After my last post, I called LetsTalk.com. Our talk wasn't very fun, but it was informative. It seems this person used MY name all the way this time, and that creates a problem. Because Tina, or whoever it really is, used my name and correct home address and phone number, they wouldn't take off the charge. In fact, she had stuff mailed to MY name at:
4505 Treehouse Lane, Apt. 8C
Tamarac, FL 33319
Looking at Google, that's in the Fort Lauderdale area. Further research shows it's supposedly owned by one Akiba Reid (as of October 2007). Who knows if that's still correct or if they have anything to do with this. (But if I can find all this stuff, surely the fraud people can too?)
Anyway, from LetsTalk this person ordered:
- Samsung Memory T-Mobile Phone
- Blackberry Curve 800 T-Mobile Phone
- Bluetooth In Car Speaker
- T-Mobile My Fave Family Plan 700
She (he?) also made themselves an email address using my name in it. All too thorough.
So after talking to LetsTalk, I called Capital One again. They told me there should be a message in my "in box" on the online account site. It contained a fraud form I had to fill out and send in. I immediately did so, and by the end of the day Thursday, there were adjustments showing up on my account for all three fraudulent charges. What a relief! (Or at least I thought it was.)
Would that were the end of the story. But let's keep things in chronological order, shall we?
Yesterday (Friday if you're reading this later), I woke up to a notice in my email account that one of my websites was over bandwidth. ??? That didn't make sense to me, because it happens to be a site that got goobered up on the transition from GoDaddy to HostGator, and was pretty much just sitting there doing nothing for a long time. I finally got it to show up correctly a couple weeks ago but had done nothing to get traffic to the site so no way it should be over bandwidth.
Have you guessed what's coming? Yep, when I went to the site, there staring me in the face again was that obnoxious webpage from S*n*i*p*e*r of B*a*g*h*d*a*d. He'd hacked another one of my sites. I hadn't moved fast enough to get security up on all of them.
So yesterday I spent the entire day, and I do mean the ENTIRE day, working on security. I went down my alphabetical list of domains that have active sites, and for each site:
- I upgraded to the latest version of Wordpress 2.8.4, because in the words of the Wordpress developers "... a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested password reset."
- Once the new Wordpress was installed, I downloaded the wp-config.php file to my computer, added the four new security keys (which have over 60 characters each), and uploaded them back to the site.
- I doublechecked that I did not have any users still named "admin" (the default WP comes with), cause that makes hacking easier.
- And finally, I installed another plugin, WordPress Guard, which pops up another security window asking for a user name and password BEFORE you get to the log-in window for the Wordpress administration.
Of course, what this means is that now for every single site, I have different user names and passwords for:
- Cpanel (server side admin)
- each database
- php admin
- Wordpress Admin
- Wordpress Guard security
- and lastly, for each email associated with that site.
Repeat that over 14 times, and you're starting to understand why I have pages and pages of Excel spreadsheets with user names and passwords.
As for the site the jerk hacked, I never did get it working correctly again. I'll go back to it when I'm ready to do a complete update. And I didn't get through all 14 working sites. Nope, I got down to the number 11, which had a really old version of Wordpress on it, thus requiring a manual upgrade instead of an automatic one, and had just deleted the old files off the server . . . when the internet went out.
That meant talking to Mediacom again. I really wish I knew if the newer Fayetteville cable service was any more reliable. It's such a hassle to change, and I'd hate to do it and find out the new service wasn't any better, or the way things have been going lately, even worse.
At any rate, the first call got me nowhere. They couldn't figure out the problem, and scheduled a maintenance call at supposedly the first available time - Monday. (I guess their service department doesn't work weekends?)
In the meantime, I started getting a screen for "Mediacom activation", wanting my account number and a code to register. So I called Mediacom back. Supposedly they tried doing it from their end. Without success. It took a third call with the guy telling ME what to fill in, before the internet service came back.
But once again, to my desktop only. I can't get the new router to work. sigh. . .
NOW we come to this morning, and we're back to the credit card debacle. In my last post I said the last pending charge had showed up on my old credit card. Well, I guess I was right about that, but this morning I got an email saying "we are notifying you that on AUG 15, 09 at 5:38am, $848.76 was charged to your account."
Not to my old account, mind you. No, the last four digits were the ones for my new account. You know, the one I don't even have the card yet, could no way have activated, and why did they put a charge on that account!??????
Another phone call. Another, "we can't do anything on the weekend" sort of deal. I'm supposed to call the fraud department on Monday and ask them what the deal is. That's the same amount that was charged to Dell using my OLD credit card account, which was then credited back, and now why is it showing up on the NEW account????
And if you think it took you a long time to READ this post, just think how long it's been taking me to DO all this stuff. None of which I would have to do if there weren't so many cyber crooks and cyber vandals in the world, creating trouble and work for other people.
I need a break before I break down.
0 comments:
Post a Comment