Picture of CA Edington
Securing Access to One's Moodle Site
by CA Edington - Sunday, 6 April 2008, 10:49 AM
 
As I was checking the list of users in the accounts folder, I was shocked to discover a number of entries such as the following:

free online anime porn sex callie0748@united-mail.info Wilsonville, Germany

They had all enrolled 33 days ago, which was about the time my server was changed.

I noticed a Notification from Moodle Administration that stated:

“Your site configuration might not be secure. Please make sure that your dataroot directory (/home/caezweb/public_html/moodle/uploaddata) is not directly accessible via web.”

It recommended registering my site, which I did immediately. Needless to say (although I'm saying it anyway), I've deleted all the offending accounts.

How do I
“make sure that [my] dataroot directory is not directly accessible via web”? Are there any other ways I can make sure that access to my site is secure?

CA
http://caezplace.com/moodle/

Picture of CA Edington
Re: Securing Access to One's Moodle Site
by CA Edington - Wednesday, 28 May 2008, 03:33 PM
 
It's rather eerie because, ever since I posted this message, I've been getting spam on my Gmail account. That hadn't happened before. I wonder if some of those intruders to my Moodle site got me listed before I was able to delete them? Or if this site is secure?
Picture of Eric Hagley
Re: Securing Access to One's Moodle Site
by Eric Hagley - Thursday, 29 May 2008, 11:59 AM
 
Did you set up your moodle with Fantastico? If so, that is the reason your dataroot directory is not safe. It is in a folder which is open to the www. Though this would not be the cause of your increased spam it is an issue you might like to look at. You can check the setup guide on the front page of this course for ways to set up moodle without fantastico in a more secure manner.