Zirius

The FluxCP at the link you posted seems to be misconfigured, and doesn't even have the (weak) protection provided by the index.html files that are provided with a standard FluxCP installation. The server owner should check their setup and re-create the file they deleted. (on a side note, the only thing I was able to see by visiting the link you posted, was the file list -- none of the files were actually readable, as they all returned an HTTP error 500. I'm not sure whether the files were previously visible, and I was late to the party)

That said, there are indeed some weak points and missing index.html files in FluxCP, that should be fixed. If any of the maintainers wants some insight, please PM me, as I won't be able to do it before several hours from now (possibly over IRC if you want a quick reply, or here is fine otherwise).

 

Again the same thing... Just trust me. I do not ask for nothing more.

I did removed pm message with screenshots in rA forum, so i can't find for now this screenshot to show it like a proof, where all of this (and on all servers with autodonate paypal module) php files available for read, without any protection, you can watch ANY credit, first/last name of transaction, and many more.

 

For now, administrator of woonro did close access.

But GM's of different servers, take attention to his. Check your logs for /data/ folder access, if you have some, you know what does it mean.

I can confirm.

Look like you need index.html on the following:

data/logs/*