Overcoming the Japanese Keyword Hack: A SEO's Journey of Resilience and Recovery

-

 One of my biggest challenges in my SEO career was a security issue affecting my company's website. The website was hacked with a Japanese keyword hack that injected spam pages and resulted in Google SERP showing Japanese text.

I identified the issue when our website's visits dropped, using Google Analytics tool.
Screenshotimage1: Checked it by URL Inspection tool 

Screenshot 2 image: Also checked our website by the “site:” Search operator in Google SERP.
Screenshot 3 image: There were 1.13K spam pages, as per the May 2021 coverage report in Google Search Console.

Screenshot 4 image: The hackers manipulated our “website XML sitemaps” (and also “Robots.txt” file.)


Screenshot 5 image: Hacker removed our WP admin privileges.


To restore the website, I worked with the web development team to identify and fix any security vulnerabilities. As the exact issue couldn't be found, we decided to upload a fresh backup of the site.
To prevent future hacks, we took the following steps to improve the website's SEO:
  • Updated software and plugins, changed passwords, and kept all themes and plugins up-to-date.
  • Implemented security measures such as two-factor authentication and limited access to the backend.
  • Checked the website using security tools to ensure it was clean and free of malicious code/links.
  • Re-submitted the sitemap to Google and Bing to speed up the re-crawl process.
  • Monitored the Google Search Console to ensure no injected pages remained.
Screenshot 6 image: As of May 25, 2021, there were no issues detected on the website.
Again Identifying the issue:
I was worried that our website would be hacked again after it was affected by the Japanese keyword hack for the second time. 
Screenshot Image 7: On Monday, June 28, 2021, the Japanese keyword hack reoccurred.
We were unable to determine how our website was hacked despite implementing various security measures such as changing passwords, implementing 2-factor authentication, updating our CMS and plugins, restoring with a fresh backup, and purchasing a Firewall tool.

Working with the web host provider:
We discussed the issue with our web host provider, Godaddy, and they recommended purchasing a Firewall tool. We followed their recommendation, but unfortunately, our website was hacked again.

Root cause:
Godaddy conducted a thorough scan of our website and hosting environment and found that the root cause was a shared hosting environment. The Japanese keyword hack had left a "backdoor" on a neighboring website and infected it as well, causing our website to be re-infected.
Neighboring website is - https://baymon.com.au
Removing the hack:
Godaddy's support team cleaned the malware infection from our entire shared hosting environment for free.
 
P.S.Our website had recently been migrated from a Digitalpacific dedicated hosting (Linux server) to Godaddy shared hosting (Windows server) environment.

The issue of the Japanese keyword hack caused several problems for our website:
  1. Search engine ranking: Our website's search engine ranking positions was dropped for around 80% of keywords and 20% keywords completely dropped as a result of the hack, which can negatively impact its visibility and traffic.
  2. Security: The website has become vulnerable to further attacks/exploits as a result of the hack i.e., Hacker removed our WP admin privileges, website contact form was not working ect.,
  3. Reputation: The hack was slightly damaged our website's reputation, causing users to lose trust in our website.
  4. Loss of revenue: The hack cause the website to lose business enquries (revenue) due to decreased traffic, loss of new business enquiries, or increased expenses (Purchased Firewall Web Application) related to fixing the issue.
  5. Clean up cost: We spend money to purchase Firewall web application and time to clean our website from the hack.
To improve SEO, I took the following steps:
  1. Used Google Search Console to request removal of pages from index.
  2. Resubmitted sitemap to Google and Bing to re-crawl the website faster, using the URL inspection tool.
  3. Regularly monitored the website to prevent new injected pages from being added to the index.
Other issues also:
  1. Slow response and limited crawl budget due to the 5K malware injected pages, affecting the crawl of our website.
  2. Took time to disappear cloaking content in Google cached index.
  3. Failed Google's crawl requests on our site due to server connectivity issues on the SCG site.
  4. The Firewall has blocked the Googlebot from crawling our site. (Note: Googlebot is not blocked by default in Sucuri firewall. But the Sucuri Web Application Firewall was blocking if multiple requests in a short period of time.)
Screenshot 8 image: Firewall support team reply when we ask about Googlebot blocking.


Finally, we recovered from the security issue. It was a challenging situations and pain, but I was proud of how we were able to effectively troubleshoot and solve the problem.

Comments

Post a Comment

Popular posts from this blog

How I Achieved First Page First Position for High Search Volume Keyword on Google SERP

-
Image
In this post, I would like to share my experience of bringing one of our clients to the first page first position on Google SERP for a high search volume keyword. The client, Pothys, is a big brand in the textile industry with a strong reputation in offline marketing. However, their website was not optimized for basic SEO practices, which I discovered during my initial audit. Pothys was facing a common challenge among businesses - ranking high on Google for a high search volume keyword, "Silk Sarees." When I first analyzed the keyword position, the website was ranking at 7th position on the first page of Google SERP. But Pothys was determined to reach the first position. The search volume of the keyword "Silk Sarees" is (49500/month). I identified several issues with the website that were hindering its search engine ranking. These issues included: Keyword cannibalization : The same keyword "Silk Sarees" was targeted on multiple pages on the site, which was...
Read more

Troubleshooting Website Cache Issues: My Experience and Solutions

-
Image
I noticed that some of the pages on my company's website were not loading or displaying properly on different devices and browsers. The issue was random and didn't affect all pages simultaneously. Screenshot1 Screenshot 1.1: Display issue on other pages of the website. To address the issue , I used Google Search Console's URL inspection tool and the Google Mobile-Friendly Test to analyze the website pages. Based on the results, it seemed more likely to be a caching issue rather than a rendering or display issue. Screenshot 2: URL Inspection Tool to analyze the website home page Screenshot 3: Google Mobile-Friendly Test to analyze the website I cleared the website cache using the "WP Fastest Cache" plugin, which resolved the display issue. However, this wasn't a permanent solution as I couldn't clear the cache manually every time. So, I suggested to our company's website developer that they look into the issue. Unfortunately, I didn't get a solut...
Read more

Common Redirect Mistakes to Avoid During SSL Installation from HTTP to HTTPS.

-
Image
I would like to share one of my client's website's four types of redirect mistakes while they were redirecting after SSL installation from HTTP to HTTPS: Consolidated Redirect Mistake:  Subpage URLs redirected from http://www.pothys.com/women-wear.html/ is redirecting to https://www.pothys.com instead of https://www.pothys.com/women-wear.html/. Partially Redirected to SSL: Not all website elements were properly redirected to the new HTTPS URLs, including image URLs, CSS, and JavaScript files, among others. Multiple Versions: The developer failed to set up 301 redirects for multiple URL versions, including HTTP to HTTPS, non-www to www, index.html, and index.aspx. 302 Redirect Mistake: Another mistake is a 302 redirect implemented on Pothys' site. Generally, it is not recommended for redirecting HTTP URLs to HTTPS URLs. A 302 redirect is a temporary redirect, and search engines may not update their index to reflect the new HTTPS URLs. I identified these issues and succes...
Read more