See this post:
http://moodle.org/mod/forum/discuss.php?d=3614#15975
The "deny from all" directive in .htaccess denies access to the directory via the web server, but allows other software running on the server, such as Moodle scripts, to access the directory.
Re: Requesting more help with potential "hackers'" & "crackers" - what about the "moodledata" directory?
by Zbigniew Fiedorowicz -
Number of replies: 0