if you use round cube, there are some files with the .inc extension that are used for configuring and other stuff.

place the following code into your public_html/.htaccess file or make one and put it in if it does not exist:

<Files *.inc>
order allow,deny
deny from all
</Files>

Thanks PGH...

Are Wordpress & Joomla! too vulnerable??

i think joomla is all php.

i did
find -name "*.inc"
and there are files in drupal, pixel post, roundcube, modx and wp. thats not saying that those files have sensitive info, it is just that they contain php code and display in your browser as if a txt file.

i just wanted everyone to be aware that is all. i hate people snooping in my files.

on 5-09-09 some bot (Toata dragostea mea pentru diavola) from china of course (it would be inapropriate to paste the ip here) was entering random urls to find a certain roundcube file. i looked at the file and there is no sensitive info however that does not mean once they find that file they maybe could look for a different file or some other known vulnerability that i do not know of.

here is a list of the files they attempted to find:
<my dedicated ip>/round//bin/msgimport
<my dedicated ip>/roundcube-0.1//bin/msgimport
<my dedicated ip>/roundcubemail-0.1//bin/msgimport
<my dedicated ip>/wm//bin/msgimport
<my dedicated ip>/webmail//bin/msgimport
<my dedicated ip>/webmail2//bin/msgimport
<my dedicated ip>/mail2//bin/msgimport
<my dedicated ip>/mss2//bin/msgimport
<my dedicated ip>/roundcube//bin/msgimport