In Light of Japan's Ebay source code getting leaked!
Some websites host their version control repository (e.g. .git/) in production. Bad people can use tools to download/restore the repository to gain access to your website’s sourcecode. Check your webserver’s configuration now and make sure that it blocks access to these folders.
https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/
Using apache directives, hide access to your file tree Inside your <VirtualHost and <Directory sections include
Options -Indexes
Also restrict access to any files you might not want to be accessed. Here is a directive that restricts access to files that end with .txt and .sql - you can add additional file types by adding another pipe '|' and the file extension (if you include the period you'll need to escape it).
<Files ~ "(\.txt|\.sql)$">
Order allow,deny
Deny from all
</Files>
Restrict all hidden files and directories
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC]
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
