Dormant VPSB Pathogen
Reminds me of the GVH password reset incident last year when people received dozens of reset emails...This is honestly, scary......
Are you saying you had a php file that would just execute a whole email event by simply browsing to the link?
If the email program could be triggered by someone visiting the URL then an index.html file wouldn't be adequate protection. The directory should have been password protected or IP access restricted.The fact that information could leak by you forgetting to upload a blank index.html is strongly indicative of you being unprofessional in your approach to development
The lack of an index.html file isn't the only problem with that website. SSL Labs gives it a big fat C rating. How many months ago was the Poodle vulnerability disclosed and Harzem still hasn't bothered to fix it? It takes 2 effin' seconds to disable SSL 3 and another 2 seconds to fix the other SSL problems, even Jonny's 10 year old sister could do it so what is the excuse?
That is to be expected because a consumer reporting service that isn't even run by a registered company is the definition of unprofessional and reeks of Ringling Brothers.trying to deflect the blame is unprofessional.