This is a great post from a publicity standpoint. It's never a bad thing to put a human face on your business, especially if you're still small.
But, I'm afraid, the only real long-term solution to a security problem is better security. This isn't a people problem, it's a technical problem and will require a technical solution.
If someone is hacking something for nothing but some odd satisfaction, it is sort of a people problem in addition to a technical problem. The attacker could very easily point to the problem and say, "OK, I had fun while it lasted but here is the security bug: ..."
The most important bit about this, to me, is that Marty, the webmaster/brother, is apparently falling down on the job.
It's quite likely that Marty is unpaid in these duties, to which I can only say that you get what you pay for. If he IS paid, then I think it's time to replace him, and reflect deeply on the negative stereotypes associated with nepotism.
My first inclination was to just email the guy and see if I could help, but reading on, he apparently maintains a staff for other purposes he considers important, and recognizes that the relative insecurity of his site impacts their livelihoods, but doesn't see security as something worth paying for.
A donation of my time in this regard would, however noble the intent, demean the profession and relative value of security analysts and companies all over the world.
I found this exchange in the reddit comments to be interesting:
karlr42:
The only way you beat crackers is to set your site up securely and maintain it. Nothing else, including this post, will help.
MrWeiner:
No argument here. I could explain what the issue has been, but I'd rather not do that publicly. Suffice it to say that we're doing a lot of cleaning house right now.
Depending on how one interprets "cleaning house" it may be the case that Zach has in fact realized the exact point you're making.
It's probably an automated script doing it if he's running any standard software. The person running it probably doesn't speak English and is only aware of smbc in a statistical sense.
I had an interesting discussion with a friend of mine who believes that people who want to run a web site should be forced to take an exam before being permitted to do so.
Personally my view is that if you want to put up a web site, go for it. If you can't secure it your options are basically:
a) Learn to secure it; or
b) Transfer the risk and get someone to secure it for you.
It seems that from the guy running the comic site, that option a is slowly becoming a reality. However, given their appetite I get the impression they may be more suited to option b.
A lot of people would take this opportunity to rant about hackers being dickheads. I'm not going to do that. It's unproductive, and it fails to recognize the contributions hackers and ex-hackers have made to society
Hackers in the first sense are dickheads, full stop.
I find it scary that someone could write comics with such clever jokes, while simulaneously being so oblivious to the security requirements of running a website. Trying to address an anonymous hacker via Proggit is beyond ridiculous.
But, I'm afraid, the only real long-term solution to a security problem is better security. This isn't a people problem, it's a technical problem and will require a technical solution.