I have noticed this on a couple of my sites in the past. In viewing my sites stats I seen people (or likely bots) have linked to my sites through search engines where Backup VNU is linked to, such as: www.cakesbysherry.ca/Backups/cakesbyshe … ;55%5D.vnu (I changed actual link).
When I click on it I am taken to the backup vnu as below, and the worrying part is that it shows my hosting login information including my password, which I have again changed.

"Via-netNetUp My Websiteÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿrw›b¸rÿÿÿw›b¸Aq‡C:\Users\Mike\Documents\CoffeeCup Software\Visual Site Designer\Backups\cakesbysherry_website\files\cup_cake_background [Converted].pngÿÿÿÿ/ˆ¢/ˆ¢ÿSherrys*********.*******.com ******* ***************/public_html/cakesbysherry.caFhttp://*******.******.com//public_html/cakesbysherry.ca/index.htmlSherrysFTPÿÿÿÿÿÿÿÿÿÿÿÿøÒøÒøÒøÒøÒøÒøÒøÒøÒøÒøÒøÒøÒøÒøÒSherry's CakesFÜ;ÏÿØÿàJFIF``ÿÛC 2!=,.$2I@LKG@FEPZsbPUmVEFdˆemw{‚N`—Œ}–s~|ÿÛC;!!;|SFS||||||||||||||||||||||||||||||||||||||||||||||||||ÿÀ†1"ÿÄÿÄ5!1"2AQ‘Ba’4Sq¡Ñá#Tbr‚“ðÿÄÿÄ"!12AQ"a¡ÿÚ ?å„Á³³j õ7uw¯Ý<>õïyX`<ç§EÎl‰sŒ˜:ŸÅËÄâÝ^µ,™÷ ºæý•¬Èu2÷âªÒ£[JNòi«Ò‹ÚçÓ´©´»¨q¦àòö¸PcK]˜ÜþKm›‹¤O-˜8_Ù}N9¸ 3\^×6˜žš2Ù©½^_2s–‡=3aÔÏ…cN§®Ãd¤ÐáSà$Í»ôĘ‚úŸRõ³ŸW›éšÉôOŒóÇÊîk9‹ÿSÿT_`ˆéý’̼=á(¹´ŸIÎsÈ$0“óÒÖW«z†á‹ˆ¢Ë€tÿvP§J½GÚmk‰€ÝAèOyP­C\SÞãI-7ÖùuI…^‚ÒU}s]Ì4߉¬2dk2¬Qh4š` †boØæ».KÄ‚N®eî)²žv°DAÓ8ÌÝ£eL£°ð€-/DÉ-¿õ9EøÀ³¡Ôʦ¤ Ôuôîî6P*Ž¸Éꁭ& ðCM¤ÍÐ1£¤þ)î|—öXÊj,5Z7“ÄvÌ€6t²Ñ‹žÝr×Ü”ò^ÜCæ’c˜jƒQç伋ruÑ 3ýÑTÊHˆ¬+»6&¤’,4Z6“s¢ÏÙ“š¤,5Z7“Ä=}Å”DpÝÉhÕÚ¯on!óN(æ¤w²'º*™jž‘¦ÒYNrŽŠ^žŒŽ HR¤?„ÞÊ=ÔàÈáxS¼•ÌQ¦ÑÂÖ Þ¡s™‰!® eiÁŽA®‹'i³6+·OÓÞ­Æ9qÞÔûÇ}KÌõ>õþW-Ðî½ÛÖêöƒÚ3;¹ò‹ÄXt£tÞnP¥-–ë}iºoåÊrmÄ?UÈGœ1ñj³6Úö…©&9Æ«/hý¨ßá >á…TDW0ˆ‹3n;¦ðŽQî§GÓ©O‡m0 0±RõØ{q:ß"¹±ŸE²Ìäè¨ciU©QÎÊ‚I•ÛÖáâ3?Á\ýVÕysŸ•Àh 1G †•0$U'üuÅÎc^ Ê5ò´ªã0å‡+ÝÐ9ª4k`©ÆçhŒÂœ-:“º¿¥=Ï„]=E>çÂ*|MDE˜DIY„IE™n¶Œ ^3HË׺®áNW>zHŠtLÌ ˆŠ‚Ý6 Û4»GMºžRÝŽÿDE¿ÿÙ.)zpage1 Sherrys cakesð w›b¸ð"

After seeing this I have deleted all the backup off my hosting and changed my hosting password. Should this be happening? How should I change it so it doesnt?

A trick I use is to dump a copy of index.html in every folder. If anyone browses a folder they get the index file. Otherwise they get a file list. Not perfect but keeps the curious away.

Make sure that index.html copy is blank too. No text, no headers, no nothing, totally blank text file named index.html. This will do what Prism says, stops the file trees from showing in the browser. I don't think this will do anything for the search engine bots and not having them list those files though.

I don't know how it's done myself, haven't looked into it yet, but I know there are ways to tell the search engine spiders not to spider specific files and folders. Probably using the .htaccess file. Might want to look into that, someone here may have some ideas on how that's done too.

Mikwd i think you aught to send this to CC support, in a support ticket

If its a regular occurence, they will want to put something in to automatically combat it

Adding a blank index.html file would work. Another option is to add a robots.txt file and prevent a directory listing of that folder so bots do not scan it.

Free tool here are :
http://www.coffeecup.com/firefactor/too … _generator

I was under the impression that respecting the rules in robots.txt was a voluntary thing. In other words, the good guys respect it but the rogue ones, - maybe not...

Correct. For that, I would do both. You could also go one step further and use htaccess to block it at the server level. This would then guarantee a bot cannot spider that site.

Web Access Manager gets my vote for that

Jo Ann likes that so much, she said it twice!

haha must have been in important thing to say! lol, I deleted the other one