View Single Post
  #1  
Old 23rd April 2013, 22:58
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default /mail folder publicly accessible!!!

Hi guys,

I just noticed a serious problem in my server config: when I type in the following address to access my website, I get access to the full directory and can download all php files!

The address looks like this (fake domain)
https://my-site.tld:8080/mail/

If I go in the parent directory, I land in the ISPConfig admin interface, which is OK.

I have an SSL certificate in place and it works perfectly for my domain otherwise.

Please help me, I'm a bit stressed with this leak I just discovered. I might have made a mistake in my config...

Thanks!
Reply With Quote
Sponsored Links