How to Fix a Japanese SEO Keyword Hack
Our agency website was recently attacked by a Japanese Keyword Hack, after several days of anxiety, stress, hard work and dedication from our SEO team we managed to fix this hack. The pains we endured during this period were too much to bear, as a performance marketing agency a hack with this magnitude can spell your death (well not death but a coma for sure); for that reason we’re writing this blog post to help anyone that operates on a website built with a Content Management System such as WordPress or Drupal etc.
Our average position tanked (see image), insane queries were directing to our website (see image), and a host of other calamities. We believe that as a ‘Self-Learning Digital Organization’ it is our ethical duty to write this blog and educate our readers who might be facing the same hack or to educate our fellow SEOs so that action is taken preemptively.
What is a Japanese Keyword Hack?
How does the Japanese spam affect your website?
Google BlacklistingYour website will be blacklisted by Google. Google will greet any visitor to your website with a blacklist warning message in some rare cases, your website might get labeled in the search results ‘This site may be hacked’.
Loss of trustWith a hacked website you must believe that customers will begin to lose trust in the brand. As a hacked site, it will result in the stealing of sensitive information and bring a bad name to your brand.
Loss of revenue / Costs incurredIf your website is taken offline due to the hack, your online revenue source will be shut down as well as having the hacker gain control of your website. It will for sure burn a hole in your pocket, recovering from this hack can get very expensive (paying huge amounts to security service for clean up, etc.) and studies have shown that not a lot of businesses were able to recover from it.
Hosting suspensionIf your hosting provider sees that your website has been hacked. They will suspend your website and put a screen showing that your account has been suspended.
How did we manage to identify the Japanese Keyword Hack?
The Japanese Spam Hack created new pages with auto generated Japanese text on your website with randomly generated directory names (for instance, http://website.com/abrtegf/345.html). These pages are monetized using affiliate links to websites selling fake brand merchandise (as i mentioned above earlier) and then shown in Google search results.
Here are multiple methods to check if your website is hacked by Japanese SEO spam:
1. You can type “site:yourdomain” in Google search to check if your website has any Japanese links. In our case: when we typed “site:ripplemarkeg.com” in Google search, the results showed Japanese spam links as shown in the image below.
2. This type of hackers usually want to take control over your website geo settings and sitemaps or change the targeted country of your website by adding themselves as your property owners in Google Search Console.
If you see a notification or email of a Search Console verification for your site, you should check if you’ve been hacked immediately (this happened in our case as we received emails from Google Search Console about a new verified owner for our property).
3. You can check the coverage report in Google Search Console for any suspicious links (in our case we found thousands of spam links in “indexed, not submitted in sitemap” section).
How to fix the Japanese keyword hack?
- It is critical to put your hacked website temporarily offline. This will provide you with the chance to remove the hack and prevent users from visiting the hacked pages.
- Before applying any changes to the website, backup all core files, database of the website, and all files you worked with. The hacked pages will also be included in this backup which must be referred to only in case the content is accidentally deleted.
- Remove the newly created accounts in Search Console that you don’t recognize.
- It is preferable to remove all website core files, plugins, and themes to upload them again from their default origin in the same version you were using. However, this will remove all changes that were applied before. Another solution is to examine your website files and remove the malicious ones, you should also check the recently changed files for any injected code or script.
The vital directories and files to check are .htaccess, wp-config.php, wp-index.php, wp-load.php and the upload directory.
- Inspect your Sitemap and all other submitted sitemaps in Google Search Console containing suspicious links to remove the ones added by the hackers.
- Check for cloaking in which the infected page appears to Google in a different version containing the hackers’ injected keywords while appears to website owners and normal users in a different way. So when you click on one of the spam links, it might appear as a not found page with 404 error but in the same time appears to Google with the injected Japanese data. You can check by using Google URL inspection tool that shows you how Google actually views your webpage.
- Run a Malware Scan for your website. If you use WordPress, you can use WP Hacked Help, wordfence, or many other scanners. We recommend using Sucuri, the leading security plugin we are using for our website.
- After cleaning your website, request a website review from the Security Issues Reports in Google Search Console.
How to Remove Japanese URLs from Google?
Unfortunately, Google will index your hacked pages. Although your website is fixed, you might find thousands of malicious links still indexed for your website and this is what actually happened in our case. You can wait for Google to re-index your website and remove all these links, however, to save time you can use one of the following methods to delete these links from Google index.
- Remove hacked pages from Google index manually: first, you need to identify all malicious pages you need to remove by typing “site:yourdomain” in Google Search (as we mentioned above earlier) or by checking the coverage report of Google Search Console. Then, use Google Search Console URL removal tool to submit each page link.
- Remove hacked pages from Google index automatically: use the Bulk URL Removal Extension for Google Chrome along with the Removal Outdated Content Page in Google Search Console.
Before and After Effects on ripplemark Egypt
Contact us today for more information on our Search Engine Optimization (SEO) services and visit our ‘10 SEO Essentials to improve your website ranking’ blog post to learn more about the basics of SEO.