Got Japanese query Hack for my site, what can I Do?

Joined
Apr 12, 2024
Messages
7
Reaction score
1
One of the sites that we have got the notorious "Japanese hack" and didn't know what should I do anymore, here is what we did and by today we still see the spammy link appear from GSC:

  • Originally we blocked all the "s=" or q= links from robots.txt so make sure that Google does not index these page, which worked
  • We updated all the plugins we used, rank math, wordfence, even the WP version as well as all the plugins to the most updated version
  • We also reinstalled the whole WP
  • We also have all our developers checked our C panel folder to verify whether there are suspicious folders
  • We also adding some security to the header. also upgraded the security level to the site

After so many hours of deep diving and we still did not solve the issue, still saw new spammy links pop up everyday from the GSC, would love to know how to solve this issue by removing this SQL injection
 
Search "Malware removal" on Fiverr.

Plenty of people will fix it for $10
 
  • delete all the files & folders except wp-content, robots.txt, .htacess, wp-config, ads.txt
  • in wp-content, delete all themes & plugins folders,
    and replace them with new fresh ones containing the same updated versions of the same used plugins/themes
  • check and delete all the added users
  • delete all the added users in your GSC
  • manually check all the remaining files/folders in the wp-content folder, this might take some time/work, but quiet necessary
  • finally install wordfence and make a scan to double check with any other possible files
The database part could be quiet tricky, i'm unnaware of any possible tools that might be used to check it out,
You can export all the content, users, etc... & make a fresh installation to make sure everything is removed
 
I think it’s about a shell. ¿Do you delete all your website files?
 
One of the sites that we have got the notorious "Japanese hack" and didn't know what should I do anymore, here is what we did and by today we still see the spammy link appear from GSC:
  • delete all the files & folders except wp-content, robots.txt, .htacess, wp-config, ads.txt
  • in wp-content, delete all themes & plugins folders,
    and replace them with new fresh ones containing the same updated versions of the same used plugins/themes
  • check and delete all the added users
  • delete all the added users in your GSC
  • manually check all the remaining files/folders in the wp-content folder, this might take some time/work, but quiet necessary
  • finally install wordfence and make a scan to double check with any other possible files
The database part could be quiet tricky, i'm unnaware of any possible tools that might be used to check it out,
You can export all the content, users, etc... & make a fresh installation to make sure everything is removed

These suggestions are what you're looking for. However, you need to give time for GSC to update itself. It's not exactly fleet of foot when it needs to update your websites status, links, traffic, etc.
 
One of the sites that we have got the notorious "Japanese hack" and didn't know what should I do anymore, here is what we did and by today we still see the spammy link appear from GSC:

  • Originally we blocked all the "s=" or q= links from robots.txt so make sure that Google does not index these page, which worked
  • We updated all the plugins we used, rank math, wordfence, even the WP version as well as all the plugins to the most updated version
  • We also reinstalled the whole WP
  • We also have all our developers checked our C panel folder to verify whether there are suspicious folders
  • We also adding some security to the header. also upgraded the security level to the site

After so many hours of deep diving and we still did not solve the issue, still saw new spammy links pop up everyday from the GSC, would love to know how to solve this issue by removing this SQL injection
my WP was same too, but now i backup mysql change password of wp_user and reinstall wp, and install plugins immunify AV on cpanel
 
Try paying for MalCare, we just removed the same hack from a clients site.
 
Can you send a screenshot so we can better understand? I want to know what to look out for too.

As for fixing. You can install Redirection plugin (the one that comes with 404 logs). Set it up to allow for logging.

Wait a couple minutes and see what urls are being queried. Use the IP / useragent filters. Block them on CF. But again, can you show me a screen shot, I want to know what to look out for, I have a bunch of Japanese sites.
 
Back
Top