Is this for real?

This arrived today through a contact form on my site...

There has been a submission of the form Contact through your concrete5 website.

Ali Elderov

[email protected]


Best time to call
Email preferred

Event date (if applicable)

hallo! please secure your web-site.. all can see content on backend if use this url and can navigate throught directories... best regards!

To view all of this form's submissions, visit

View Replies:
Cahueya replied on at Permalink Reply
Yes, this looks real. I can navigate through your site by the URL. You should fix this quickly. I suppose you need to change the rights of the folders of your backend, they will likeley be 777 or something but should not be.

But I don't really understand how this is possible without outputting a 404 error... but something is wrong, yes.
triplei replied on at Permalink Reply
You should be able to disable directory indexes in your apache config... either update your virtual host (if you can) to disable DirectoryIndexes.

Otherwise you should be able to add a .htaccess file to your main web folder (if there isn't one there already) and add the following line

Options -Indexes

which should do the same thing