How to Optimize Your Moodle Server

How to optmize your moodle learning management systemTo increase the performance of your Moodle site, there are a number of ways to optimize your server. You should avoid enabling multiple filters, because this can increase the server’s load. Instead, consolidate features into smaller plugins and turn off filters that are rarely used. A great example is the Multi-Embed filter. It allows you to embed content from third-party websites and services and converts the URL into an embedded format.

To optimize your server, first, create a baseline benchmark. You can measure the performance of your system by looking at how long it takes to load a page. If the page is taking too long to load, try to decrease the number of sections that appear on a page. The smaller the pages are, the less RAM they take up, so this will increase your server’s performance. If you’re worried about RAM usage, you can use folders and core activities.

You should also make sure that your server can handle the load. Moodle requires a good amount of RAM and disk space. In addition, your host and browser must be high-performing. You should monitor the performance of each of these components monthly. If you don’t manage to achieve this, you might need to purchase a new computer. If you’re using Moodle on a server, the best way to optimize it is to purchase a powerful computer and upgrade it if necessary.

DANGER: Unpatched Microsoft DNS servers

Source: https://www.engadget.com/check-point-sigred-microsoft-dns-exploit-200027095.html

Microsoft is patching a dangerous Windows DNS Server exploit

SigRed is a dangerous flaw that should be patched immediately.Security researchers have discovered a serious flaw in Windows’ Domain Name System software that users must patch immediately. Sagi Tzaik from Check Point found a way to run malicious code which can be used to hijack websites, intercept emails, steal private information and take sites offline. Microsoft has already acknowledged the issue and has issued a fix in today’s Patch Tuesday update, which it urges all users to download immediately.

The vulnerability has been codenamed SigRed and Check Point says it affects Windows Server versions from 2003 to 2019. Microsoft said that the flaw is “wormable,” enabling hackers to take over multiple machines at once and causing large amounts of damage. That’s especially a risk for big corporate customers that run their own platforms, especially since the exploit is fairly easy to take advantage of.

A suggested quick Registry edit is as follows:
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

Workaround


Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To work around this vulnerability, make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet that’s allowed:

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 

Value: TcpReceivePacketSize

Type: DWORD 

Value data: 0xFF00

Notes

  • The default (also maximum) Value data = 0xFFFF.
  • The recommended Value data = 0xFF00 (255 bytes less than the maximum).
  • You must restart the DNS Service for the registry change to take effect. To do this, run the following command at an elevated command prompt:

net stop dns && net start dns

After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes.

Important information about this workaround

TCP-based DNS response packets that exceed the recommended value will be dropped without error. Therefore, it is possible that some queries might not be answered. This could cause an unanticipated failure. A DNS server will be negatively impacted by this workaround only if it receives valid TCP responses that are greater than allowed in the previous mitigation (more than 65,280 bytes).

The reduced value is unlikely to affect standard deployments or recursive queries. However, a non-standard use-case may exist in a given environment. To determine whether the server implementation will be adversely affected by this workaround, you should enable diagnostic logging, and capture a sample set that is representative of your typical business flow. Then, you will have to review the log files to identify the presence of anomalously large TCP response packets