I receive the following email notice several times per week indicating some hacker's robotic effort to brute force attempt to crack the admin password for the site's Moodle installation.

Here is a list of failed login attempts at http://www.site.com/moodle since you were last notified(Sunday, 22 November 2009, 10:15 PM)

• Friday, 27 November 2009, 12:38 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:38 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:37 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:37 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:37 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:37 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:36 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:36 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:36 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:36 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:36 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:36 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:35 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:35 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:35 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:35 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:34 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:34 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:34 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:34 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:34 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:34 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:33 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:33 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:33 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:33 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:32 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:32 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:32 PM, IP: 91.213.121.24, User: admin
• Friday, 27 November 2009, 12:32 PM, IP: 91.213.121.24, User: admin

Whenever I install a CMS package, I always change the default values from those shown in the documentation:

• database name
• database tables prefix
• database username
• admin user name
• admin directory name
• data directory name
• user directory name

Looking at the installation now, I am wondering why I didn't change the name of the moodle directory, but if I recall correctly from many years ago when it was configured we kept it because that was the name our users were to type in their browsers. We weren't installing a LMS site as much as a Moodle site.

Basically, a simple way to increase security for the software installation is to not use any of the example variables shown in the documentation. This hacker can try all they wish to hack the admin password, but it will be fruitless because there is no admin user!