Am getting the following Security Notification in Notifications area
Your site configuration might not be secure. Please make sure that your dataroot directory (/home/XXXXXXX/public_html/moodle/uploaddata) is not directly accessible via web.
During the upgrade process I uploaded the GeoLityCity.dat file into this directory and input the google mapping code for my site.
I presume this is a folder/file permission issue, but I'm not sure how to correct with appropriate settings. Can anyone please advise on how to correct and address this Security notification?
Any assistance is greatly appreciated so I can ensure our system is secure. I normally get regular hacker attempts and need to address this.
hi there,
your moodledata folder should sit outside your public_html folder... possibly in:
/home/XXXX/moodledata
see here for more details:
http://docs.moodle.org/en/Installing_Moodle#Creating_the_data_directory
Dan
your moodledata folder should sit outside your public_html folder... possibly in:
/home/XXXX/moodledata
see here for more details:
http://docs.moodle.org/en/Installing_Moodle#Creating_the_data_directory
Dan
Do you use fantastico to install Moodle? The reason is that in the last fantastico install I saw, it stores moodle data files in the public_html directory and calls it uploaddata (see also this post). Fantastico should also create a .htaccess file to prevent public access to this folder.
That message is a notice - so check that there is a .htaccess file in public_html/moodle/uploaddata similar to the one here. If you have such a file, then it may be OK to ignore the notice, but if you want absolute security (as Dan suggests), move the file uploaddata to outside home/XXXXXXXX/uploaddata, check that the permissions are the same and change the $CFG->dataroot path in the moodle config.php file.
Ken