We will explain about Japanese SEO Spam, a malware that fills the Google search results of WordPress sites with pages of Japanese products that you do not remember creating.
How does malware contaminate Google search results?
There are three types of malware that contaminate Google search results with branded product pages that have not been created.
(1) The link in the contaminated search results is not from your site’s domain
→ (2) The link in the search results is not from your company’s site, but from another site that has been hacked and altered to create a malicious page. Therefore, it is necessary for the operator of the other domain site that has been tampered with to deal with the problem.
(2) The search result links to your site’s domain in the tainted search result, but the link destination does not exist.
→ In this case, this is SEO spam that takes advantage of the property of WordPress to create search result pages that do not exist. Not because your site has been tampered with, but because the hacker has taken the liberty of registering a nonexistent search results page with the search engine. It is effective to introduce a mechanism (e.g., outputting a noindex header) to prevent non-existent search result pages from being registered with search engines.
(2) The domain of your site is the link destination in the tainted search results, and the linked page leads to an illegal product site.
*When you access the illegal page, you will first fly to the site’s domain and instantly see [string].bookslit[.] sa[.]. com, etc., and you may jump to an unauthorized site.
→ In this case, it is highly likely that hackers have exploited a vulnerability and entered your site’s server, and the site’s data and files have been tampered with. We recommend that you first run a malware and vulnerability check on your plug-ins.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
If you are unable to log in to the WordPress administration screen, it is possible that hackers have also tampered with the HTACCESS file, which controls server settings.
How are contaminated search results registered in the search results?
The way a hacker has tampered with your site and registered a malicious page may be by creating that malicious page on your company’s server, or by tampering with your sitemap and registering the page in Google search results.
A sitemap is data that tells search engines which pages are on a site that can be accessed by the following URLs.
https://Your site URL/sitemap.xml
As an example, a site that has been hacked shows that the sitemap has been falsified and illegal pages have been registered as shown below.
In some malware, this page does not actually exist on the server, and when this URL is accessed, a malicious program forcibly redirects the user to another arbitrary site.
How to deal with malware Japanese SEO Spam
If there are symptoms of such malware, there may be a backdoor somewhere on the server that generates a sitemap, controls the links to it, automatically restores it if the malware is deleted, or allows hackers to read and write files on the server at will.
Basically, the solution is to remove all such malicious files and close the vulnerabilities that allowed hackers to enter in the first place.
Files commonly infected with malicious files are as follows
index.php
wp-config.php
wp-blog-header.php
theme functions.php
However, they may exist deep in the server and are often difficult to detect manually.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
