Moodle hacked, file permissions in IIS

Re: Moodle hacked, file permissions in IIS

by Howard Miller -
Number of replies: 3
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Yep - the installation instructions (although somewhat Unix biased) tell you to make sure that the web server user cannot write to the Moodle program directory.

Average of ratings: -
In reply to Howard Miller

Re: Moodle hacked, file permissions in IIS

by Dave Keller -

So you think completely removing the first entry (IUSR) will bring it in line with recommendations?

Thanks for the replies, much appriciated.

Average of ratings: -
In reply to Dave Keller

Re: Moodle hacked, file permissions in IIS

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just change it's permission to 'Read and execute'. What you don't want is write/modify etc.

Sorry, I don't speak Windows but that's the general idea.

Average of ratings: -
In reply to Howard Miller

Re: Moodle hacked, file permissions in IIS

by Dave Keller -

Thanks for your time, it's much appreciated

Average of ratings: -