Table of Contents [TOC]
If your website’s search results are returning Japanese text, you may have been the victim of a Japanese SEO Spam or Japanese Keyword Hack. Many site owners have been in contact with us concerning this type of attack. This is similar to SEO spam and pharma hack where the hacker injects large number of auto-generated SPAM keywords/pages in your website with random directory names. In this guide, you will learn What is Japanese keyword hack, How to find & remove Japanese keyword spam in WordPress site using various diagnostic tools & much more (remove spam pages from google search results).
Questions people ask us:
WordPress site hacking was on the rise in 2021 and in 2022 it will see major spike with advent of new vulnerabilities like log4j. We saw that large number of people are asking these questions on Google webmasters support so we thought to come up with this Japanese keyword hack removal step by step guide.
Important Update:
Spam-fighting AI is hardly new to Google’s toolbox. They’ve been employing different kinds of AI to fight spam for many years now. The latest release is supposedly capable of targeting new and existing spam trends to wipe sites with auto-generated and scraped content out of results. Google reps discussed “Japanese Keyword Hack” while announcing this AI recently.
Google claims they are now 50% more effective at catching this type of spam as soon as it appears. They also announced that the AI would actively target low-quality review sites and shopping sites. – Source
Also known as Japanese SEO Spam or “Japanese SEO Hack”. It is defined as a WordPress hack, in which a hacker adds large number of pages with titles and content in Japanese language. It can be devastating for your WordPress security and SEO rankings. The Google search results will display the infected pages/Urls/titles in Japanese language. This black-hat SEO technique has been long used by hackers to inject SEO Spam in WordPress Site along with Spam Link Injection
Pages with Japanese text are created under directories with random names like example.com/ferfsedf/fdsfdferc.html/ and so on.
Content Management System (CMS) based websites like WordPress, OpenCart, Drupal or Magento, when hacked, result in the creation of new japanese keyword stuffed pages (usually seen on index.php, tags & category URLs). These infected pages contain affiliate links to stores that sell counterfeit brand merchandise. The hackers generate revenue from these outbound links inserted in your website page.
All your SEO efforts will go down the drain. Google will penalize your website and put it in sandbox. You will loose rankings overnight and it will take months to get them back. Apart from this, huge number of backlinks made could have a long term impact on your site SEO (Read our detailed guide on removing SEO SPAM here). Hacker can add himself as a property owner in Search Console, by manipulating your site’s settings and this will help him get all the spam pages indexed in google.
Google will blacklist your website and de-index it. Anyone visiting your website would be greeted with a google blacklist warning message and in some rare cases your website might get labelled with a “This Site May Be Hacked” message in google. OR Deceptive Site Ahead Warning Message
Your Customers will lose trust in your brand. As your site is hacked, it will lead to stealing of sensitive financial information such as credit cards. It brings a bad name to your branding and your customers may never come back to your site.
when your site is hacked and taken offline, your entire revenue source will be shut down. Apart from this, if hacker gains control of your hacked woocommerce or hacked prestashop store, and injects a ransomware in your wordpress site, it will burn a hole in your pocket. Recovering from this hack might be expensive and studies show that very few businesses were are able to recover from this hack.
This is a re-generating hack, you might end up paying huge amounts to security service providers for cleanup of your hacked wordpress.
If your web hosting provider finds out that your site is hacked. They will also take your site offline and put up a screen showing that your site account has been suspended.
Japanese Keyword Hack is a type of hack that majorly affects the core files and the database of the website. To surf through each file to detect the hack is a tiresome process. You may follow three different approaches to detect if your website has been infected with this type of hack. Below mentioned are the ways to check this hack:
To start with you can run a security scan here
Google search can be the initial step towards identifying the infected pages in the WorPress website. To discover these pages, open the google search and type in: site:[your site root URL]
Google will display all of the indexed website pages, including the ones that have been hacked. Navigate through the search results and check for any suspicious looking URLs. In case you find any of your website with the titles or descriptions in Japanese characters, it is possible that the site has been infected.
However, if Google search doesn’t provide any such hacked content, try a different search engine with the same key terms. There may be a possibility that other search engines display the infected content/URLs that have been removed from the Google index.
Google advice webmasters to register their websites with Search Console to receive timely notifications in case of hacking. To look for the hacked pages, go to Search Console> Security Issue tool. The tool will verify if any of the hacked pages have been indexed by Google.
Cloaking is a common technique implemented by the hackers to display different URLs or content to the users and search engines than they expected. The site owner may be tricked and shown an empty or HTTP 404 page error whereas the site may be still hacked. The Fetch as Google tool in your Google Search Console must be used to check for cloaking. The tool will help see the underlying hidden content.
Note: If your site was infected with malware and is flagged . It may also show warning “This site may be hacked” in search results.
In order to fix Japanese seo spam from WordPress site simply follow these steps.
For more details, see below:
Hackers more often use a common way of adding spammy Gmail accounts as admins to make changes in the settings of your website. Check for your Search Console account and find the new users that have been added.
If you don’t recognize any of the user, immediately revoke their access to the website. To confirm the legitimacy of a user, visit the Search Console verification page that will provide you with a list of verified users for the website. By clicking on Verification Details, you can view all the users that are verified for the website.
To permanently delete a user from the Search Console, you can refer to the Remove Owner section of the Managing users, owners, and permissions Help Center. The user can be successfully deleted only after removing the associated verification token.
For example, this was found in a template of one spammy doorway generator:
<meta name="verify-v1" content="JxC+bn8NTCEfKZIdusC9WQELc8FEwbi8p32wf9q0QGA=">
This line of code allows hackers to verify site ownership of compromised sites. Keep a close eye on Malicious Google Search Console Verifications
The attackers use a .htaccess file to create dynamically generated verification tokens in order to create spammy accounts in Search Console. .htaccess file is used to create dynamically generated verification tokens, .htaccess rules to redirect users . In addition, this file is commonly used to trick the users, search engines and redirect them to the malicious pages.
Find the .htaccess file on your site by searching for .htaccess file location in a search engine along with the name of your CMS. From the search results, make a list of all the obtained file locations. Replace all of these .htaccess files with a default version of the .htaccess file.
You can consider replacing your .htaccess with a entirely new copy. Hackers often use htaccess and create dynamically generated verification tokens to redirect users in case where a wordpress site is being redirected to another site or creating gibberish spammy pages(tags/categories) with viagra etc in urls.
Step 1
Step 2
At times, you might need to check a .htaccess rewrite rule before you apply it, use this tool to test your rewrite rules. Also See – .htaccess hacked Cleanup
? How To Remove Malware From WordPress Site
To search for the most recently modified files, use SSH to login to your web server account and then execute the following command:
find/path-of-www -type f -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r
Navigate through the files and see if you find any doubtful changes made to the code. If so, replace the files with the clean backup version of it.
It is likely that a hacker adds a new sitemap so that the Japanese SEO Spam pages are indexed quickly. Check your sitemap for suspicious links and if detected, ensure to immediately update your core files with a clean backup version.
Your web server may be infected with malware and malicious files. It is recommended you scan the server to detect any suspicious files and virus. Check for the Virus Scanner tool in the cPanel provided by the web host.
Having listed an array of methods requiring technical expertise, let’s consider an approach that is way smarter, consumes less time and takes the burden off your shoulders. WP Hacked Help deploys a systematic plan to clean up your WordPress website. The site is thoroughly scanned and the detected flaws are dealt by an expert team to provide you with a website free of malicious codes. Within a short span of time, your website will be live up again, running efficiently like before.
It is necessary that you ensure the website is no longer affected by any hacked content. Make your website live and use Fetch as Google tool to detect if any infected URLs/ content is not removed.
The advice presented above is can effectively help you bring your site back to “normal” again. However, once the website is clean, implement security tips to prevent the site from similar attacks in the future.
Once you have cleaned up your website make sure to resubmit your website in new google search console via new URL inspection option in updated search console version or open https://search.google.com/search-console/inspect?resource_id=https://xyz.com .
>>You can also manually submit your spammy urls which have been rendering 404 after you have cleaned up your website, via Remove URL option in search console. This will remove your website which was showing spam content from google search results.
>>Check your robots.txt file, make sure to block tags/category pages from googlebot. Update robots.txt in search console too.
>>Then, Go to Old search console interface and select REMOVE URL option as seen in image below. This may be time consuming.It may take 1 week for google to completely remove your Japanese language seo spam pages from search results.
Feel free to request a quote from us for the removal of the Japanese SEO Spam from your WordPress site. If you want us to do this entire cleanup process, you can get in touch with us HERE.
Additional Resources:
https://support.google.com/webmasters/thread/6590503?hl=en
https://developers.google.com/web/fundamentals/security/hacked/fixing_the_japanese_keyword_hack
Listen/Download This Post (podcast):
Need Help: Fill out the form below and our wordpress security expert will get in touch with you.