As stated, the /config dir; as presented by Tuney, does not have an .htaccess file.
You should put one.
As for the hack used to get around .htaccess, it is well known to apache programmers and php programmers and is way beyond the scope of round cube forum.
I just want to warn all the users of tuney's script to put an .htaccess file in the /config dir.
I had one and they still got me, if you don't put one they are SURE to get you.
"emsignup.php" is one of the TOP 10 Search Result Hits for my site, you don't think people are looking for emsignup.php by name because they want to "sign-up", huh? Obviously they are looking for DB's to crack...
renameing the emsignup.php file, RC folder and emsu folder to 16 char. ascii helps to limit the results from emsignup.php searches on gogle, yaho and .......
Be warned, be careful.
Alex