Speaker
Description
Maintaining the security of a Moodle server has many aspects. From keeping the server operating system up to date and updating the PHP and backend SQL database software, to correctly and appropriately configuring the webserver and firewalls. On Moodle servers specifically, it is also necessary to ensure that the Moodle code is also current and up to date. On a correctly configured server, it should not be possible to see the Moodle version used in a given install. In this study, 126 Moodle installations were examined to learn about the state of Moodle server security in Japan, specifically, the Moodle software versions being used. The Moodle URLs were mostly sourced from the list of registered sites in Japan on Moodle.org that had links to the Moodle sites listed, with some additional sites being submitted directly by users. To assess the Moodle version, the /lib/upgrade.txt (or /lib/UPGRADING.md on Moodle 4.5) files on each Moodle were accessed (returns a 404 error on a correctly configured server). Only 18 out of 126 servers (14.29%) returned a 404 error, with two more returning a 403 error. All 106 of the remaining servers were running outdated versions of Moodle with the majority being LTS releases that have been installed but not updated with the security updates that are what makes an LTS release beneficial. The results show an urgent need for administrators to be more diligent regarding Moodle updates, and Moodle server security in general.
| 発表日の希望 / Preferred Day | いずれの日でも結構です / Either day is fine |
|---|---|
| MAJ R&D Grant | いいえ |
