Loganathan Natarajan
asked on
Fixing the Japanese keyword hack
When I search with few bad words or 2 letters like as, ef, etc., in Google of my website, all were Japenese spam texts with wrong URL's. The website is built with the latest Laravel 5.6 and running in a 1&1 host. Earlier the website was just HTML based. No specific CMS was used earlier. I have referred here too, Google Docs Followed those steps with Google Search Console as well.
How do I prevent this permanently? When I scan my site, it says no threats or viruses found.
How do I prevent this permanently? When I scan my site, it says no threats or viruses found.
Implement captcha as part of the process to submit data like comments. That should reduce this kind of unwanted spam by 99% instantly without affecting valid human submissions.
If there are truly separate physical files that contain the unwanted content, then you might have an unsecured upload script.
may consider also Web application firewall (WAF) which can cover bot spam protection but one thing to note is that the long term remedy is to correct the vulnerable codes and employ regular penetration testing and vulnerability scanning of the website. Example of a WAF https://campus.barracuda.com/product/webapplicationfirewall/doc/86541236/advanced-bot-protection/
ASKER
@gr8gonzo, @btan thanks for the comments
@gr8gonzo It's basically Google Search is integrated (html code) and when the search starts, it looks like
xx site: www.test-site.com
.. truly there are no results for "xx" in test-site.com but google displays some wrong URL with Japanese texts placed.
@gr8gonzo It's basically Google Search is integrated (html code) and when the search starts, it looks like
xx site: www.test-site.com
.. truly there are no results for "xx" in test-site.com but google displays some wrong URL with Japanese texts placed.
Yes, I know. But attackers have to be able to inject content into your site first. So either they have full access to your site (less likely but still possible) or you have a script with a vulnerability that allows attackers to write files to your hosting account. Or there's a dynamic page that allows content injection (which is where captcha would come in).
So you have to first identify where the bad files (or content) are and how they got created.
Then you have to secure your Google account (change passwords and implement 2FA) and remove any malicious site owners.
Then you need to patch that vulnerability in your code (change your hosting account password too).
Finally, remove the malicious content and then have Google reindex.
So you have to first identify where the bad files (or content) are and how they got created.
Then you have to secure your Google account (change passwords and implement 2FA) and remove any malicious site owners.
Then you need to patch that vulnerability in your code (change your hosting account password too).
Finally, remove the malicious content and then have Google reindex.
ASKER
@gr8gonzo Thanks for the information. See the attachment.
Do I need to remove the Google custom search? I just suspect Google generates these backlinks?
Also, the site is developed with the Laravel framework with only a template engine like a custom page created with layouts, sections. There is no DB involved.
Also, the hosting is 1&1 and I think it's secure enough ... All my files are 644 permission and folders are secured.
Do I need to remove the Google custom search? I just suspect Google generates these backlinks?
Also, the site is developed with the Laravel framework with only a template engine like a custom page created with layouts, sections. There is no DB involved.
Also, the hosting is 1&1 and I think it's secure enough ... All my files are 644 permission and folders are secured.
I'm a little confused by what you mean when you're talking about Google custom search, and what you showed in the screenshot are not backlinks.
Okay, so let's walk through this one step at a time. So first thing is to find the bad content.
So take ONE of those results, like:
https://www.yoursite.com/p-b753307-3261...etc...
Now search your entire hosting account file structure (including all subdirectories) for any files starting with "p-" and see if there are any results that match up to that page URL, like "public_html/images/p-b753307-3261-fpcmo-2884- miqvdblahb lah.html" - the content could be anywhere, but you are looking for ANY content that you did not create or upload yourself.
Next, look for a file in your web site document root called .htaccess. So if your document root is "/public_html/", then look for "/public_html/.htaccess" or if your document root is "/www/", then look for "/www/.htaccess". Use an SFTP client or a file manager to look - the "." in front of ".htaccess" makes that file hidden to normal viewing, but it is PROBABLY there.
Once you find the .htaccess file, open it in a text editor such as Notepad, and replace any references to your domain with "[REDACTED]" and upload the redacted version here. For example:
NOTE: DO NOT SAVE THE [REDACTED] CHANGES TO YOUR WEB SITE! I'm only suggesting you redact them temporarily so you can share the contents of your .htaccess file on here without revealing your real domain name.
Okay, so let's walk through this one step at a time. So first thing is to find the bad content.
So take ONE of those results, like:
https://www.yoursite.com/p-b753307-3261...etc...
Now search your entire hosting account file structure (including all subdirectories) for any files starting with "p-" and see if there are any results that match up to that page URL, like "public_html/images/p-b753307-3261-fpcmo-2884-
Next, look for a file in your web site document root called .htaccess. So if your document root is "/public_html/", then look for "/public_html/.htaccess" or if your document root is "/www/", then look for "/www/.htaccess". Use an SFTP client or a file manager to look - the "." in front of ".htaccess" makes that file hidden to normal viewing, but it is PROBABLY there.
Once you find the .htaccess file, open it in a text editor such as Notepad, and replace any references to your domain with "[REDACTED]" and upload the redacted version here. For example:
RewriteCond %{HTTP_HOST} ^www.youractualdomain.com
should change to:RewriteCond %{HTTP_HOST} ^www.[REDACTED]
NOTE: DO NOT SAVE THE [REDACTED] CHANGES TO YOUR WEB SITE! I'm only suggesting you redact them temporarily so you can share the contents of your .htaccess file on here without revealing your real domain name.
ASKER
Thanks for your detailed reply. Attached the .htaccess file.
I use this code for a custom search by google.
I use this code for a custom search by google.
<form method=GET action="https://www.google.com/search" target="_blank">
<input class="form-control top-search-box top-hidden-mobile" type="text" style="line-height: normal;" maxlength="200" size="15" name="q" placeholder="Search" aria-label="Search">
<input type=hidden name=sitesearch value="https://mysite.com/">
</form>
.htaccess
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the experts. I will check as per the suggestions