hello, my moodle version is 1.9.9. When I search on Google, I Can see my files that are located in password protected moodle courses. ISn't it strange? the documents are belongs to the school so we want to allow only our students to see those documents. But when someone search them, they are visible on Google. what can I do to prevent this?
Are you sure the files are in the actual password protected courses and not in the site files - directory #1? Do you have an example URL of a file ?
for instance this:
http://terakki.net/tmoodle/file.php?file=%2F274%2F2.hafta%2FKOLIGATIF_OEZELLIKLER_test.pdf
I wrote "terakki koligatif" on Google. If I write terakki and the file name, I can find more files.. but the course page is password protected.
Hi Eda,
Some ideas to check...
* Guest role (guest access)
* The moodledata directory (should not be accesible via the Web)
* Double check the location of the file(s) in question (could it be that there's a copy lying around)
* Check the web server access log
thank you Guillermo.
yes site open to Google. CAn we close this? do you advise?
there is no guest Access.
where should be mu my moodle data directory?
Hi Eda,
Yes, you can close it, and yes, I would definitely disable access to the Google bot.
http://docs.moodle.org/19/en/Site_policies#Open_to_Google
Actually, both the site and many courses allow guest access, as shown in the image.
http://docs.moodle.org/19/en/Guest_access#Disabling_guest_access
The Moodle data directory should be outside of what's called the DocumentRoot directory, that is, where all the web pages reside. A usual web server structure is something like this:
/home/username/public_html
As "public_html" is the DocumentRoot, one should then create the Moodle data directory outside, like so:
/home/username/moodledata
That link just took me to the front page of your site.
Copy it and paste it at the address bar.
This Document is within course 274
TVO / ▶ Kimya-S11 is wide open as is everything else on that site.
Just about the entire site is currently completely open to browse without logging in apart from to see profiles etc. So if you want these files to be private, then perhaps the courses should not have guest access open.
Confirming Richard's comment above - Much of your site is open access without logging in, including the course this file is held on and it so it can be accessed by anyone.
If you want the documents held to only logged in users then you will have to close your course pages down so that they are not open to visitors without logging in (I didn't even have to log in as a guest to this particular course)
Eda, you (or who so ever manage your moodle) must have kept the moodledata folder on wwwroot/public_html directory, where it is recommended to keep this data folder separate (out of www/wwwroot/public_html) folder so no one (outsiders, bots, spiders etc) can have access to this .
you can still move directory to the root of your host, if it is still residing at the public_html folder. As moodledata folder holds all uploaded documents, images, etc. later you can update your config.php file mentioning the location of the moodledata folder, even with Guest access and Google Opened, it wont be fetched by google or any other search engine.
with that said, documents that already have been fetched by Google/search engines cannot be removed from their servers, you may can try manually assigning the URL removal in Google Webmaster URL removal tool and as well modify your robots.txt file (as long as its pointing towards HTML folder), the command that you will be typing in robots.txt file will be
User-agent: *
Dissallow: /yourdatadirectory
Dissallow: /mysercretfolder
in above code, (*) represents ALL bots, and if you are just using (/), means all directories are effected, mentioning the name of specific directory will only prevent bots to enter that directory, this only applies if you want to keep your data directory on WWWROOT/PUBLIC_HTML folder.
Usman Asar, Whilst essential to ensure that moodledata is not in the server web root, what you have said will not stop the files from appearing on google if the courses remain open to guest access and searchable by google. A document within a course that is open to guests and the site is google searchable is available to all.
Guest access to those courses should be turned off/removed. There is no real evidence that the moodledata folder is in the wrong place. The file address looks like guest access is the way it is accessed.
Ten days later? I'd say that she definitely must have solved this issue.