I have a bunch of Perl programs sitting in a directory under my website root. Some I wrote for learning and testing Perl, while some are actually used on the website. I’ve noticed that someone unauthorized is running those Perl programs because I get email from the ones in which I was learning about sendmail. I’m guessing that someone stumbled onto this directory by guessing the most obvious name for CGI programs, and running the programs listed in their browser window to see what they can learn.
What’s the standard practice for protecting this directory from hacking attempts. I was thinking that a simple fix would be to put in a little index.htm file in the directory to prevent listing the contents in browser, although that listing has been helpful for me at times. Are there pass wording solutions or file permission settings that I should be using?
This signature line intentionally blank.