When you hire someone to work for you, there’s always risk. Risk they won’t work out. Risk they’ll rip you off. Risk they’ll set a time bomb on your web server for remote detonation if they feel they aren’t getting paid soon enough or they don’t feel appreciated in an appropriate, unknowable, manner.

I made such a fateful hire several years ago when I was writing four books in three months and I needed to make an emergency web server change to a new hosting service while also consolidating several small blogs into this One Big Blog you’re reading now.

I can’t remember how I found that fellow — of if he found me — but he seemed keen enough and able enough and he was able to work fast and get the job done. He even re-structured my website server folders to create a more orderly fashion that I still use.

However, when it came time for him to present a work invoice, I was numb to learn he was demanding about 10 times more than we’d previously discussed. No, we didn’t have a written contract. Yes, we should’ve had one drawn up. I trusted him and I guess he saw me for the mark I was and overcharged me by a mile.

When I asked why his invoice was 10 times what we previously discussed, he sent me a single-spaced, 10 page reply — and as an editor, author, teacher and publisher, I knew when you ask a simple question and get snowed over by a reply that cascades and whollops and drowns — you are dealing with an expert in over-exaggeration, over-billing and over-imagination.

I was in trouble with that Narcissist because every one-sentence follow-up question I asked returned a reply of another 10 page, single-spacedness that was intended to overwhelm and under-influence. It was clear this was how he operated — by bullying clients and stepping outside the four-corners of a shared understanding to wring more money out of a business stone — but I was unmoved. I thought his invoice was completely ridiculous and I could’ve done everything he’d done myself. Since I received the invoice that fateful day, I’ve done precisely that: I run my own show in every respect.

Because the guy was trying to set me up for something worse later, I just paid his invoice and cut off his access to my server the same day. I likely could’ve convinced him to take half of what he was asking — because that’s how those jerks operate their margin — but I was aware I’d have to wade through another 100 pages of single-spaced replies to get there; and sometimes, life is more important than winning a wet cement point.

I also sensed paying him in full would release me from any further contact, and that to me then, and now, was worth every bit of blood money I paid.

A few weeks later, my website host sent me an emergency email telling me I had disallowed scripts on my server that they were disabling because the files were remotely calling a virus that could erase my entire VPS setup while putting the rest of the server in danger.


The hidden game is revealed!

The guy I hired set that viral time bomb on my server so he could remotely call and kill everything he’d done for me if I didn’t pay him. He didn’t care if I lost years of work. Revenge was worth more than reputation.

Those files were still there because, after I paid him, I cut off his access to my server. I also declined his presumed continuation to “remotely monitor and manage” my server for a monthly fee. I didn’t give him time, or the opportunity, to go in there and clean up his breadcrumb misdeeds — if, in fact, that was his plan — he might’ve permanently planted those files to blackmail me later via a third party.

I couldn’t even see the files my webhost was talking about because they were so deeply hidden in the root of my server and I had to pay them to remove those files and folders to create a safe environment again for my content.

I was furious and relieved.  Obviously, that guy had felt ripped off before with other clients and so he set himself up with a perfect ransom note on my server that he could call up anytime he wished — even after I paid him everything he said I owed.

When I recently I updated all my website HTML files for the mobile web, I discovered hidden scripts embedded in some old files that were live, but archived, and not always routinely updated. Those files were calling remote advertising to load on my website! I don’t believe in web advertising, so there’s no way I ever inserted that code into my sites.

There’s only one person in my entire history of living on the web who had access to all my history and files and server — and since there are no coincidences — we know precisely who, how and why those files were changed without my permission. All that advert rot is now removed, but it burns me up that junk was ever there in the first place.

I’m not exactly sure how to prevent this sort of nefarious hire in the future — except to try to make myself as grand an expert as possible and then only hire mainstream, reputable, firms who won’t play silly with my webserver if they feel underpaid or underappreciated. It’s risky out there, and everyone wants a slice of you; and while you may be willing to share a bit, you shouldn’t ever have to break down a byte shakedown.