Removing Japanese Keyword Hack from your Website – Step By Step Guide With Video Tutorial
Many website owners have contacted us worried about Japanese SEO Spam or Japanese Keyword Hack. In a Japanese keyword hack, autogenerated Japanese text starts to appear on your site. This particular Blackhat SEO technique hijacks Google search results by displaying Japanese words in the title and description of the infected pages. It happens when different web pages are shown to search engines and normal visitors.
This attack is also known as the “Japanese Keyword Hack”, “Japanese Search Spam” or the “Japanese Symbol Spam”.
When using a Content Management System (CMS) like OpenCart, Magento, Drupal or WordPress you’ll find auto-generated Japanese SEO Spam pages. These pages contain affiliate links to stores selling fake brand merchandise. These Japanese products are ‘Spamvetised’ to increase revenue and benefit from the outbound links from your store.
Infected with Japanese SEO spam? Drop us a message on the chat widget and we’d be happy to assist you.
Contents of This Guide
- 1 Reasons for the Japanese Keyword Hack
- 2 Discovering the Japanese Keyword Hack
- 3 Fixing the Japanese Keyword Hack
- 3.1 Backup Your Site Before Cleaning
- 3.2 Remove any newly created user accounts in the Search Console
- 3.3 Run a Malware Scan
- 3.4 Check your .htaccess file
- 3.5 Copy your WordPress configuration database connection strings
- 3.6 Step 6 – Check Recently Modified Files
- 3.7 Replace core files, plugin files & theme files
- 3.8 Check your uploads dir
- 3.9 Check your Sitemap
- 3.10 Step 7 – Prevent future attacks with a Website Firewall
- 4 Astra
Reasons for the Japanese Keyword Hack
There could be many reasons for the appearance of Japanese hack on your site. The most common of them are:
Outdated CMS version
If you will look at these shocking stats, you will know that outdated CMS is the number one reason why your website might have been hacked. Even though there CMS developers are agile in releasing security patches, web owners often ignore it. These unpatched security loopholes become a reason for Japanese Keyword Hack later.
Not all plugins are secure. And surely not all are maintained & updated regularly. Hence, you may want to check the plugins before installing them. Moreover, limit usage of third-party plugins. And, if you are compelled to use one, do check its last update, reviews, and support. A plugin with bugs is another for a Japanese Keyword Hack.
Enabled Directory browsing
Enabled Directory browsing allows a hacker to fetch details of your directory by a simple online search. The results may be hazardous for your website. He can, then, use this data to execute Japanese keyword hack. So, always make sure to disable your directory browsing.
Improper File Permissions
Having improper file permissions is another security hole. Generally, setting permission of 644 for files and 755 for directories is considered best. Moreover, the recommended permissions for sensitive files like the config.php file and contents folder, is 400.
Discovering the Japanese Keyword Hack
Japanese SEO Spam: Identify infected pages using Google Search
You can uncover such pages by searching for
site:[your site root URL] japanin the Google search.
Next, page through some of the search results to see if you discover any suspicious-looking URLs. These are the pages indexed by Google containing the word ‘Japan’. If you notice pages with the Japanese characters in the title or description, it is likely your website is infected.
Japanese Keyword Hack: Verify in Google Search Console
In your Google Search Console (earlier called Google Webmaster Tools), navigate to the Security Issues Tool in the left sidebar. You will see a result similar to the following:
Japanese SEO Spam: Fetch as Google to check for ‘Cloaking’
When you visit any of these hacked pages, you might see a ‘404 page not found’ suggesting that the web page doesn’t exist. Be careful, the hacker may be using a technique called cloaking. Check for cloaking by using the “Fetch as Google” tool in your Google Search Console.
Fixing the Japanese Keyword Hack
Backup Your Site Before Cleaning
Before starting with the malware cleanup process, take a backup of your current site. In the event of anything going wrong, you can restore this version. Make sure to take the backup file in a compressed format like a zip file.
Remove any newly created user accounts in the Search Console
If you don’t recognize any user in the “Users and Property Owners” tab, immediately revoke their access. Hackers add spammy Gmail accounts as admins so that they can change your site’s settings like sitemaps and geotargeting.
Run a Malware Scan
Scan your web server for malware and malicious files. You can use the ‘Virus Scanner’ tool in the cPanel provided by your web host. Or you can get expert malware cleanup with the Astra Pro Plan.
Check your .htaccess file
Hackers often use the .htaccess file to redirect users & search engines to malicious pages. Verify the contents of the .htaccess file from a last known clean version of your backups. If you find any suspicious code, comment it out by putting the ‘#’ character in front of the rule.
Copy your WordPress configuration database connection strings
Your wp-config file is your website’s configuration file and clearly most wanted by hackers. In case of a hack, the attacker can insert malicious content in this file also. You need to thoroughly scan this file and remove the unfamiliar contents to remove Japanese SEO spam from your website.
However, editing wp-config may create a mess if you unknowingly delete something vital. Thus, inspite of editing it you can take a copy of your WordPress database connection strings and make a totally new file out od this. Then, delete the former infected wp-config file.
NOTE: Wrongly editing wp-config file can take your website down, so be very careful.
Step 6 – Check Recently Modified Files
You can find recently modified files by following these steps:
– Log in to your web server via SSH.
– Execute the following command to find the most modified files
find /path-of-www -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r
If you are an Astra customer, you would have received an email telling you about malicious file changes.
Replace core files, plugin files & theme files
You can replace the infected core files with the original versions of the same from WordPress.org. After downloading the fresh and updated versions of these files & directories, you can delete the older ones.
Check your uploads dir
Check your wp-content/uploads directory for files with blacklisted extensions, like .php, .js and .ico. If you find such files, check the content for characters like base64_decode, rot13, eval, strrev, gzinflate, etc. Eliminate files all such files as they are supposedly malicious.
Check your Sitemap
A hacker may have modified or added a new sitemap to index the Japanese SEO Spam pages quickly. If you notice any suspicious links in the sitemap, quickly update your CMS core files from a last known clean backup.
Step 7 – Prevent future attacks with a Website Firewall
Another option to prevent the Japanese SEO Spam infections is to use a Website Firewall. Our Security Suite helps to automatically secure your site and virtually patch software by preventing malicious requests from reaching your website.
Another similar SEO spam attack in WordPress is the pharma attack. This attack shows spam pharmaceutical products like Viagra, Cialis, etc on your website’s SEO titles or URLs.
At Astra, we have a team of dedicated security experts who daily resolve dozen similar security issues. We deploy Astra Firewall for 24×7 security of your website from XSS, SQL Injection, bad bots and 80+ other threats.
Take an Astra DEMO now.