Home > Moodle > Part I: Why Moodle is Dangerous — Years of Moodle Porn Doesn’t Go Away Easily

Part I: Why Moodle is Dangerous — Years of Moodle Porn Doesn’t Go Away Easily

January 2nd, 2011 Leave a comment Go to comments

One of the biggest PR nightmares for Moodle in recent years was the revelation about 3 years ago that 10s of thousands of Moodle sites all over the world had been hacked and infested with vial porn advertisements.

A little background…

I initially discovered this problem when doing routine maintenance on my own Moodle sites back in late 2007 and reported a fix on moodle.org. Unfortunately, the moodle devs, including the lead dev, ignored the problem choosing to blame users and local admins for not properly securing their moodle sites.

The response (or lack of a response) from the moodle lead dev concerning the problem very much surprised me. I was stunned at how oblivious he, and his team of followers seemed to be in reference to this problem. After looking into the issue further, I discovered that the moodle porn problem wasn’t simply limited to my own and a few other sites, but was a huge problem world-wide and I started pushing this fact very hard in the moodle.org forums. Doing this ultimately resulted in the lead moodle dev deleting my account on moodle.org.  But, deleting my account didn’t address the huge moodle porn problem or the continued discussion about the problem on moodle.org–thanks in large part to one remaining independent thinker still posting there.

Fast forward nearly a year to late 2008, and the discussion on moodle.org about moodle porn is still raging, and finally a Moodle Partner chimes in to educate everyone on the “real” issue. Among the many completely inaccurate statements he made in that post, maybe the most astonishing revelation of just how clueless he (and the entire moodle dev team) actually was to the problem can be summed up in his following statement:

These bogus accounts, populated with ugly stuff, are only viewable by the Moodle admin who can access all users accounts. This has largely been a nuisance for Moodle admins to clean these out while putting the “fix” in place.

Source: http://moodle.org/mod/forum/discuss.php?d=109366#p480843

Following his comment in November 2008 that only moodle admins can see the ugly stuff and it was nothing more than a nuisance, that Moodle Partner was made to look a fool when several of his own sites–sites where he was the primary moodle administrator–were shown to be infested with vial profile porn pages–something anyone with a computer and Google could easily find, but that he was completely clueless about. There was even a video (or two) made showing the numerous moodle profile porn pages on more than one of his sites and is still around for those who want to look for it…no need for me to link to it here…the purpose is not to show this one moodle partner’s incompetence at understanding and dealing with this issue (that’s well documented), but it’s to show just how incompetently this issue was handled by the entire Moodle dev team.

Fast forward to Jan 2009 and the problem finally catches up to Moodle when an article is written in the Times Educational Supplement (TES), UK’s  most prominent educational publication, revealing that the moodle sites for 20 schools around the country had been hit by porn hackers leaving hard core porn on primary (elementary) school moodle webpages. And astonishingly enough, in that very article, the moodle lead dev still chooses to blame Moodle admins for the problem, stating:

“Schools often don’t have very good IT support and neglect this kind of vital maintenance, even though we try to notify them.”

And here’s the kicker, the sites reported about in the above article, were hosted by an approved and certified Moodle Partner.

Fast forward a few weeks…Richard Vaughn did moodle users world-wide a very big favor by publishing that initial article in the TES. By publishing this to a much larger audience, he finally shed light on a very big problem that was only being discussed in the moodle.org forums and wasn’t being taken seriously by anyone at Moodle. But, Richard had vastly underestimated the real impact and reach of this problem until someone more familiar with the issue educated him a bit more.

Stay tuned…Part II to follow…

Get Noticed with a $7.99 .CO!
  1. net-buoy
    January 2nd, 2011 at 16:41 | #1

    Not only was the UK partner hosting those defaced primary school Moodles, but in many cases the MP WAS the Moodle admin per the terms of the underling contract. When confronted with this and the claim on Moodle.org that MPs were certified and vetted, Dougiamas apparent first response was to delete any suggestion that MPs were certified. No public censure of the MP was made and Moodle HQ was seen to actually defend the clueless MP!!

  2. January 2nd, 2011 at 20:38 | #2

    @net-buoy

    No public censure of the MP was made and Moodle HQ was seen to actually defend the clueless MP!!

    Yea, well a 10% kick-back to moodle HQ on all proceeds can buy a lot of “tolerance” it seems 😉

  3. net-buoy
    January 3rd, 2011 at 14:19 | #3

    Well, the tithing bit is equivocal in that Martin’s current language I believe allows contribution “in-kind”, so arguably payment could be made in bad code….. HQ has refused to make the MP agreement public but has made it very clear that MPs are not held to any specific criteria. Indeed, Martin once asked me how that could be addressed, but when I provided some options and market examples the conversation appeared over….

  4. August 6th, 2013 at 19:23 | #4

    I don’t like Moodle much as it cannot be used for synchronous tutoring.

  5. June 25th, 2016 at 02:22 | #5

    HQ has refused to make the MP agreement public but has made it very clear that MPs are not held to any specific criteria. Indeed, Martin once asked me how that could be addressed

  1. January 2nd, 2011 at 20:31 | #1
  2. January 2nd, 2011 at 21:27 | #2
  3. February 6th, 2011 at 09:37 | #3

*