Black hat seo spam in ecommerce

We use Content Management Systems like Magento, Prestashop and OpenCart to create and design web pages. However, designing a web page is not enough. It is also important that people actually visit our website. Nowadays people use Search Engines like Google to look up content and go about their daily needs on the Internet. In order to increase our visibility in Google’s search results, we use Search Engine Optimization techniques (SEO Techniques). A lot of backend effort is needed so that we can get our site listed in the top search results of Google. However, nowadays SEO Poisoning in Magento, Opencart & Prestashop has started appearing and causing security issues for website owners.

They are taking advantage of our hard earned SEO techniques since they can get better visibility for their spam websites through the better rankings on our website. Hence we should know more about such spam techniques.

This article discusses all of these Black Hat SEO Spam attacks with their symptoms, causes, outcomes, and steps to fix them.

Related Post: 27 SEO Professionals Share Their Ecommerce SEO Tips

SEO Poisoning: Japanese Keyword Hack in Prestashop, Magento & OpenCart

Also known as the Japanese Keyword Hack, it is an illegal BlackHat SEO Spam technique which places auto-generated links in Japanese text in your websites which have been developed using Content Management Systems like Prestashop, OpenCart, Magento, Drupal and WordPress. When someone visits your website and clicks those links then he/she will be redirected to an affiliate website which sells fake brand merchandise and apparel. It can be read in more detail here.

Detecting the Japanese Keyword Hack

  • If someone verifies our site without permission in Google Console
  • We check the pages that Google has indexed for our website by typing in site:_your site url_ in the Google Search Bar. If we find unknown links then we might have been hacked
  • We perform the above steps and get a 404: Page not Found Error . But if we check for cloaking by entering our site’s URLs in the Fetch as Google tool and we see anomalous results then we have been hacked

Japanese SEO Spam

Effects of Japanese SEO Spam on your website’s SEO

  • When we want to check the list of web pages indexed to our website, we can go to google.com and type site:<our URL>. If our website has been hacked, we see URLs with Japanese Gibberish associated with our website. It negatively impacts our SEO.
  • An unknown user will verify our website as a secured property owner by playing with the sitemaps or geotargeting features. Such an action will pop up in the Search Console feature (which is provided by Google to Web Content Designers to manage security issues related to their websites). Thus, Google’s search results can even show our web pages as hacked. This can lead to loss of revenue and traffic for our website.

Fixing the Japanese Keyword Hack

Initial Steps:

  • First Take the website offline so that users don’t visit the infected pages while you are cleaning it.
  • Take a Backup of all the core files and databases.
  • All the steps mentioned below need technical expertise. You should have knowledge of PHP, CMS and Google’s SEO tools. If you don’t have the requisite technical skills, our engineers can help you.

Infected with Black Hat SEO Spam? Drop us a message on the chat widget and we’d be happy to help you. Fix SEO poisoning now.

Fixing the Hack:

  • Remove Newly created accounts from Google search console which you don’t recognize by removing the associated verification token which will be an unknown .html file created in the root of your website
  • Replace and clean all the .htaccess files which hackers use to redirect users away from your website
  • Check and remove any malicious files and scripts by reinstalling all the core CMS files. Also, do look for any recently modified files
  • Check the Sitemap to see if there are any new suspicious links created by the hacker which helps to index their pages faster
  • Run a malware scan on your website

After performing all the above steps, your website should be secure. In order to check your website’s safety, perform a Fetch operation using Google to see if it returns a “Not Found” page which can show that you have finally cleaned your site.

SEO Poisoning : Gibberish Keywords Hack in OpenCart, Prestashop & Magento

Gibberish hack results in the creation of spam pages that are added to your website. Such pages are generally filled with gibberish-text that is rich in keywords, along with the corresponding links. Sometimes they also contain images to manipulate search engines and increase the ranking, traffic of the pages in Google search. On visiting these hacked pages, you will be redirected to an unrelated page, such as a fake merchandise site. Hackers generate revenue when people visit these spam pages.

A redirected spam page generally would look like this:

Gibberish Text Page

Also, Hackers often use cloaking to make it harder for the site owner to detect whether the website has been infected or not. Cloaking is a technique that enables hackers to display the gibberish/spammy URLs or content to the users and search engines, while to the site owner it may show an HTTP 404-page error.

Detecting the Gibberish Keywords Hack

  • If we use the Fetch As Google Tool then we can see the search results as Google indexes them for a normal user. This can enable us to detect if any unusual URLs have been added to our website.

Infected with Black Hat SEO Spam? Drop us a message on the chat widget and we’d be happy to help you. Fix SEO poisoning now.

Effects on your Website SEO

  • We slowly lose credibility with our customers as our websites have been infested with spammy pages and the website traffic slowly goes down.
  • If left unchecked, Google can blacklist our site as a spam website if the incidence of spam links on our site increases.

Fixing the Gibberish Keyword Hack in OpenCart, Prestashop & Magento

  • Take your website offline so that you can deal with any backdoors or hidden doors. If the website is connected to the internet, the infection may reoccur
  • Back Up your website so that you don’t lose any data which might get accidentally deleted
  • The gibberish hack uses the .htaccess file to redirect users away to the spam website. So it is important to locate the .htaccess file of your site first. To find these files, simply search for .htaccess file location along with the name of CMS in a search engine to get the directory where it is located. The search results might include directories for storing multiple .htaccess files. Replace all of these searched files with the default and clean version for each file.
  • Hackers can also use names similar to the existing keywords so that they can add these malicious files to the server. For Example,
    <title>{keyword}</title>
    <meta name="description" content="{keyword}" />

    <meta name="keywords" content="{keyword}" />

    <meta property="og:title" content="{keyword}" />

    <div style=position: absolute; top: 1000px; left: 1000px;>Cheap prescription drugs </div>

    Here the word “keywords” is being replaced with “keyword”. We need to check for such keywords and remove the malicious code.

  • Also, the hackers can inject malicious code into our files. They generally use Javascript or PHP to do so. SEO spam code The malicious code has essentially infected the entire file. You might need to upload a clean version of the file to your site.
  • If a larger portion of your site is infected, you might want to consider reloading a clean and default version of the core CMS and plugin files on your site.

All of the above steps need some technical expertise. If you feel you are uncomfortable with it, you may scan your website with our tool to detect malware.

SEO Poisoning : Pharma Hack in Prestashop, OpenCart & Magento

Your website needs credibility and security to attract customers. Spam can be devastating in that context. A hacker doesn’t worry about the size of your website, so your site is always at risk of getting infected. Read more on Pharma SEO Poisoning  here.

At Astra, we have a team of security experts who on a daily basis help website owners and developers to secure their website from attackers. Our intelligent firewall provides real-time 24×7 security against bad bots, hackers, malware, XSS, SQLi and 80+ attacks. Astra Firewall is highly customized for Prestashop, OpenCart & Magento to give all-around security to your E-commerce store.

Take an Astra Demo now.

Was this post helpful?



Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Rohan Roy

An IT engineer and a cyber security enthusiast, I research on bugs and flaws in Content Management Systems like Drupal and WordPress and discovering how to remove them.

2 Comments

  1. amazing articles looking forward to more informative blogs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close