Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by W Page -
Number of replies: 8
Hello All!

Just to piggyback on a recent thread,
Help: Problems with hackers
http://moodle.org/mod/forum/discuss.php?d=9364

I am on a server which does not allow directories outside (or above) the htdocs directory. The server path looks something like this,
/homepages/22/d12345999/htdocs/

What suggestions would you experienced folks make about how to protect the "moodledata" directory? I know I can rename it to something strange and wierd but it still is CHMODed to 777. It is my understanding that this makes it open to the world.

Will the pending DMS be the new "moodledata" directory in future versions? If so, will it it be able to protect site files better?

WP1
Average of ratings: -
In reply to W Page

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by David Le Blanc -
You can create an .htaccess file that you upload to your public or root web directory that will disable others from viewing any directory content.
Average of ratings: -
In reply to David Le Blanc

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by W Page -
Hi David!

Thanks for your response.

Will this solution,
  • interfere with the ability to upload files to the directory while within a Moodle site?
  • interfere with the display of images and documents that are inside of the "moodledata" directory while in a Moodle site?

WP1
Average of ratings: -
In reply to W Page

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by David Le Blanc -
WP1 said: Will this solution,
  • interfere with the ability to upload files to the directory while within a Moodle site?
  • interfere with the display of images and documents that are inside of the "moodledata" directory while in a Moodle site?

No. The .htaccess file allows you to put in unix commands that effect things like allowing outsiders to list a directory or change the maxium files size that end users can upload to the system, etc. It has no effect on the files itself.

Average of ratings: -
In reply to David Le Blanc

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by W Page -
Thanks Bryan and David for the information.

WP1
Average of ratings: -
In reply to W Page

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by Bryan Williams -
On the initial "wishlist" for the DMS was the idea that it could be located anywhere, set in the main config file like moodledata. This would allow an organization to put it on a file storage volume, accessible to authenticated users only. You could certainly put it next to moodledata, if located above the public_html or www folder, which is available only to authenticated users. Short of this, creating the .htaccess file as David suggests is the solution.
Average of ratings: -
In reply to Bryan Williams

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by W Page -
Hi Bryan,

Thanks for responding.

Will go the ".htaccess" route.

From your description of the DMS directory, it appears that it could not be utilized in the type of server situation I described above, where directories could not be created outsite of the "htdocs" directory.  Is that the correct perception.

WP1
Average of ratings: -
In reply to W Page

Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?

by Bryan Williams -
That would not be an ideal place for the DMS, however the .htaccess file will probably prevent a hack.
Average of ratings: -