cgi-bin question?

Amon

I know this might not be that relevent to php, but i sort of thought it might be. My cgi-bin holds all my scripts for my website. Soon it will hold the php scripts aswell. What Im worried about is the fact that if someone were to go to my website and afterwards type cgi-bin ie. http://mywebsite.com/cgi-bin, it would show them what is currently in my cgi-bin. I tried this and i was able to save the scripts to my harddisk. Is this normal? as I was just thinking that some scripts deter spamming by storing my email address inside them. Also my passwords and usernames for my scripts ie, forum etc can be readily available and someone would only need to download the script and have a look inside. How can i stop this happeneing and restrict access to the cgi-bin in this manner. Its just that i find that being able to access the my cgi-bin from a webbrowser and be able to download my configured and personal scripts for my website, seems to me as a major security risk for my website.

Any thoughts or reccomendations for this would be greatly appreciated.

Thank You

Amon

drawmack

First there is no reason to store your php scripts in the cgi-bin.

Second you can do a couple things to stop this

1) turn directory browsing off.
2) create an index.html file that you place into every folder that tells people they cannot browse this folder.
3) if you can run php as index.php then you can create a php script and really scare people by say something like

You IP (000.000.000.000) has been recorded. If you attempt to directly access file lists on this server again we will report you to your ISP.

For a real kick you could do a who is and tell them who their ISP is as well.