So I've been running the standard moodle setup as per your settings on a medium moodle setup/instance.

I got an email from Amazon last month saying that the server was hacked and used in a DDoS attack. They closed the port in question (port 80) and I didn't really see how it was possible based on your security etc. So i left the server open and monitored it (since we needed moodle.

But then I got a bill for $2500 (AUD) for the server hosting last Friday. I stopped  the instance immediately.

Figuring that since port 80 had been shut, and knowing that we needed the server to run, I reinstigated the instance through turnkey. Only to find out this morning that in doing so, it must have reopened port 80..

So now I'm likely to get another $2500 bill or there abouts.

Brilliant.

Lucas