Website security

[Krynn72]

So, some foreign dude with bad english sent me an email saying how it was a shame that my content was spreading. Well, heres the whole email.

Hello, your webserver is open from the back side. do something about it.
I think it's a shame if your material is spreading so silly way.

Nice fella. He also attached a screenshot of a public section of my site. Now, while I don't really care that the material on this part of my site is exposed (its pretty much a miscellaneous dump of images so I can hotlink them in the Image Dump), I'm afraid that he also means the rest of my site is open. So how do I close the back side hes talking about? Also, is there a way to allow hotlinking while not allowing people to view the rest of the contents just by changing the url? Or is this not even a real problem?

I don't know jack about website security, as you might have gathered.

Heres my own screenshot of what his screenshot was showing. (I dont want to open his image, out of fear of viruses. I just saw the thumbnail in gmail.

 

[VirusType2]

I don't know jack about it either, but as a first step, I would immediately change the password to a stronger one, regardless of what he says.

 

[Wizard]

He has obviously hacked the gibson. I think you're keeping your stuff in a directory that has no password. Change this.

 

[Krynn72]

K, changed password, and changed permissions to now allow World or Group to read/write/execute, whatever that means. Now you get denied when you type in that url. How do I set a password on a directory? I'm not seeing any options to do so with the file manager my host provides.

Whats a gibson?

 

[[Dragoon]]

Read this, assuming you run Apache. http://httpd.apache.org/docs/2.0/programs/htpasswd.html

You may also be able to set a password from your control panel, if you have one, depending on the software.