Alright.
I'm going to start with a story first.
Thursday I wanted to come here, look at differents threads.
I'm the type of guy who types the adress I go to when they not bookmarked, I typed psumods.uk first, and it didn't get me anywhere (normal), after that I add the ".co".
What I didn't know is that Firefox added the "www.", I then got access to the whole directory with the board's files and I can easaly download everything.
http://www.psumods.co.uk/ won't get me on the forum, I must remove the www.
The security breach is that EVERYBODY CAN access the PHP in every file.
Even the file that has the database information.
Sorry for the delay, I was expecting some sort of private message/mail.