Moodle Security and Fantastico De Luxe

Moodle Security and Fantastico De Luxe

per Bill Schreiter -
Nombre de respostes: 6

Hi, I used Cpanel and Fantastico De Luxe to install Moodle for the first time.  It installed all of the folders in the "public_html" directory and not into a Moodle directory inside the "public_html".

It then installed the moodle in the uploaddata folder inside the "public_html" folder.

I get the following notification from Moodle....

Your site configuration might not be secure. Please make sure that your dataroot directory (/home/ictl3754/public_html/uploaddata) is not directly accessible via web.

In the past I have installed Moodle in a windows environment using XAMPP and located a "moodledata" folder in the xampp folder and then installed moodle in a moodle folding inside the "htdocs" folder.

Am I at risk ?

What should I do?

Thanks in advance for any assistance you could give me.

Bill

Mitjana de qualificacions: -
En resposta a Bill Schreiter

Re: Moodle Security and Fantastico De Luxe

per Richard Enison -

BS,

This is one of several reasons I don't recommend Fantastico. I would say the answer to your first question is yes. See http://docs.moodle.org/en/Installing_Moodle#Creating_the_data_directory_.28moodledata.29, which should also give you the answer to your second question.

RLE

Mitjana de qualificacions: -
En resposta a Richard Enison

Re: Moodle Security and Fantastico De Luxe

per Bill Schreiter -

Thanks for your suggestion.  I removed the installation and did it by hand.

What permission settings should I have on the data folder 770 ?

The folders inside the data folder are set to 777

The .htaccess inside the data folder has the following lines in it.

deny from all
AllowOverride None

Also, when I go the the web site I do not get redirected to the moodle

With the other install when I browsed to www.ictlearn.com the moodle started up.  Now I have to browse to www.ictlearn.com/moodle to make it start.  How do I redirect it?

Thanks in advance.

Bill

Mitjana de qualificacions: -
En resposta a Bill Schreiter

Re: Moodle Security and Fantastico De Luxe

per Anthony Borrow -
Imatge de Core developers Imatge de Plugin developers Imatge de Testers
Bill - Check out http://docs.moodle.org/en/Security and then let me know if you have specific questions. It sounds like you would like for moodle to be in the root www directory so move everything in the /moodle folder to the / (root) path. You will probably have to make some modifications to the config.php file to point to the new location. The other alternative is to modify the zip file so that it does not have that initial moodle folder. Does that make sense? If not let me know and I'll try to explain it better. Peace - Anthony
Mitjana de qualificacions: -
En resposta a Bill Schreiter

Re: Moodle Security and Fantastico De Luxe

per Richard Enison -
BS,

I would only add to AB's post, with which I agree, that the last directive in your .htaccess file,
AllowOverride None
means don't allow .htaccess files. So you seem to want your .htaccess file to disallow itself. I don't know why you would want to do that, but without taking the time to look in the Apache manual, my guess is it will ignore it. But if I were you I would get rid of that line and add one at the top that says
Order deny,allow
without which the
Deny from all
line might not do anything either.

RLE

Mitjana de qualificacions: -
En resposta a Bill Schreiter

Re: Moodle Security and Fantastico De Luxe

per Anthony Borrow -
Imatge de Core developers Imatge de Plugin developers Imatge de Testers
Bill - Which host are you using. I noticed on hostmonster.com that the fantastico deluxe installation created the database in a latin1 encoded database despite the fact that Moodle requires utf8. As Richard says, I would not recommend using Fantastico. Go ahead and take control and simply upload the zip file for the latest version of Moodle that you wish to install and extract it to where you want. Then you can set where you want the directories to be stored. Peace - Anthony
Mitjana de qualificacions: -