I also have a "you are no supposed to be here" redirection page for any directory that I don't want people have FTP-like HTTP access... once, I accidentally discovered a friend's resume/CV in one of his sub-directories. I think any directory without index.html or index.php automatically have get an FTP-like html interface (if you know what I'm talking about)... like /images/ directories, which I believe most websites will have. A bit of a side-question... is there a technically correct or easier way of preventing such "unauthorized" access to these directories? I can't quite figure out a way with permissions, since for most of those directories, you'll need to set it readable by public for them to access the contents (e.g. images, javascript, etc).