Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Moodle Security
Moodle Security

Moodle Security: Learn how to install and configure Moodle in the most secure way possible

eBook
$9.99 $28.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Moodle Security

Chapter 1. Delving into the World of Security

Welcome to Moodle Security!

In the early days of the web, Internet was mostly used for academic purposes. Hence, all communications protocols had very little or no focus on security. The situation started changing as more and more public and commercial services started moving online and common users started actually using Internet in their daily routine. With the increase of user base we see the emerge of the malicious groups of users, the so-called hackers that are focused mostly on information theft and illegal usage. Nowadays it is quite common to be attacked by hacker(s). In fact it is so common and frequent that it is reported that only the USA's cyber attacks generate costs up to 10 billion dollars every year. The purpose of this book is to introduce you to web security while focusing on Moodle.

In this chapter we will cover the following topics:

  • Moodle and security

  • Weak points

  • The secure Moodle installation

  • Quickly securing Moodle

Moodle and security

Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.

That sounds harmless enough. Why would anybody want to illegally access an educational platform?

There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be:

  • Financial: Stealing user and/or course information and selling it to other third-parties

  • Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on

Weak points

Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components:

  • Operating System (OS)

  • Web server

  • PHP

  • Database server

  • Moodle

Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. At the end of the book you can find some recommended literature for additional reading.

Moodle and security


Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.

That sounds harmless enough. Why would anybody want to illegally access an educational platform?

There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be:

  • Financial: Stealing user and/or course information and selling it to other third-parties

  • Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on

Weak points

Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components:

  • Operating System (OS)

  • Web server

  • PHP

  • Database server

  • Moodle

Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. At the end of the book you can find some recommended literature for additional reading.

The secure installation of Moodle


In this section we follow a secure installation of Moodle. In case you do not already have an installed instance of Moodle, we will show you the quickest way to do that, and at the same time focus on security. If you already have Moodle installed, go to the following section where you will see how to secure an existing installation of Moodle.

Starting from scratch

In order to install Moodle on your server you need to install and configure the web server with support for PHP and the database server. We will not go into the specifics of setting up a particular web server, PHP, and/or database server right now, since it depends on the OS your server has installed. Also we will not explain in detail tasks like creating directories, setting up file permissions, etc as they are OS specific. Later in this book we will address them in detail for both Linux and Windows. If you need to know that right now then I suggest you go directly to the chapter dedicated to the Operating System you plan on using. This section assumes you already know about your OS and have already configured your web server with an empty database. Every installation of Moodle must have:

  • Web server with PHP support

  • Dedicated database

  • Two dedicated directories—one for Moodle and another for platform data

Note

We assume that your web server is Apache (Linux) or IIS (Windows), and that you use PHP 5.1.x or later and MySQL 5.0 or later.

Installation checklist

The following checklist will guide you through the basic installation procedure for Moodle.

  1. 1. Download the latest stable version of Moodle from http://download.moodle.org/. (At the time of writing this book it is 1.9.8+). You have two options available on the download page—moodle-weekly-19.tgz or moodle-weekly-19.zip archive. In case you use Linux you can choose either. In case of Windows, ZIP file is the preferred choice. The reason for this is simple. Every Windows server comes, by default, with installed support for managing Zip archives. On the other hand, TGZ is readily available on every Linux distribution.

  1. 2. Unpack the compressed file you just downloaded. This will produce a directory with the name moodle which contains all of the platform files. Move that directory to the web-root of your web server. After doing that it is recommended to make all files read-only for safety reasons.

  2. 3. Create a directory called moodledata somewhere on the disk. Make sure that it is not in the web-root of your web server since that would incur a serious security breach. Doing that might expose all platform files submitted by course participants and teachers together with the course content to the outside world.

  3. 4. Create an empty database (we suggest the name moodle or moodledb). The default database character set must be configured to utf8 and collation set to utf8_general_ci. It is recommended to have a special user for accessing this database with limited permissions. In case of credentials theft, a malicious user could only operate on data from one database, minimizing the potential damage. That database user account will need permissions for creating, altering, and deleting the tables, creating/dropping the indexes and reading/writing the data. Here is what you need to execute in your MySQL console for creating a database and user:

CREATE DATABASE moodle CHARSET 'utf8' COLLATION 'utf8_general_ci';
CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'somepass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON loomdb.\* TO loom@localhost IDENTIFIED BY 'somepass';
FLUSH PRIVILEGES;
  1. 5. Start the installation by opening the http://<url to local installation of the moodle> (for example http://localhost/moodle) in your browser. Make sure it is a more recent browser with pop ups and JavaScript enabled. We recommend Internet Explorer 8+ or Firefox 3.6+. You will see the following screenshot:

  1. 6. On the next screen, we need to specify the web address of the platform and the location of the moodle directory on the disk.

  1. 7. Now, we must configure database access. Choose MySQL as database type, localhost as host server, set the name of the database (moodle), database user, and its password (moodle/moodle). You should leave the table prefix as is.

  1. 8. Moodle checks the server configuration on this screen and displays the outcome. We can proceed with the installation only if all of the minimal requirements are met.

  1. 9. During installation, Moodle generates a configuration file within the moodle directory called config.php. It is important to make this file read-only after installation for security reasons. In case Moodle cannot save config.php it will offer to download or copy content of the file and manually place it in the appropriate location on the server. See the following screenshot:

  1. 10. We are now presented with terms of usage and license agreement. To proceed click yes.

  2. 11. We can now start the installation itself. During that process Moodle will create all of the tables in the database, session files in the moodledata directory, and load some initial information. Make sure you check Unattended operation at the bottom. That way, the process will be executed without user intervention.

  1. 12. After the database setup is finished, we are offered a new screen where we must configure the administrative account. With this user you manage your platform, so be careful about disclosing this information to other users.

Field name

Description

Recommended action

Username

Defines user name inside the Moodle. By default it is admin.

We recommend leaving the default value unchanged.

New password

Defines user logon password.

Must supply valid password.

First name

Defines name of the admin.

Must supply valid name.

Surname

Defines surname of the admin.

Must supply valid name.

E-mail address

Defines user e-mail address.

Must supply valid e-mail.

E-mail display

Define the visibility of your e-mail address within the platform.

We recommend leaving it as is (visible to all).

E-mail active

Defines whether e-mail is activated or not.

Set it to enable.

City/Town

Defines name of the city where you live.

Moodle requires this value.

Select Country

Name of your country.

Set it to your country name.

Timezone

Sets your time zone so that server can display time calculated for your location in some reports.

If not sure what your time zone is, leave it as is.

Preferred language

Choose the platform language.

By default, Moodle comes only with support for English language. If you want to add more languages visit http://download.moodle.org/lang16/ and download and install the appropriate files.

  1. 13. After configuring administrative user there is just one more step to complete and that is setting up the site title and short name. In the Full site name field, place the long name you would like to set for your website; it can have multiple words. In the Short name for the site field put one word without spaces which will represent your website. In the Front Page Description field put a longer description (one paragraph) that explains in more detail the purpose of your site. This is optional and does not affect the Moodle functionality at all.

  1. 14. You have now finished installing Moodle and should see the following screenshot:

Quickly securing Moodle


Moodle offers a quick way of detecting major security issues within your platform setup and that is the security overview report. Go to the Reports | Security overview page. A well configured Moodle should display the following screenshot. In case there are discrepancies, then review the explication near each issue that displays a warning and take the appropriate actions.

Right now, we will give you a simple what to do list in order to pass the security check report without going into too much details. Throughout this book, we will explain in more detail each item on this report list.

Note

The security overview report is available starting from Moodle 1.8.9 and 1.9.4. If you have an older version we strongly recommend you perform an upgrade to a more recent one. Meanwhile, follow the instructions and configure your LMS as suggested.

The checklist in security overview report consists of items that compare current configuration of your system with the recommended one and report the status. Some of the items in the checklist apply to the PHP configuration and others apply to the Moodle configuration.

PHP is configured through a special file called php.ini. The location of this file may vary depending on your OS and type of installation. On Linux it may be usually found at /etc/php.ini. To modify this file you can use any text editor available (vi, nano, notepad, etc.).

Note

After every modification of php.ini you must restart your web server so that the changes may be applied to the system.

Moodle can be configured by using the configuration pages in the administrative part of the platform or by modification of a special configuration file called config.php. Some configuration options are exclusive to the config.php file while others are exclusive to administration interface.

Review the Moodle security overview report

We will now go through every option in the security overview report and explain briefly what it means together with the actual steps you need to perform in order to remedy potential security flaw.

  • Register Globals: This is a PHP setting that can be configured by modifying the PHP configuration file—php.ini. This is the default setting in PHP since version 4.2. Make sure you have the following line in your php.ini:

register_globals = Off
  • Insecure dataroot: If the status for this item is not OK it means that the moodledata folder is placed in a location accessible from the Web without any protection. The solution to this is either to move this folder to some other location or prevent public access with the appropriate web server configuration. For example, if your Moodle is located in /var/www/html/moodle and your moodledata is located in /var/www/html/moodledata the report will show this as an error. To fix this you need to change the location of moodledata to some other directory, for example to /var/www/moodledata.

  • Displaying PHP errors (display_errors option): The display_errors directive determines whether error messages generated by PHP code should be sent to the browser. These messages frequently contain sensitive information about your web application environment, and should never be presented to mistrusted sources. Make sure it is configured like this in your php.ini:

display_errors = Off
  • No authentication: It is a Moodle configuration option. Make sure the "No authentication" plugin is disabled. Go to Administration | Users | Authentication | Manage authentication and configure it as displayed in the following screenshot:

  • Allow EMBED and OBJECT: A Moodle configuration option. Go to Administration | Security | Site policies in your Moodle and make sure that the option Allow EMBED and OBJECT tags is not checked. EMBED and OBJECT tags are used for inserting third-party web browser plug ins for reproducing multimedia content (Adobe Flash, Apple QuickTime, etc.) or for running special embedded applications like java-applets. Some of these plug ins have well-known security issues and therefore are not recommended for general public usage. By disabling this option we are preventing users to add these elements to their pages or other generated content or responses.

  • Enabled .swf media filter: Moodle configuration option. This should be disabled on production websites. Visit Administration | Modules | Filters | Multimedia Plugins and make sure it is disabled. This filter transforms any link to the Adobe Flash file to playable content by using integrated flash player. Since Flash has security issues this option is best left disabled.

  • Open user profiles: Moodle configuration option. Checks if user public profiles are open to anybody. Best practice is to require login before permitting somebody to actually take a look into other people's personal information. Go to Administration | Security | Site policies and make sure Force users to login for profiles is checked.

  • Open to Google: Moodle configuration option. Visit the Site policies page and uncheck Open to Google. With this option we choose whether we permit Google robots to scan the site's content and index it thereby permitting anybody to perform free-text search. In general, this is not a desired behavior in an LMS.

  • Password policy: A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. On the Site policies page check Password Policy. By enabling this we enforce usage of "strong" passwords therefore making it impossible to use dictionary attacks.

  • Password salt: Moodle stores encrypted versions of user passwords into database. Up until Moodle 1.9.8 it used the default way of encrypting user passwords which is prone to dictionary attacks. Password salt increases security of the generated encrypted passwords making a dictionary attack virtually impossible. As of Moodle 1.9.8 use of password salt is enabled by default. However, if you have an older version you can enable this by modifying the config.php file. Place something like this in your Moodle config.php:

    $CFG->passwordsaltmain = '<randomly generated string>';
    

    Be aware that enabling password salt is only possible by editing config.php. You can generate good password salt by going to the special page designed for that purpose—http://dev.moodle.org/gensalt.php.

  • E-mail change confirmation: Go to the Site policies page and enable E-mail change confirmation. Every user in Moodle must have a valid e-mail address. A common way of fiddling with somebody's personal account is to change his password and registered mail address. To prevent these situations we enable e-mail change confirmation which forces a user to confirm changed e-mail address. This is done through a special e-mail sent to the new account.

  • Writable config.php: Make config.php read-only. For example, on Linux you would do something like this:

chmod ug=r,o= <Moodle path>/config.php
  • XSS trusted users: Moodle has a set of seven standard roles. By default, any user with Administrative role on the platform level is completely trusted. Be very careful about which users can have this role. Keep it to a smallest possible group.

  • Administrators: Platform must have at least one user with Administrative role. By default that is user admin.

  • Backup of user data: User data are something very sensitive for every educational institution. Under the Family Educational Rights and Privacy Act (FERPA) student information can be disclosed only to limited set of people directly related with either student's family or educational institution. Only very limited group of people should be able to export student information tied to a course.

  • Default role for all users: This should be set to Authenticated user. If not go to Administration | Users | Permissions | User policies and configure it appropriately.

  • Guest role: This should be set to Guest.

  • Frontpage role: By default it is not set. You can leave it that way or create a special non-legacy role.

  • Default course role (global): The default setting for this is student. This is something that should seldom be changed.

  • Default course role: Same thing as the previous one but on the course level. Again the default value here is student.

Summary


The World Wide Web is an entire universe filled with great opportunities but also a place with various threats to the normal operation and security of any website. In this chapter we provided a brief overview emphasizing the importance of security in a cyber universe. We learned the basic facts about the secure installation of Moodle and how to quickly make our existing Moodle instance more secure. This, of course, is not all. It is just the tip of the iceberg.

In the following chapters we will focus our attention to all of the fine details of properly configuring and optimizing a Moodle instance and all of the accompanying software.

Next stop—how to transform your server into an impenetrable fortress!

Left arrow icon Right arrow icon

What you will learn

  • Use CAPTCHA to make sure that humans are creating new accounts on Moodle - not Spambots Configure PHP and Apache servers to protect your Windows and Linux systems from malicious threats Assign the most appropriate permissions to different files to ensure the right level of protection Create custom roles to control who accesses what Protect your site from external attacks with secure HTTP Organize regular anti-virus scans to ensure no new risks have been introduced to the system Monitor the security of Moodle easily with notifications and security reports Minimize the downtime of Moodle in the case of actual damage
Estimated delivery fee Deliver to Taiwan

Standard delivery 10 - 13 business days

$12.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 10, 2011
Length: 204 pages
Edition :
Language : English
ISBN-13 : 9781849512640
Vendor :
Moodle
Languages :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Taiwan

Standard delivery 10 - 13 business days

$12.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Publication date : Feb 10, 2011
Length: 204 pages
Edition :
Language : English
ISBN-13 : 9781849512640
Vendor :
Moodle
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 158.97
Moodle Security
$48.99
Moodle as a Curriculum and Information Management System
$54.99
Moodle 2 Administration
$54.99
Total $ 158.97 Stars icon
Banner background image

Table of Contents

10 Chapters
Delving into the World of Security Chevron down icon Chevron up icon
Securing Your Server Linux Chevron down icon Chevron up icon
Securing Your Server—Windows Chevron down icon Chevron up icon
Authentication Chevron down icon Chevron up icon
Roles and Permissions Chevron down icon Chevron up icon
Protection Against Bots Chevron down icon Chevron up icon
Securing User Files Chevron down icon Chevron up icon
Securing Moodle Data Chevron down icon Chevron up icon
Monitoring User Activity Chevron down icon Chevron up icon
Backup Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(6 Ratings)
5 star 50%
4 star 33.3%
3 star 16.7%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Martin Biermann Jan 08, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent primer on Moodle security. It even mentions SELinux! The only detail that was out of date was the Moodledata file system. It's now based on hashes. (I have been using Moddle since v. 2.9).
Amazon Verified review Amazon
Mónico Mar 22, 2012
Full star icon Full star icon Full star icon Full star icon Full star icon 5
After of several years of teaching, using, installing, and updating Moodle. Finally, I can get an excellent book of Moodle Security written by Darko. This book has all security topics related with Moodle. Throughout this book you will find useful examples on Linux and Windows Operating system. This is a must-have book for Moodle administrators.By the way, I just installed Moodle 2.2 on Ubuntu server following the book instructions. Most of them are still useful.
Amazon Verified review Amazon
DennisJ Jul 25, 2011
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A valuable "how to" guide on how to set up and strengthen a Moodle site's security. If you're a Moodle administrator, you need to have this book! Although some of the topics are covered in other references, this book brings that information, in more detail, together concerning this important subject. You won't find a lot of theory here - this book covers the threat space topic-by-topic and provides solutions about how to counter each type of threat.
Amazon Verified review Amazon
Isotonic Turtle May 09, 2011
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The book covers all aspects of Moodle 1.9 Security and explains concepts in a clear and well-written style.It is good to see that the security of underlying components, that is, operating system (Linux and Windows), database, web server and PHP are covered in detail, as this is where a lot of setups fall short of taking precautions. The author then walks you through all the key aspects of Moodle where "something can go wrong" in terms of security. This covers subjects like authentication, roles, permissions, files, etc. An entire chapter has been dedicated to protection against bots, monitoring user activity, and backups, respectively. The book concludes with an appendix that provides some details on authentication plugins used less common, for instance, LDAP.All in all a well-written book on Moodle 1.9 security that doesn't shy away touching on system-related topics.
Amazon Verified review Amazon
mylearningspace Mar 14, 2011
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
This book is a must-have for any LMS administrator who is serious about data security and information privacy for their Moodle learning management system. It is a concisely and expertly written text which covers a range of technical topics in a clear and accessible manner. Naturally, much is said about the configuration of Moodle's global parameters including authentication, roles, files and backups. On the same token, there is good coverage of security-related considerations at a server level for linux and windows. The text is written for Moodle 1.9.x but much of the book is also relevant for 2.0.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela