Marcia - 6:54 am on Jan 12, 2007 (gmt 0)

A site of mine got hacked and when I moved it over to my current host's server I had a chat with the man who manages it about website security. He said that *any* scripts whatsoever that are run can open a door for vulnerability to exploits. I told him that the site in question runs no scripts, but does use PHP includes. According to him, that's enough to do it unless steps are taken.

Any /subdirectory/ that doesn't have an index page should be protected against accessing, so that the "index" of files in it isn't visible - whether it's scripts, includes, or even graphics.