Discovering the Hack
1. Identify infected pages using Google Search
You can uncover such pages by opening Google Search and searching for:
site:[your site root URL] japan
Navigate through some pages of the search results to see if you discover any suspicious looking URLs. These are the pages indexed by Google containing the word ‘japan’. If you notice pages with the Japanese characters in the title or description, it is likely that your website is infected.
2. Verify with Security Issues Tool in Google Search Console
In your Google Search Console (earlier called Google Webmaster Tools), navigate to the Security Issues Tool in the left sidebar.
3. Fetch as Google to check for ‘Cloaking’
When you visit any of these hacked pages, you might see a 404 not found page suggesting that the web page doesn’t exist. Be careful, the hacker may be using a technique called cloaking. Check for clocking by using the “Fetch as Google” tool in your Google Search Console.
Fixing the Japanese SEO Spam Hack
1. Remove any newly created user accounts in the Search Console
If you don’t recognize any users in the “Users and Property Owners” tab, immediately their revoke access. Websites hacked with the Japanese SEO Spam add spammy Gmail accounts as admins so that they can change your site’s settings like sitemaps and geotargeting.
2. Run a Malware Scan
Scan your web server for malware and malicious files using the ‘Virus Scanner’ tool in the cPanel provided by your web host.
3. Check your .htaccess file
Hackers often use the .htaccess file to redirect users and search engines to different malicious pages. Verify the contents of the .htaccess file from a last known clean version of the file from your backups. If you find any suspicious code, comment it out by putting the ‘#’ character in front of the rule.
4. Check Recently Modified Files
Login to your web server via SSH and execute the following command to find the most recently modified files:
find /path-of-www -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r
If you are an Astra customer, you would have received an email telling you about malicious file changes.
5. Check your Sitemap
A hacker may modified, or added a new sitemap to get the Japanese SEO Spam pages indexed quickly. If you notice any suspicious links in the sitemap, ensure that you quickly update your CMS core files from a last known clean backup.
6. Prevent future attacks with a Website Firewall
Another option to prevent the Japanese SEO Spam infections is to use a Website Firwall.
If you are still looking for an expert then feel free to reach out to us at support@ingressit.com and someone from our team will surely help you.
No comments:
Post a Comment