Quote:
All the site has to do for that scenario is to lock down the folder where the images are stored by not allowing it to be viewed. I'll be posting an apache configuration tutorial soon that'll show how to lock down apache for image viewing, file permissions, cgi/includes, and other things...good post though!
well i did check the site again and tried to crack in again.. they didnt do much except change the names of the folders... lmao... as usual.. i managed to access their logs... and as expected i e-mailed them again and attached their logs as a proof and told them about their mistake.. hope they do something smarter..