I just noticed a serious problem in my server config: when I type in the following address to access my website, I get access to the full directory and can download all php files!
The address looks like this (fake domain)
If I go in the parent directory, I land in the ISPConfig admin interface, which is OK.
I have an SSL certificate in place and it works perfectly for my domain otherwise.
Please help me, I'm a bit stressed with this leak I just discovered. I might have made a mistake in my config...