Penguin’s New Baby, Author Solutions, Adds Hacking to Laundry List of Poorly Delivered Services
Kevin Weiss is line dancing on a beach in the Philippines with his cheap Cebu City laborers when his cell phone rings. He looks at the caller ID and sees it’s his new boss. “Hey, Johnny!” he answers. “You should totes be here, man.”
Uninterested, Penguin CEO John Makinson immediately changes the subject. “You need to solve this problem.” He removes his glasses and spits into the receiver, “I want this Suess girl to stop writing about Author Solutions. My picture hasn’t been Photoshopped yet, and I’d like to keep it that way.” Makinson pauses, and then the white-haired executive adds, “Make it go away.”
It’s too late. Makinson has already hung up. Weiss takes a swig of his San Miguel and turns to his employees, “Any of you guys know how to hack a website?” The music stops and the partygoers go silent. Weiss pulls a dollar bill from a condom-filled wallet and waves George Washington’s face at the crowd.
A 12-year-old boy wearing a Level 1 Hackx0r T-shirt steps forward.
“Hellzyeah!” Weiss puts his arm around the kid. “Let’s shut this bitch down!”
On Saturday morning, July 28, I turned on my laptop and checked my email. Waiting in my inbox were thousands of messages. The first one was from Twitter, informing me that they received a request to reset the password for my account. The next email was from my own WordPress blog. It said, “Someone requested that the password be reset for your account.”
The remaining 15,455 emails all came from someone named rtertdfg;lrtprot using the email address firstname.lastname@example.org. The messages, submitted automatically via my Contact Form, contained nothing but random keystrokes.
Could it be? I wondered.
I loaded my traffic stats and laughed heartily. The first thing I noticed was that someone from Cebu City, Philippines (home of more than 1,200 Author Solutions employees) had attempted to access the login URL for my blog. The hacker didn’t guess the URL right the first time, so my stat software logged a 404-error for the misses. When he did eventually figure out the correct URL, he was probably irritated to find I had Login Lockdown installed.
So my cutsey-wootsey Hackx0r-wackx0r decided to scare me by clicking the “Lost your password?” link. And let me tell you, folks. Nothing says internet bully like a fucking password reset notification in your inbox. I mean, I couldn’t get to sleep until, like, 9:30 p.m. that night.
That same person, from the same IP, hit my Contact Page repeatedly that morning. Doesn’t take a rocket scientist to figure out that Author Solutions was involved in trying to take down my site, bury me in spam, and hijack my Twitter account.
Still, I decided to verify a few facts with my host, Name.com, just for fun. The great people at customer service wrote:
Thank you for your email today. I’ve done some pouring through logs and it looks like the first IP you advised, 22.214.171.124, was indeed hitting your contact form very hard. I see 19,835 entries for that IP address in the logs from this month. [emphasis mine]
Like a good little site owner, I changed my contact form, added a Captcha, and waited. As I had hoped, this little hack of a hacker was apparently so angered by my Author Solutions and iUniverse reporting that he came back today! Guess he thought I deserved another dozen manually submitted spam messages about Mitt Romney. My favorite one merely says “Mitt for president…..” a couple dozen times.
Oh, you guys!
It wasn’t long before the password reset notifications came pouring in again, both for WordPress and Twitter.
Seriously? Who made this call, and why does he still have a job? Who at Penguin or Author Solutions thought that harassing me was in the best interest of the company’s customers and stockholders?
Oops. There I go asking questions again.