Japanese keyword hack: remove Japanese pages from Google

If Google shows pages with Japanese characters in the titles under your domain, that is a common attack known as the Japanese keyword hack. A script is planted on the site that mass-generates spam pages in Japanese to make money from affiliate links. Your own content is still there, but the search index is flooded with thousands of spam pages. Below: how to confirm it is this hack, where the backdoor hides, and how to clean it so the spam does not return.

Contents
  1. What it is
  2. How to confirm it
  3. Check your site now
  4. Why it is dangerous
  5. Where the code sits
  6. Clean it step by step
  7. Joomla or WordPress
  8. When to call a specialist

What it is: the Japanese keyword hack

The Japanese keyword hack is the automatic generation of Japanese-language spam pages on someone else's site. The scheme is well established:

  • A backdoor is uploaded that creates thousands of pages with Japanese titles and links to dubious stores.
  • The attacker often adds themselves as a site owner in Google Search Console to control indexing and submit their own sitemap.
  • The pages target Japanese queries, so in your country they go unnoticed at first, while they drain your traffic and erode the domain's trust.

How to confirm it is this hack

The tell-tale signs of the Japanese keyword hack:

  • A site:yourdomain query in Google shows pages with Japanese characters in the titles and descriptions.
  • In Search Console the number of indexed pages jumped, with pages you never created.
  • You got an email from Google about a new site owner you did not add.
  • The "Security issues" report flags hacked content.

Check your site right now

The tool opens your site from the outside through the eyes of a search bot and a mobile visitor. Cloaking, redirects and an outdated CMS show up at once. No access to the site is required.

I check: defacement, mobile redirect, cloaking, the CMS version and whether it is up to date.

Checking the site from the outside...

Why it is dangerous

Japanese spam is not just ugly in the results:

  • The index is flooded with thousands of spam pages, and your own pages drop in the rankings.
  • Google may flag the site as hacked, and a warning appears in the results.
  • The spam pages often lead to affiliate stores or redirect visitors.
  • As long as the backdoor lives, the page count grows every day.

Where the code actually sits

To remove the spam for good you have to find the mechanism, not just the pages:

  • The backdoor: unknown .php files in random folders (uploads, media, cache), often with random names.
  • The database: an injection in parameters or records that the pages are generated from.
  • A rogue sitemap: a foreign sitemap with Japanese URLs, in the root or in Search Console.
  • A cron job: restores the pages and the backdoor after deletion.

This is why the hosting antivirus often stays silent: part of the logic is in the database, and the backdoor files disguise themselves as legitimate.

How to clean it step by step

  1. Change every password: admin, FTP and SSH, database, hosting panel.
  2. In Search Console check the list of site owners and remove any you did not add.
  3. Find and delete backdoors: unknown .php files, check modification dates.
  4. Delete the generated spam pages and the rogue sitemap, submit your real sitemap to Google.
  5. Check the database and cron jobs for code that regenerates the pages.
  6. Update the CMS and extensions, close the vulnerability used to get in.

If the site is on Joomla or WordPress

Joomla. Joomla 3 suffers most, with no security updates since 17 August 2023. Attackers get in through vulnerable extensions and hide the backdoor in the media or images folders. Without moving to version 5 or 6 the spam returns.

WordPress. Look at the uploads folder (it must contain no .php), wp_options and wp_posts, and the active theme files. The way in is usually a neglected plugin.

When to call a specialist

It is worth calling in a specialist if:

  • you deleted the pages and they regenerated;
  • there is an unfamiliar owner in Search Console and you are unsure how to clean everything;
  • the backdoor cannot be found while the spam keeps multiplying;
  • Google has already flagged the site as hacked;
  • there is no working clean backup.

I clean the Japanese spam on any CMS: remove the pages, find the backdoor, clean up Search Console and close the way in so it does not return. Diagnostics are free. I work with site owners from Ukraine and Poland, and with Russian speakers across the EU. I do not work with legal entities registered in Russia: that is an EU sanctions restriction.

Details and request

Frequently asked questions

Google shows Japanese characters under my site. Do I have a virus?

No, it is a hack of the site itself, known as the Japanese keyword hack. A script was planted that generates Japanese spam pages. Your computer and browser have nothing to do with it, the problem is on the site's server.

I deleted the spam pages and they came back. Why?

Because a backdoor or a cron job was left behind that regenerates them, and the way in was not closed. Deleting pages and removing the mechanism are two different things. Without finding the backdoor the spam returns within a day.

Google added a new site owner I never added. What is that?

A typical part of the Japanese hack: the attacker verifies ownership in Search Console to control indexing and submit their own sitemap. That owner must be removed from the list, and you need to find how they verified (a verification file or a DNS record).

The hosting antivirus says all clean. Why is there spam?

Because part of the logic is in the database, and the backdoor files disguise themselves as legitimate with no known signatures. A signature scan does not see them. A silent scanner does not mean the site is clean.

Can I just ask Google to remove these pages?

You can remove them from the results, but that is not a fix. As long as the backdoor lives, the pages regenerate faster than you can delete them. First clean the site, and only then remove the pages from the index.

Telegram