Home for Hackers

Created by: Lester Caine, Last modification: 21 March 2026

It's been some time since I created this page and while it gets a lot of hits for the obvious WordPress hacks, it was not being activated by a large number of the pages hackers were trying to access. There is obviously a list somewhere that people think it is fun to use against every site they find? Well now every page that does not exist on the websites gets bounced to a 404 error page and that has a link to this page, rather than simply forwarding to here. This will strip this page from the daily statistics where it sees a large percentage of the hits.

Some people seem to think I have a problem because I am happy to provide a phpinfo page for each site ... I have no concerns WHAT SO EVER making phpinfo available as it shows that ALL of my sites are up to date and it would be nice if it showed a little more information such as the fact that I am not using WordPress, MySQL and other popular hacking targets so there is no point trying to target those potential access points. I started using Interbase while it was under the Borland umbrella and switched to Firebird as the Interbase code was open sourced, and that forms the basis of all my sites, including more recently my local copy of webtrees. The fact that every live database can be backed up nightly on the fly means that even if there is a break in security, I have several days history to roll back to.

The bitweaver framework has provided a good base for security over the years and allows me to filter all the hacking attempts, but monitoring problems with the code was becoming a little difficult given all the unnecessary noise. Hopefully now I can get back to cleaning up the remaining niggles caused by the rule changes introduced by PHP8 and later builds. The sites are all running the latest PHP8.4 but there are a few edge cases, mainly in the admin tools, that still need fixing. Since day one of using PHP I took the stance that hiding errors was no use to anybody, so any warning needs to be fixed as it's identified!

I use goaccess to produce a statistics page for each site such as https://myhomecloud.uk/stats-rep.html and there is a similar log for traffic to hack attempt file names which I keep. It will be nice when IPV6 is fully deployed so that we can identify individuals causing problems, but until that time, we are stuck with the more anonymous IPV4 address blocks.