Japanese keywords hack, also known as Japanese SEO Spam, Japanese Search Spam or the Japanese Symbol Spam can be devastating to see on your website. Certain websites complain of being affected by this type of search spam that results in the appearance of hacked pages with a different page title and content. The Google search results will display the infected pages with their content in Japanese characters.
Content Management System (CMS) based websites like WordPress, OpenCart, Drupal or Magento, when hacked, result in the creation of new spammy pages with an autogenerated Japanese text. These infected pages contain affiliate links to stores that sell counterfeit brand merchandise. The hackers generate revenue from these outbound links inserted in your website page.
How to identify the Japanese keywords hack?
Japnese Keyword Hack is a type of hack that majorly affects the core files and the database of the website. To surf through each file to detect the hack is a tiresome process. You may follow three different approaches to detect if your website has been infected with this type of hack. Below mentioned are the ways to check this hack:
Using Google Search to identify hacked pages
Google search can be the initial step towards identifying the infected pages in the WorPress website. To discover these pages, open the google search and type in: site:[your site root URL]
Google will display all of the indexed website pages, including the ones that have been hacked. Navigate through the search results and check for any suspicious looking URLs. In case you find any of your website with the titles or descriptions in Japanese characters, it is possible that the site has been infected.
However, if Google search doesn’t provide any such hacked content, try a different search engine with the same key terms. There may be a possibility that other search engines display the infected content/URLs that have been removed from the Google index.
Using Google Search Console to detect the hacked content
Google advices webmasters to register their websites with Search Console to receive timely notifications in case of hacking. To look for the hacked pages, go to Search Console> Security Issue tool. The tool will verify if any of the hacked pages have been indexed by Google.
Use Fetch as Google to detect Cloaking
Cloaking is a common technique implemented by the hackers to display different URLs or content to the users and search engines than they expected. The site owner may be tricked and shown an empty or HTTP 404 page error whereas the site may be still hacked. The Fetch as Google tool in your Google Search Console must be used to check for cloaking. The tool will help see the underlying hidden content.
Need Help Fixing Japanese Keywords Hack
Steps to be taken before fixing the hack
- Before you start to fix this hack, it is essential that the infected website is temporarily put offline. This will provide you with a time to remove the hack and also prevent the users from visiting the hacked pages.
- Additionally, take a backup of the core files and the database of the website before making any alterations to them. The backup would also contain the hacked pages and must be referred to only in case the necessary content is accidentally removed. Also, ensure to keep a copy of all the files that you work with.
User may follow the below mentioned methods to fix Japanese Keywords hack:
- Remove newly created accounts from Search Console
- Check your .htaccess file
- Remove All Malicious Files and Scripts
- Check Recently Modified Files
- Check your Sitemap
- Run a Malware Scan
- Clean your website using WPHackedHelp
Remove suspicious-newly created accounts from Search Console
Hackers more often use a common way of adding spammy Gmail accounts as admins to make changes in the settings of your website. Check for your Search Console account and find the new users that have been added.
If you don’t recognize any of the user, immediately revoke their access to the website. To confirm the legitimacy of a user, visit the Search Console verification page that will provide you with a list of verified users for the website. By clicking on Verification Details, you can view all the users that are verified for the website.
To permanently delete a user from the Search Console, you can refer to the Remove Owner section of the Managing users, owners, and permissions Help Center. The user can be successfully deleted only after removing the associated verification token.
For example, this was found in a template of one spammy doorway generator:
<meta name="verify-v1" content="JxC+bn8NTCEfKZIdusC9WQELc8FEwbi8p32wf9q0QGA=">
This line of code allows hackers to verify site ownership of compromised sites. Keep a close eye on Malicious Google Search Console Verifications
Check your .htaccess file
The attackers use a .htaccess file to create dynamically generated verification tokens in order to create spammy accounts in Search Console. In addition, this file is commonly used to trick the users, search engines and redirect them to the malicious pages.
Find the .htaccess file on your site by searching for .htaccess file location in a search engine along with the name of your CMS. From the search results, make a list of all the obtained file locations. Replace all of these .htaccess files with a default version of the .htaccess file.
At times, you might need to check a .htaccess rewrite rule before you apply it, use this tool to test your rewrite rules.
Remove All Malicious Files and Scripts
- Reinstalling CMS files: For a CMS based website, ensure to reinstall all the core files to clear any hacked content. However, ensure to keep a backup of all the files prior to the re-installation as the process will result in the loss of any customization that have been made in the files. Also, reinstall files for any plugins, modules, extensions or themes used in the site.
- It is likely that most of the affected files would have been detected using the methods discussed so far. However, it is necessary that you look for the recently modified files and the sitemap before coming to a conclusion.
Check Recently Modified Files
To search for the most recently modified files, use SSH to login to your web server account and then execute the following command:
find/path-of-www -type f -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r
Navigate through the files and see if you find any doubtful changes made to the code. If so, replace the files with the clean backup version of it.
Check Your Sitemap
It is likely that a hacker adds a new sitemap so that the Japanese SEO Spam pages are indexed quickly. Check your sitemap for suspicious links and if detected, ensure to immediately update your core files with a clean backup version.
Run a Malware Scan
Your web server may be infected with malware and malicious files. It is recommended you scan the server to detect any suspicious files and virus. Check for the Virus Scanner tool in the cPanel provided by the web host.
- Clean your website using WPHackedHelp
Having listed an array of methods requiring technical expertise, let’s consider an approach that is way smarter, consumes less time and takes the burden off your shoulders. WP Hacked Help deploys a systematic plan to clean up your WordPress website. The site is thoroughly scanned and the detected flaws are dealt by an expert team to provide you with a website free of malicious codes. Within a short span of time, your website will be live up again, running efficiently like before.
- Check the website once cleaned
It is necessary that you ensure the website is no longer affected by any hacked content. Make your website live and use Fetch as Google tool to detect if any infected URLs/ content is not removed.
The advice presented above is can effectively help you bring your site back to “normal” again. However, once the website is clean, implement security tips to prevent the site from similar attacks in the future.