Hello here, It seems just after a fresh install ISPCONFIG using this https://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3, anyone who can put a php file can read all file on the server ? This php code will create a symlink to root of the server ( i mean the the real "/" of the server) Can i post the php code to show you the problem (only 1 line) ? Is it a normal situation ? How can we secure this ? My server has been powned by this method just few day, this how i found this.