This week, I cleared malware from a dozen websites—all affected by a Japanese Keyword Hack with tens of thousands of malicious search results. I’ll further describe the steps taken to clear the contamination efficiently.
Try our free site check.
A malware analyst will provide a security report for your website.
Key points:
- I’m looking to get rid of these malicious search results fast.
- Server load is a concern, since crawlers keep sending requests to the fake URLs, generating CPU & memory spikes.
Cleanup steps
- Perform malware cleanup for each website, and ensure any staging environments are separated to prevent cross-site contamination.
- Identify a pattern in the malicious search results and plan SEO recovery.
- Register the website with Google Search Console, and remove all the unauthorized users with Owner access.
- Generate a clean sitemap.xml file and submit the URL list to Google.
If most search results are linked to URLs ending with phtml, shtml, htm and html extensions, the following .htaccess code may be useful. This only works if the legitimate search results are not using these extensions.
RewriteEngine On RewriteRule .*\.shtml - [R=404,L] RewriteRule .*\.phtml - [R=404,L] RewriteRule .*\.html - [R=404,L] RewriteRule .*\.htm - [R=404,L]
If the bad search results are linked with “x=”, the following .htaccess rule can be used. Replace “x” with the letter found in the spam results.
RewriteEngine On
RewriteCond %{QUERY_STRING} ^x=
RewriteRule ^ - [R=404,L]
For the search results linked with “_gl=”, the following .htaccess rule can be used.
RewriteEngine On
RewriteCond %{QUERY_STRING} ^_gl=
RewriteRule ^ - [R=404,L]
To lower the server load, exclude all robots except Googlebot and Bingbot:
BrowserMatchNoCase "ClaudeBot" bots BrowserMatchNoCase "AhrefsBot" bots BrowserMatchNoCase "AspiegelBot" bots BrowserMatchNoCase "Baiduspider" bots BrowserMatchNoCase "BLEXBot" bots BrowserMatchNoCase "Daum" bots BrowserMatchNoCase "Dotbot" bots BrowserMatchNoCase "Exabot" bots BrowserMatchNoCase "Gigabot" bots BrowserMatchNoCase "GrapeshotCrawler" bots BrowserMatchNoCase "MegaIndex" bots BrowserMatchNoCase "MJ12bot" bots BrowserMatchNoCase "PetalBot" bots BrowserMatchNoCase "proximic" bots BrowserMatchNoCase "Qwantify" bots BrowserMatchNoCase "Scrapy" bots BrowserMatchNoCase "SemrushBot" bots BrowserMatchNoCase "Sitebot" bots BrowserMatchNoCase "Yandex" bots BrowserMatchNoCase "Bytespider" bots BrowserMatchNoCase "ClaudeBot" bots Order Allow,Deny Allow from ALL Deny from env=bots
User-agent: * Disallow: / User-agent: Bingbot User-agent: Googlebot User-agent: Slurp User-agent: DuckDuckBot Disallow:
The more bad search results are indexed, the higher the chances of having excessive bandwidth usage with frequent downtimes and slowdowns.
How to address the server load from Japanese keyword hack?
- Ensure the malicious search results point to a fast 404 error page, bypassing the CMS.
- Deny unnecessary crawlers, to save precious bandwidth and server resources.
If your website is affected by Japanese keyword hack, we can help.
Our skilled malware analysts are available 24/7 to secure WordPress websites and clean up malware – reach out to us if you need help.
Hacked website? Try our free site check.
A security analyst will perform a free thorough external site check within the next minutes.
Resources:
https://support.google.com/webmasters/thread/237597741/how-to-remove-japanese-keyword-hack-spam-links-from-google?hl=en
https://web.dev/articles/fix-the-japanese-keyword-hack