We are a school, self hosted Moodle version 2.2.2+, PHP 5.3.10, IIS6 on a Windows server.
Our front page of Moodle was suddenly skewed (blocks weren't lined up) and more importantly antivirus software flags a malicious URL on the page when you view the site in IE. I found a line of malicious code at the top of Moodle\index.php (starting with "php eval" then using the "gzinflate" function). The code is replaced back into the PHP files whenever I manually remove it.
For some reason Chrome/Firefox/Safari do not render the code at the top of the Moodle home page, so all appears well in these browsers. I have also found the malicious code in every index.php in the Moodle folder on the server.
To fix, I am going to upgrade to the latest version of Moodle. I am concerned however that this won't fix the issue.
Before I upgrade, I want to make sure the folder permissions on "C:\inetpub\moodledata" and "C:\inetpub\wwwroot\moodle" are watertight, but I'm struggling to find a guide on what these should be on a Windows server. I have attached a screenshot of the current permissions.
Could anyone be so kind as to give me some guidance. There are a few posts are here (this one has been helpful) but being new to Moodle I don't understand it 100%, and I want to get this spot on. TIA for any help!