Hello everyone, My website (estemex.com) got hacked a while ago. As you can see from the screenshot above there are many spammy URL’s indexed on Google (which doesn’t exist on my website) and the title and descriptions are made up of Japanese characters. It's clear that my website was attacked by a malicious person. What I'm wondering is how someone could have done it? And what should I do to protect myself from such attacks in the future? Thank you in advance for your help.
The first thing you need to do is to identify what you've got. Are you 100% sure that these are Japanese characters? If they are Chinese (I can't tell the difference) then you might be dealing with AiSiHelper malware out of China. You can download something from the web to fight and get rid of this malware once and for all. (At a cost of course)
First off, HOW do you KNOW this is Japanese? Chinese characters are EXACTLY the same as Japanese characters and have EXACTLY the same meaning. The ONLY difference between Japanese and Chinese writing is that the Japanese uses a few non-Chinese characters (called Katakana) to denote Japanese inflections that do not exist in Chinese. For all practical purposes Japanese and Chinese writing is mutually understood even though verbal communication is NOT mutually understood since the verbal words represented by the characters are totally different. The only way to determine whether that sample is Chinese or Japanese is to look for the Katakana characters which ONLY occur in Japanese.
I've found that this attack is called Japanese Keyword Attack. There's even a Google support document about it. developers.google.com/web/fundamentals/security/hacked/fixing_the_japanese_keyword_hack Thanks mmerlinn for explaining the difference between Japanese and Chinese but i was sure that it was Japanese (Ps, use an auto detect translator and it will tell you that it's japanese ) Thank you everyone for your replies.
Uhm, not exactly. I see some Hiragana and Katakana there, which the Chinese do NOT use. The one shared with the Chinese is Kanji. See that bottom listing where the English parts are "Oakley" and "Deviation"? That's clearly katakana. The stuff in brackets on the listing before that is kanji, but the rest of that one is also katakana. Though why it happened is easy. Wordpress, probably with plugins that have known exploits. There's a reason it won that pwnie back in '08 for M4ss Pwnage.