I notice that our sites are accessible via the server IP address followed by web1,2,3 etc. This enables hackers to browse all webs folders, including cgi-bin, ftp, log, phptmp, ssl, user, and web.
Worse the perl scripts open as plain/text in the browser, enabling hackers to work out precisely how to abuse my code.
We haven't yet gone live on this server, and the only modification I have made from the perfect setup
was to set-up suexec, which in turn made me chmod the scripts and folder to 755.
I clearly have gone adrift somewhere, probably related to these mods, and would appreciate any advice!