                        Moving your classes and resources online with a Learning Management System such as Moodle opens up a whole world of possibilities for teaching your students. However, it also opens up a number of threats as your students, private information, and resources become vulnerable to cyber attacks. Learn how to safeguard Moodle to keep the bad guys at bay.

                        Moodle Security will show you how to make sure that only authorized users can access the information on your Moodle site. This may seem simple, but, every day, systems get hacked and information gets lost or misused. Imagine the consequences if that were to happen in your school. The straightforward examples in this book will help you to lock down those access routes one door at a time.

                        By learning about the different types of potential threat, reading this book will prepare you for the worst. Web robots can harvest your e-mail addresses to send spam e-mails from your account, which could have devastating effects. Moodle comes with a number of set roles and permissions – make sure these are assigned to the right people, and are set to keep out the spam bots, using Moodle's authentication features. Learn how to secure both Windows and Linux servers and to make sure that none of your system files are accessible to the wrong people. Many of the most dangerous web attacks come from inside your system, so once you have all of your security settings in place, you will learn to monitor user activity to make sure that there are no threats from registered users. You will learn to work with the tools that help you to do this and enable you to back up your settings so that even a crashed system can't bother you.

                        Protect your students and staff by securing Moodle to prevent online attacks and hacks


                        Moodle Security is packed with practical examples, which guide you through optimizing the protection of your Moodle site. Each chapter covers a different security threat and how to secure your site against it. You will also find recommendations for what is best for your particular system and usage.

                        Who this book is for

                        If you are in charge of Moodle – whether you are an administrator or lead teacher – then securing it is one of the most important things that you can do. You need to know the basics of working with Moodle, but no previous experience of system administration is required.

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software