Prevent direct access to include files
I've noticed that some files in the /includes directory have nothing preventing them from being directly accessed from the outside world. I'd suggest that include files have some logic to prevent direct access to these files or moving the entire directory out of the http root as a security precaution.
Comments
I recently had a dos attack, and it looks like many of the sendy files were attempted or gained access. What is the best way to secure sendy?