Is this for real?

Permalink
This arrived today through a contact form on my site...

There has been a submission of the form Contact through your concrete5 website.

Name
Ali Elderov

Email
[email protected]

Phone
999000

Best time to call
Email preferred

Event date (if applicable)


Comment
hallo! please secure your web-site.. all can see content on backend if usehttp://photosbyge.com/packages/tc_photo_gallery/... this url and can navigate throught directories... best regards!



To view all of this form's submissions, visithttp://photosbyge.com/index.php/dashboard/reports/forms/?qsid=13325...

gewald
View Replies:
Cahueya replied on at Permalink Reply
Yes, this looks real. I can navigate through your site by the URL. You should fix this quickly. I suppose you need to change the rights of the folders of your backend, they will likeley be 777 or something but should not be.

But I don't really understand how this is possible without outputting a 404 error... but something is wrong, yes.
triplei replied on at Permalink Reply
triplei
You should be able to disable directory indexes in your apache config... either update your virtual host (if you can) to disable DirectoryIndexes.

Otherwise you should be able to add a .htaccess file to your main web folder (if there isn't one there already) and add the following line

Options -Indexes


which should do the same thing