I have placed an .xls file into a folder called "files" which is inside the public_html folder. i created a link to open the files folder:
<a href="files/">files folder</a> and it shows the files that are in that folder.
When you click the link to navigate to the files folder, on the new page it shows this:

Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.dksaluki.com Port 80

is that bad?! how do i make it more secure?

You should add a .htaccess there and configure it to ask for a login and a password, you can do this from your control panel, the option is called password protect directories.

You could also simply place a blank index.html file in that files folder.

You are getting a directory listing because Apache is set up to display a list of files if one of either the index.html, index.php, default.htm file is missing.

There is another way that involves the .htaccess file in your public_html directory.

Place the following line in your .htaccess file and you should be able to turn off directory listings:


Options -Indexes

Modifying the .htaccess file this way however, will supply a 403 Forbidden error to any user that tries to go to that folder.

~regards