Japanese SEO Spam

How to Fix a Japanese SEO Keyword Hack

Our agency website was recently attacked by a Japanese Keyword Hack, after several days of anxiety, stress, hard work and dedication from our SEO team we managed to fix this hack. The pains we endured during this period were too much to bear, as a performance marketing agency a hack with this magnitude can spell your death (well not death but a coma for sure); for that reason we’re writing this blog post to help anyone that operates on a website built with a Content Management System such as WordPress or Drupal etc.

Our average position tanked (see image), insane queries were directing to our website (see image), and a host of other calamities. We believe that as a ‘Self-Learning Digital Organization’ it is our ethical duty to write this blog and educate our readers who might be facing the same hack or to educate our fellow SEOs so that action is taken preemptively.

Japanese SEO Hack Effect on Website Position and Clicks
You can see the effects of the SEO hack in this image, whereby your position tanks and your clicks skyrocket due to your website’s URLs being used to direct users to affiliate links to fake merchandise.
Japanese SEO Hack Example of Queries

What is a Japanese Keyword Hack?

Can also go by the following names Japanese Search Spam, Japanese SEO Spam, or Japanese Symbol Spam. The Japanese keyword hack is a type of SEO spam. With these scams, auto generated Japanese texts begin to appear on your Search Engine Results Page (SERPs) and create a large number of Spam 404 pages with your domain name. This specific black hat SEO technique hijacks Google’s SERP’s by displaying Japanese keywords in the meta title and description (See image below) of the infected pages. When using a Content Management System like Magneto, OpenCart, Drupal, or WordPress you’ll find auto-generated Japanese SEO Spam pages. These specific pages contain affiliate links to certain websites selling fake merchandise. When users visit your website and click on these links, hackers receive commissions.

When a website gets hit with the Japanese keyword hack, it’s critical to clean the infection immediately. The longer this hack remains, the more damage occurs.

How does the Japanese spam affect your website?

  • Google Blacklisting

    Your website will be blacklisted by Google. Google will greet any visitor to your website with a blacklist warning message in some rare cases, your website might get labeled in the search results ‘This site may be hacked’.
  • Loss of trust

    With a hacked website you must believe that customers will begin to lose trust in the brand. As a hacked site, it will result in the stealing of sensitive information and bring a bad name to your brand.
  • Loss of revenue / Costs incurred

    If your website is taken offline due to the hack, your online revenue source will be shut down as well as having the hacker gain control of your website. It will for sure burn a hole in your pocket, recovering from this hack can get very expensive (paying huge amounts to security service for clean up, etc.) and studies have shown that not a lot of businesses were able to recover from it.
  • Hosting suspension

    If your hosting provider sees that your website has been hacked. They will suspend your website and put a screen showing that your account has been suspended.

How did we manage to identify the Japanese Keyword Hack?

The Japanese Spam Hack created new pages with auto generated Japanese text on your website with randomly generated directory names (for instance, http://website.com/abrtegf/345.html). These pages are monetized using affiliate links to websites selling fake brand merchandise (as i mentioned above earlier) and then shown in Google search results.

Here are multiple methods to check if your website is hacked by Japanese SEO spam:

1. You can type “site:yourdomain” in Google search to check if your website has any Japanese links. In our case: when we typed “site:ripplemarkeg.com” in Google search, the results showed Japanese spam links as shown in the image below.

2. This type of hackers usually want to take control over your website geo settings and sitemaps or change the targeted country of your website by adding themselves as your property owners in Google Search Console.

If you see a notification or email of a Search Console verification for your site, you should check if you’ve been hacked immediately (this happened in our case as we received emails from Google Search Console about a new verified owner for our property).

3. You can check the coverage report in Google Search Console for any suspicious links (in our case we found thousands of spam links in “indexed, not submitted in sitemap” section).

Japanese SEO Hack Coverage Report Search Console

How to fix the Japanese keyword hack?

  • It is critical to put your hacked website temporarily offline. This will provide you with the chance to remove the hack and prevent users from visiting the hacked pages.
  • Before applying any changes to the website, backup all core files, database of the website, and all files you worked with. The hacked pages will also be included in this backup which must be referred to only in case the content is accidentally deleted.
  • Remove the newly created accounts in Search Console that you don’t recognize.
  • It is preferable to remove all website core files, plugins, and themes to upload them again from their default origin in the same version you were using. However, this will remove all changes that were applied before. Another solution is to examine your website files and remove the malicious ones, you should also check the recently changed files for any injected code or script.

    The vital directories and files to check are .htaccess, wp-config.php, wp-index.php, wp-load.php and the upload directory.

  • Inspect your Sitemap and all other submitted sitemaps in Google Search Console containing suspicious links to remove the ones added by the hackers.
  • Check for cloaking in which the infected page appears to Google in a different version containing the hackers’ injected keywords while appears to website owners and normal users in a different way. So when you click on one of the spam links, it might appear as a not found page with 404 error but in the same time appears to Google with the injected Japanese data. You can check by using Google URL inspection tool that shows you how Google actually views your webpage.
  • Run a Malware Scan for your website. If you use WordPress, you can use WP Hacked Help, wordfence, or many other scanners. We recommend using Sucuri, the leading security plugin we are using for our website.
  • After cleaning your website, request a website review from the Security Issues Reports in Google Search Console.

How to Remove Japanese URLs from Google?

Unfortunately, Google will index your hacked pages. Although your website is fixed, you might find thousands of malicious links still indexed for your website and this is what actually happened in our case. You can wait for Google to re-index your website and remove all these links, however, to save time you can use one of the following methods to delete these links from Google index.

Before and After Effects on ripplemark Egypt

After working on all the above points we managed to win back our rankings and went back to ranking number 1 position for a host of terms related to performance marketing agency (see images below).
ripplemark Performance Marketing Google Ranking
ripplemark Performance Marketing Agency Google Ranking

Contact us today for more information on our Search Engine Optimization (SEO) services and visit our ‘10 SEO Essentials to improve your website ranking’ blog post to learn more about the basics of SEO.

Write a Comment

Your email address will not be published. Required fields are marked *