Server Notification Security Message & Multiple URL logins

Server Notification Security Message & Multiple URL logins

by James McDermott -
Number of replies: 6

I am running Moodle version 2.0.1 on a Bluehost shared server. The server is running PHP version 5.2.17. When I am logged in and check Server Notifications, I get the message: Your site configuration my not be secure. Please make sure that your directory (/../../public_html/Moodle/moodledata) is not directly accessible via the web. When I checked with Bluehost tech-support, they told me that this was a Moodle issue and had nothing to do with the host setup. Moodle was installed using Simple Scripts. Another concern is that I can login to my account using 3 different URL's:

.com/Moodle/

.com/Moodle/login/index.php

.com/Moodle/admin

I want to make sure that my site configuration is secure and I don't understand the server notification message and I am wondering if it's normal to be able to login using 3 different URL's.

Thanks in advance for any help to resolve these concerns. I am posting to this forum because the Server Notification mentions a possible security issue.

I am also considering doing an upgrade to Moodle 2.0.2 on the same server running PHP version 5.2.17 to address these issue.

Average of ratings: -
In reply to James McDermott

Re: Server Notification Security Message & Multiple URL logins

by Sterling Uy -

Hello James,

It only means that you should transfer your moodledata folder outside of your moodle program where it is not accessable/viewable through the web.

All 3 paths are valid and has to pass through the same login page so I think there is no problem there.

What is important is the security of your database and moodledata.

Hope this helps.

Regards,

Sterling

Average of ratings: -
In reply to Sterling Uy

Re: Server Notification Security Message & Multiple URL logins

by James McDermott -

Sterling,

Thanks a bunch for your explanation.

My moodledata folder is currently under public_html in a folder /Moodle/moodledata with permissions 0755. It was placed there by the Bluehost program Simple Scripts.

If I move the moodledata folder to another location (not sure where to move it to ??) it seems like it would break my Moodle.

I contacted my host provider and they asked me to check with you on the details of where I need to move the folder to and after the move do I need to have a symbolic link under /Moodle named moodledata pointing to the new location of the actual moodledata folder?

Another question is could we achieve the same desired result by leaving the moodledata folder where it is and change its permissions so public could not read-write-execute the folder? Maybe 0750 ?

Thanks again for your help.

Average of ratings: -
In reply to James McDermott

Re: Server Notification Security Message & Multiple URL logins

by Guillermo Madero -

Hi,

Your moodledata folder needs to be outside of the public_html folder, like so:

home/moodledata
home/public_html
home/public_html/Moodle

Once the folder is moved, you only need to update the $CFG->dataroot directive of the config.php file found in your Moodle folder, like so:

org: $CFG->dataroot  = '/yourhomedir/public_html/Moodle/moodledata';

new: $CFG->dataroot  = '/yourhomedir/moodledata';

Leave moodledata folder permissions at 777.

Average of ratings: -
In reply to Guillermo Madero

Re: Server Notification Security Message & Multiple URL logins

by James McDermott -

Thank You!

I made the needed updates and my site still works AND I no longer get the security warning message.

I really appreciate your help getting this issue resolved.

Thanks Again!

Average of ratings: -
In reply to James McDermott

Re: Server Notification Security Message & Multiple URL logins

by Louise Kearins -

Hi James

I'm having similar problems, did bluehost move the file or did you as I can't seem to move files??

Your help would be appreciated,

Louise

Average of ratings: -