Harrisburg Hacked – Again

So the Harrisburg city council’s website was hacked.  I’m pretty sure this isn’t the first time this has happened, and it won’t be the last.  But what’s frustrating is that this can be solved at a cost of about $10 per year to city taxpayers, which is probably less than we’re paying for hosting right now.

First, being the IT Professional ™ that I am, I’m going to offer the city some complimentary advice on securing their website:

  • Stop using “lindasucksLOL” as your root password.  It’s really not that secure, though kudos for use on the mixed capitalization.  (IMPORTANT NOTICE FOR THE SARCASM-IMPAIRED AND/OR HARRISBURG MAYOR LINDA THOMPSON (MAYOR, HARRISBURG (MAYOR)):  I don’t really know the root password)
  • No matter how much she cries, no matter how much she begs — never, never give Mayor Thompson (Mayor (Harrisburg (Mayor))) the password after midnight.
  • For Christ’s sake stop replying to those emails from “legal@yourwebmaster dot com.ru”.  They aren’t really from your webmaster and you don’t really need to send him your password “or face account deleshon (sic)”!

In all seriousness, however, there is one option the city should consider.  And it would only cost taxpayers about three cents a day.

According to PennLive’s article, the webmaster does his work on a volunteer basis.  I’m curious to see what the council pays for hosting and domain registration fees.  Unless the server and bandwidth are donated to the city, we’re paying too much.

There’s no reason the city council couldn’t host its site on WordPress.com.  It would cost $10 per year (and even this is optional), be fully managed 24×7, and could be updated by anyone capable of writing a letter using Microsoft Word.  Updates and backups would be completely automatic and behind-the-scenes, meaning absolutely zero technical knowledge would be required to run the site.  And in the event of a “hack”, odds are outstanding that a backup would be automatically restored before anyone even noticed.

Unless of course you keep using “lindaLOL” as your password.  Then I can’t help you.