Copy-pasting from emails:
1. In November,
... had mentioned a temporary connection failure with the server when running ad-hoc queries. This could most probably have been due to some query overloading the database momentarily.
But when checking the logs, I find repeated "Web service authentication failed" messages, spaced every few minutes, from a set of regularly spaced IP addresses.
This means that our server is under distributed brute force attack. Which means that (a most-probably automated) attacker is using many different computers or devices to guess passwords (in this case web service tokens) by trying all possible combinations.
This sort of thing is common for SSH ports, but this particular attack seems to be tailored to Moodle. One way to block this particular attack would be to disable web services, but that would block the mobile app also. Will look for other solutions, may be asking in Moodle forums.
Not something which we need to worry too much about, just something we need to do to make the server a little safer.
2. Disabling "login from new device" notification emails. Disabled sending emails saying "new login from -- device",
from https://our.server.org/admin/message.php
"New login notifications"
3. Send only Digest emails from Forums -
The forum email notification setting seems to be off already. Perhaps the emails are due to someone deliberately sending a message to all forum users,
Bulk user actions - MoodleDocs
or something like that?
4. Stop send email altogether to specific users, like the bouncing users above - I have set
emailstop=1
for the user bouncinguser@somedomain.org
But I'm seeing bounced messages to noreply@someotherdomainofours.org - I'm not sure where this non-existent email id has been entered. It must be somewhere in the settings, instead of noreply@correctdomain.org entered as noreply@someotherdomainofours.org - but I could not trace out where.
No comments:
Post a Comment