http://wiki.mipt.ru/index.php?action=history&feed=atom&title=Reducing_spam_in_MoodleReducing spam in Moodle - История изменений2026-05-06T16:38:07ZИстория изменений этой страницы в викиMediaWiki 1.42.1http://wiki.mipt.ru/index.php?title=Reducing_spam_in_Moodle&diff=5113&oldid=prevОлег Давидович: 1 версия импортирована2024-10-18T06:44:45Z<p>1 версия импортирована</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="ru">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия от 06:44, 18 октября 2024</td>
</tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>Олег Давидовичhttp://wiki.mipt.ru/index.php?title=Reducing_spam_in_Moodle&diff=5112&oldid=prev1>Marycooch: changed link2018-12-05T14:10:13Z<p>changed link</p>
<p><b>Новая страница</b></p><div>{{Security}}<br />
==The best thing to do==<br />
<br />
Upgrade to the latest stable version of Moodle and use the [[Security_overview| Security report]] to analyse your configuration. Then do all the things it tells you.<br />
<br />
Note this is not strictly necessary to combat just profile spam (see the critical settings below) but it will protect you against dozens of other known security vulnerabilities.<br />
<br />
==Critical settings==<br />
<br />
# Make sure that 'register_globals' is switched '''off''' in your PHP settings (this is the default). Otherwise your site may be at risk of being cracked, allowing spammers to modify your scripts and insert spam wherever they like.<br />
# Keep "Force users to login for profiles" '''enabled''' in ''Site administration > Security > [[Site security settings]]'' to prevent anonymous visitors and search engines from seeing user profiles.<br />
# Keep "Profiles for enrolled users only" '''enabled''' in ''Site administration > Security > Site security settings''. This will prevent affected profiles from being visible even to other users on the site.<br />
<br />
==Strong recommendations==<br />
<br />
*Make sure you '''upgrade your site often'''. Recent versions of Moodle have new fixes and warnings that will help you avoid security issues.<br />
*Consider the [[Risks|spam risks]] involved in allowing certain capabilities for visitor accounts, such as [[Capabilities/mod/forum:replypost| replying to forum posts]] or posting to blogs.<br />
<br />
==Allowing self-registration==<br />
<br />
If you don't need it, keep self-registration '''disabled''' (it's the default) in ''Site administration > Plugins > Authentication > Manage authentication'' common settings. <br />
<br />
If you '''must''' use [[Email-based self-registration]] to allow people to make their own accounts then:<br />
# Add spam protection to the new account form by enabling reCAPTCHA - see [[Security FAQ]] for details of how to do so. ReCAPTCHA is quite effective against '''most''' automated spambots, but will not foil human spammers at all.<br />
# Limit self registration to particular email domains with the allowed email domains setting or deny email addresses from temporary email domains with the denied email domains setting. (Tip: search the Internet for an up-to-date list of domains for disposable and temporary email addresses then copy and paste the whole list into the denied email domains field.) Both settings are in ''Site administration > Users > Authentication > Manage authentication'' common settings.<br />
# Consider only enabling self registration for a short period of time to allow users to create accounts, and then later disable it by setting 'Self registration' to Disable in the common settings in ''Site administration > Plugins > Authentication > Manage authentication''. <br />
# Keep "Email change confirmation" enabled in ''Site administration > Security > [[Site settings]]''.<br />
# Use the ''Site admin > Security > IP Blocker > Blocked IP List''. See the discussion here: https://moodle.org/mod/forum/discuss.php?d=222063#p996786<br />
<br />
==Cleaning up user profile spam==<br />
[[File:spam cleaner.png|thumb|Spam cleaner]]<br />
If your site was open in the past and you have a spam problem then here are some things you can do to clean up the profiles:<br />
<br />
# Use our Spam cleaner report in ''Site administration > Reports > Spam cleaner'' to locate user accounts responsible for spam and other nasty stuff and help you delete them. In addition to user profile descriptions, comments, blog posts and messages are also searched for keywords. <br />
# Browse your user list looking for patterns to detect users who need to be deleted. For example, spammers might have chosen a country that none of your real users has.<br />
# Use the delete buttons or the [[Bulk user actions]] tool in ''Site administration > Users > Accounts'' to find all these users and delete them.<br />
<br />
== See also ==<br />
* [[Security FAQ]]<br />
* [[Hacked site recovery]]<br />
* [https://moodle.org/mod/forum/discuss.php?d=307795 Fighting spam on moodle.org] forum discussion<br />
<br />
[[Category:Report]]<br />
[[Category:Site administration]]<br />
<br />
[[es:Minimizar_el_spam_en_Moodle]]<br />
[[eu:Spama_murriztu_Moodle-n]]<br />
[[fr:Réduire le spam]]<br />
[[ja:Moodleでスパムを減らすには]]<br />
[[de:Spam reduzieren in Moodle]]</div>1>Marycooch