OK, a quick update on how things are going with the site. Google have no pretty much knocked us off the internet. Any search you do in Google that returns a Coolsmartphone page will have a horrible message under it saying, “This site may harm your computer”. If you visit us in Firefox you’ll get a really horrible red page warning you about us and it’ll refuse to load the page unless you ignore it.
We’re now 100% sure that we have located the issue and removed it. I want to thank forum member “sTeDay” for his help this evening, plus all the messages of support, assistance and concern you’ve been sending through – it’s very much appreciated. Although we’ve removed the issue I’m slightly at a loss to explain how it got there. A news story here on the front page had been amended and an IFRAME had been added to the end of it pulling code from a nasty website which was attempting to infect your machines with exe files from various other websites. Somehow it had also amended the forum post relating to this same story, which is a little confusing as our internal systems wouldn’t normally fire edits across to the forum automatically.
The problem could have also started in the ads on the side of the site so I’ve removed every single Flash and Java advert. This obviously has a massive financial hit for us, but I’m well aware of the problems you guys have been having out there and I want to ensure it doesn’t happen again. I’ve had emails and comments from people who’ve had to re-format their machines and start again. Although I personally believe that everyone using the internet should use an anti-virus (AV) system, I want to personally apologise to all those who either didn’t update their AV, didn’t use AV or had AV that missed the attempted download.
If there’s anyone out there with experience of this hack (which came from klikvp.com amongst other places), please give me a yell on firstname.lastname@example.org. Although I’ve removed the offending code I’m unable to trace any sort of SQL injection in any log file on our main server, so I’m assuming it’s a different type of hack. Also, if anyone has any contact with Google I’d love to hear from you – I’ve just filled in a form in their Webmaster tools and got this reply…
“If we find that it’s no longer in violation of our Webmaster Guidelines, we’ll reconsider our indexing of the site. Please allow several weeks for the reconsideration request.”
Several weeks? It took just a few days to blacklist us and block Firefox / Google Chrome access. Several weeks would leave us dead in the water, so please help if you can. :(
Thanks for your patience during this time. If any of our friends on other Windows Mobile websites would like to carry this story, please feel free.
Update – Many thanks to all of your offering donations. I’ve added this in below should you wish to help while we diagnose the problem. I’ve just done a thorough check with rkhunter and the good news is we haven’t had the server hacked into, so it looks like an SQL injection of some kind possibly.