Showing posts with label user. Show all posts
Showing posts with label user. Show all posts

2008/04/02

Unable to reset password in Moodle

You might know that Moodle helps your lost users not knowing their's password by resetting it.(It depends on the authentication plugin though.)

User needs to insert username, or registration email, Mooodle will send mail with link to reset that password. This is somehow cumbersome but it disallow pranks from malicious users trying to disable another user access.

But it can happen, that mail without the password reset confirmation links is sent. It contains these lines:
"Unfortunately your account on this site is disabled and can not be reset,
please contact the site administrator,"

In these cases please check if:

  1. authentication plugin user had been registered with is enabled
  2. user is not disallowed from login with 'nologin' tag in his authentication column in the DB
  3. user has rights for changing his password - moodle/user:changeownpassword (Moodle 1.9)
  4. authentication plugin contains these lines:

  function can_change_password() {
          return true;
     }

Hope this will help solve problem with resetting passwords.

Vystavil Dolfa v Wednesday, April 02, 2008 1 komentářů

Štítky: , ,

2008/01/13

i-pod.info bot and solution

Right after Christmas of 2007, some users complained about illegal activity and mass registration of users from i-pod.info domain. How to protect your site? If you are one of the victims, please read on.

Some moodle admins have become as a Christmas gift a sudden increase of registered users from same domain ending with "i-pod.info". Reason of this unwanted activities is still unknown, but I suspect it is for spamming reasons or maybe even worse.

Spam is very big problem of today's internet. Spam is a result of "abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages" (from wikipedia, check link above) and it costs you time, unneeded download traffic and make you angry, when someone tells you everyday you need to buy some stupid pills because they are SO CHEAP!!! :D. Gimme a break ;).

So what to do?

Try another authenticate method
Email self registration is one of the least safe method of authentication Moodle provides. If you have any other way you can authenticate your users (LDAP, Shiboleth) use it!

But I understand everyone cannot do that. So next steps are for you:

First of all, keep the nasty bot out! In Moodle you can ban domain of email address.

Go to Site Administration >> Server >> Email and add '%@i-pod.info' into denyemailaddresses

Now to get rid of the unwanted fake accounts you need to do:

1. You are sure the new created unconfirmed accounts (since you were hit by bot) are only from mentioned domain:
a) Let Moodle handles it, set Delete unconfirmed users after in Site Administration >> Server >> Cleanup to some low value, for example 1 hour. Cron will start cleanup service and unconfirmed accounts will be deleted after inserted time value.

This way is the easiest for unexperienced administrators or beginners who don't want to mess with database.

b) You are daredevil and you are using 1.9. Now it's your payoff time! Moodle 1.9 has mass deleting tool. You can select bogus users and delete them all at once.

Go to Site administration >> Users >> Accounts >> Bulk users action. Select there unwanted accounts and delete them.



2. You are not sure if your install doesn't have some unconfirmed accounts others from i-pod.info and you don't want to delete these accounts.

a) You have access to your moodle database with some tool (phpmyadmin is the most used) and you are able to use this tool and you are not afraid of it (you should be afraid of messing with database directly in every occasion, if you are not sure, what you are doing, it can go out of hand easily! ).

Run this query in phpmyadmin:


DELETE FROM `mdl_user` WHERE `email` LIKE '%@i-pod.info'


This query will delete all users with emails ending on @i-pod.info!!! I hope you haven't had any real users from this domain! ;)

If you suspect that some fake users already made some actions in your installation, this query is safer:

UPDATE `mdl_user` SET deleted='1' WHERE `email` LIKE '%@i-pod.info'


This query will mark spoiled users as deleted, their's accounts will stay in your database, but they will be not active. Intruders wouldn't be able to use them.


I hope you have endured this article and it was for some help to you. I am preparing post how to protect your email registration driven Moodle from bots, so please add my RSS feed to your readers or subscribe with email address.

Vystavil Dolfa v Sunday, January 13, 2008 0 komentářů

Štítky: , ,

2007/12/18

Email digest type

If you are subscribed to many forums on moodle.org as i do, you might have encountered problem of your email address been spammed with a lot of new posts. How to solve it without tossing your email address out?

Maybe you overlooked one tiny setting in your profile, with label Email digest type.
As you can see, there are 3 possible options:

  1. No digest - you will become all new posts from your subscribed forum, that means a lot of emails sometimes ;)
  2. Complete - you will become one email, with all content of new posts, this can be very long
  3. Subjects - you will become one mail only with topics and authors of new posts

I prefer third options, it seems most informational and still comprehensive for me.

You might find, you cannot see Email digest type label with select menu at all in your profile. Please notice, that this setting is set up as Advanced. So press Show advanced button to see it.

With this post you will be never again spammed by ;)

Vystavil Dolfa v Tuesday, December 18, 2007 1 komentářů

Štítky: , ,

Subscribe to: Posts (Atom)