I have disabled directory listing for my php-enabled website but, when I scanned my site with Acunetix it lists all my directories, sub folders and each files on the site. I even used the software for many high profiles sites and it lists them all. I don't understand why. Maybe it is using, some kind of guessing to check if the same file exists by the same name like: include... admin... If, so should I make all my folders named like: F39#3d2 ? It is a crazy idea, but I need to hide all my directories from vulnerability scanners. Does anyone know, the solution to this problem. thanks