I notice that our sites are accessible via the server IP address followed by web1,2,3 etc. This enables hackers to browse all webs folders, including cgi-bin, ftp, log, phptmp, ssl, user, and web. Worse the perl scripts open as plain/text in the browser, enabling hackers to work out precisely how to abuse my code. We haven't yet gone live on this server, and the only modification I have made from the perfect setup was to set-up suexec, which in turn made me chmod the scripts and folder to 755. I clearly have gone adrift somewhere, probably related to these mods, and would appreciate any advice! Thanks! Chris.