I've visited a site today (no, I'm not going to tell you which one!), and I couldn't belive my eyes, when I clicked on one of the links cgi script source code just poped right up! I could actually see the source code and wander around their cgi-bin directory! They are actually using GossamerThreads Links, but that's not the point. The only possible reason that I can think of is that their server is not configured at all. Is this the reason or is it possible that they have done something terribly wrong? I mean, where do I have to go wrong to let anyone see the source code of my script?

Yeah, they probably haven't setup their cgi-handler or their perl scripts haven't been uploaded into the proper directories.

If it's apache, they should probably take a look their httpd.conf and if it's IIS, make sure that .cgi invokes perl.exe

It's not the end of the world with links' code showing up, the (.cgi/.pm) scripts themselves don't carry any passwords... though in links sql .defs do contain a password and that is a security concern.

Yeah, but... they have outgoing email log (I couldn't resist to take a look :) ) 3MB size, with tons of email adresses and passwords, one just has to try them all out, some of those poor people that were posting links must have used their website or email adress password (I often do, I am tired of making up new and remmembeing them). I emailed the webmaster of the site, but no reply yet...