All You Need to Know About SEO Spam in Magento 2

The world of e-commerce is highly competitive. But thanks to open source e-commerce solutions like Magento, for making it affordable and easy to enter this domain.

However, sustaining in the market is easier said than done. Nonetheless, you can get an edge over other sites with the help of Search Engine Optimization(SEO).

The math is simple, better your store’s SEO, the more traffic you get. But all this can take a serious hit when a Magento store is infected with SEO spam.

Wikipedia defines SEO Spam as a “deliberate manipulation of search engine indexes.” There could be varied factors behind an SEO Spam, most common of which remains an infection.

With this article, we will take you through the various types of Magento 2 SEO spam, its effects, and fixes.

Effects of Magento 2 SEO Spam

The one question that you would always be asking is – what do these spammers get from infecting my website? Well, the answer is simple Money.

Although spamming one website is not very profitable, but when spammers create a huge network of spammed sites, it starts to pay. A spammer typically uses your infected Magento store to establish backlinks for SEO of spammy products. Or to gain fake clicks. Or, in many cases, it is even used to trick users into giving credit card info (also known as Phishing).

So, while it is profitable for the spammer, it comes at the cost of your website. Spam can affect your Magento store in the following ways:

• It can affect the performance of your web server and make the website extremely slow or unresponsive.
• Redirect your users to spammy links, thereby decreasing the traffic on your site. It also leads to a high bounce rate.
• Your Magento store can get blacklisted by the search engines like Google for serving spam.
• This blacklist means new traffic in your store can drop to almost nil.
• Blacklisting can also seriously affect your site’s SEO, which can take a very long time to recover.
• Revenue is heavily affected due to a lack of traffic.
• The reputation of your Magento store takes a massive hit once infected with spam, and in the future, the users refrain from visiting the site.
• If you use shared hosting, it can also lead to account suspension.
• Spam cleanup can be expensive and difficult for an average user.

Types of Magento 2 SEO Spam

1. Japanese SEO Spam

In Japanese SEO spam infection, typically, the Japanese characters appear on your Magento store. These characters are often found in the title and description of the infected page on the Magento store.

In most cases, you may not see the infection, but a Google bot will. This is done using a technique known as cloaking. You don’t need to know the finer technical details of cloaking to find this kind of spam.

Simply, fetch the webpage as a Googlebot.

Another method is to open the Google search and type site: followed by your website name followed by space plus japan i.e., site: [your site root URL] japan. See the picture below.

Checking Google for Japanese SEO spam.

If you notice Japanese characters in any such Google search, then your Magento store is infected with Japanese SEO spam.

2. Pharma Hack

In this type of Magento SEO spam, the store is used to run pharma advertisements for pills like Viagra, Cialis, etc. When multiple pages of your site are infected and injected with spammy keywords, links, etc. it starts to be listed for pharma products. Therefore, when infected with the pharma hack, a listing of various drugs may appear in your store. However, as mentioned for Japanese SEO spam, pharma hack too can use cloaking.

In that case, to detect it fetch the webpage as Googlebot.

Another method is to open the Google search and type site: followed by your website name followed by space plus Viagra. i.e. site:[your site root URL] viagra.

Checking Google for Pharma SEO Spam.

3. Spam Linking

Spam linking is when an attacker injects irrelevant links in your Magento store in the form of comments, product reviews, etc. These links can be inbound or outbound. By injecting outbound spam links, the attacker creates backlinks for the spammy domain and increases its search rankings.

However, this can seriously damage your SEO due to external spammy links. Sometimes, this can even backfire for the attacker as it’s a Blackhat SEO technique.

It is also possible that there are backlinks pointing to your Magento site (inbound) from spammy domains. This can also cause your store’s SEO to take a hit. If there are backlinks to your store from many spammy domains, it could fall under the Black hat SEO technique, eventually getting your store blacklisted.

If your Magento store is infected with outbound spam links, you may see redirects to spammy websites. You can look up these infected pages on Google Search Console. To do so,

1. Log in to your site’s Google Search Console
2. Visit the Security issues tool. In case of infection, you will see a result like this in the left sidebar.

Google Showing Spam URLs in Search Console.

All the backlinks pointing to your domain can be checked using online services like Moz Open site explorer.

1. Just visit Moz Link Explorer.
2. Enter your domain name to get all the backlinks.
3. Thereafter, manually audit for any spammy domains.

Auditing Spammy backlinks via MOZ.

Fixing Magento 2 SEO Spam

Backup

Before removing SEO spam, it is important to take a backup of your Magento store so that in case you break anything, it can be restored. To learn how to create a backup of your Magento store, use the official documentation.

Rogue Users

Now, check if any new users have been created by the spammers. To do so in Magento 2, in the admin dashboard visit System>Permissions>All Users. If you see any suspecting new user, remove it.

Malware

Spam can also be caused due to a malware infection. Malware can also regenerate spam files even after deletion. Sometimes, the malware also contains backdoors that can re-inject spam into your website after a cleanup. You can manually vet the files which are listed for spam in the Google search console for malware. But it is recommended to scan your Magento store for malware using malware scanners.

.htaccess Redirects

In case you use the Apache web server, take a look at the .htaccess site. If there is any suspicious code, comment it out using the character ‘#.‘ Also, if you have a backup of the .htaccess file, compare it with the present version to find any malicious code.

To do so, login to your site via SSH and run the following command:

diff file1 file2

Here replace the file1 with the present .htaccess file and file2 with the .htaccess file from backup.

Modified Files

In order to inject spam into your Magento store, the attackers would have modified some files recently. To find them, login to your site via SSH and run the following command:

find /path-of-www -type f -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r

Replace the core files which have been infected by spam with a fresh version of them. Also, take a look inside the sitemap files for any suspicious spam links. You can also check out this complete Magento Hack Removal Guide for steps specific to versions – Magento 1 & Magento 2.

Disavow Links

To tell Google to avoid ranking your site for the spammy backlinks to your site, use a disavow file. To see the format of that file, use this Google support article.

1. Step 1: Add all the spammy domains to a file i.e., disavow.txt.
2. Step 2: Thereafter, log in to your Google console.
3. Step 3: After you log in, select site property from the menu.
4. Step 4: Click  Disavow links. A warning message will appear, so to continue, click Disavow  Links.
5. Step 5: Upload the disavow file by clicking Choose File and selecting your file. Finally, click Submit and you are done!

Submit Site For Review

If your Magento store has been blacklisted for spam by Google, make sure to submit it for review. However, do so only after ensuring that the infection is completely gone. To submit your Magento store for review:

1. Login to your Google search console.
2. Then, visit the Security Issues tab.
3. Select the issue and click on the checkbox, I have fixed these issues.
4. Thereafter, select Request a Review.
5. Then, a new popup will open, asking you regarding the steps you have taken to remove the infection. Here provide detailed info. Regarding the structure of the review request, use this template: Request a review template. This has been designed by Astra’s security experts. Send it to the Google search console team.
6. Finally, click Request a review again and submit your request. If there are multiple issues, repeat the same process for each.

Request a review on Google Search Console.

It will take around one day to process the request for your Magento store.

Conclusion

SEO spam and Black hat SEO is a leech to the web and Magento CMS. It may seem harmless at first or may even skip detection altogether, but we just saw how severely it affects a website’s reputation & marketing efforts.

Above all, most of the spam infections are sophisticated and are likely to recur.

But surely, you can avoid its recurrence by undertaking security best practices for your Magento Store. Naturally, the question arises, what are the Magento security best practices and where to get them.

Not to worry.

Follow this comprehensive Magento Security Guide with actionable steps that you can apply on your own without any help. This guide will also help you in understanding the security areas in your Magento store. If you were unsure (or even clueless) about your Magento and its security, this guide shall change that.

Following this guide is particularly easy as every security tip. This security guide will help you in hardening vital security areas in your Magento on your own.

We hope we were able to present a simpler view of Magneto SEO Spam. If you liked this post do tell us in the comments.