[skunkbad]

One of the websites that I maintain is on a server where I can fopen() and fread() anything on the server. There are a few hundred websites on there, and I don't believe I should have access to go into them, but I wanted to test so that I could improve my own security. "fopening" these files reveals ALL code, even preprocessed php code / asp code. Is there a way that I can protect the site I am working on from other people "fopening"? Server is a windows server with IIS. I can't use .ini files or .htaccess files, so I'm not sure I can do anything without contacting the host... Maybe I just need to change hosts. I don't like being on a windows server, but I inherited the site, and would rather not have to deal with the move.