Do you know that Magento search spam can negatively impact your website’s database, server, page loading speed, and SEO performance? It often involves fraudulent actions to manipulate search engine rankings for certain sites or products, which can harm your organic traffic and sales. In fact, many Magento store owners are struggling with this issue.
But don’t worry! We know how to solve this with 8 effective ways below.
Types of Magento 2 Search Spam
Before going to the details on how to block Magento 2 search spam, you should have a quick look on the different types of the issue to know which one you’re facing.
1. Japanese SEO Spam
The Japanese SEO spam infection usually shows up as Japanese characters in the titles and descriptions of a Magento store’s pages. This spam isn’t visible to users but can be seen by Google bots through cloaking techniques.
To identify this spam, you can:
- Fetch the webpage as Googlebot.
- Use Google search with the “site:” operator. Search like this on Google:
site:[your site root URL] japan
If you see Japanese characters in the search results, your Magento store is likely infected with Japanese SEO spam.
If not, congratulations! Your site is not infected with this type of search spam.
2. Spam Linking
Spam linking in Magento stores occurs when attackers inject irrelevant links through comments, product reviews, and other methods. These links, whether inbound or outbound, can harm your SEO by damaging your site’s reputation and search rankings.
Additionally, backlinks from spammy domains can further damage your SEO and might even result in your site being blacklisted. If you suspect some outbound spam links, you should use Google Search Console to find out affected pages and take the necessary action in time.
3. Gibberish Keywords Hack
The Gibberish Keywords Hack refers to hackers adding spam pages filled with gibberish text and keywords, along with links, all to manipulate search engine crawlers.
These pages might also include images to further trick search engines, make search robots believe that this site is a good one and deserve to be on top results.
Visitors are then redirected to unrelated sites, such as fake merchandise stores, which generate revenue for the hackers.
4. Pharma Hack
Magento SEO spam is a tactic where a store is exploited to advertise pharmaceutical products like Viagra and Cialis. This spam injects keywords and links into multiple pages, causing various drugs to appear listed in the store. Cloaking can also be involved in this spam. To detect it, you can either fetch the webpage as Googlebot or perform a Google search using the query: site:[your site root URL] viagra
7 Ways to Stop Magento Search Spam
1. Add CAPTCHA
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a tool that helps ensure a real person is using your website. It usually involves selecting images or typing letters. In Magento 2, you can enable CAPTCHA easily through the admin panel in the Customer Configuration section.
2. Add OTP verification
Using OTP verification for mobile numbers or email addresses helps prevent spam on your site. When this is set up, users need to provide a code which was sent to their phone or email to complete registration, enhancing the security. Magento 2 includes a built-in OTP verification tool to make this process quicker.
3. Manage customer registration
The Customer Approval for Magento 2 extension helps stop spam bots by requiring manual approval of new registrations. You can control who is able to register an account and only after your approval that they can log in their accounts.
4. Check web server configuration
To stop spam bots, check your server logs for unusual activity. Use a log analysis tool to find and block spam bot IP addresses, keeping your site secure and running smoothly.
Social media verification can help prevent spam bots by requiring users to verify their social media accounts. This method speeds up registration by pulling user info directly from their social media accounts, making the process faster and more convenient.
6. Use software firewall
Installing a software firewall for Magento helps keep spam bots and hackers at bay. These firewalls offer immediate protection, though you might need to adjust the settings for extra security.
7. Implement the “Honeypot” Technique
The “honeypot” technique adds a hidden field to your registration forms that real users won’t see or fill out. Bots will often complete this field, revealing their presence. This method helps block spam bots and is relatively easy to set up.
Steps to Fix Magento Search Spam
1. Backup Your Store
Before tackling SEO spam, it’s crucial to create a backup of your Magento store. This step ensures that you can restore your store to its previous state if anything goes wrong. For a detailed guide on creating a backup, refer here.
2. Remove Rogue Users
To check for any unauthorized users created by spammers, go to your Magento admin dashboard and navigate to System > Permissions > All Users. If you find any suspicious new users, remove them immediately.
3. Scan for Malware
Malware can be a source of SEO spam, often regenerating spam files even after deletion and reintroducing spam through backdoors. Use the Google Search Console to manually check files for malware, but it’s recommended to use malware scanners to thoroughly scan your Magento store.
4. Check .htaccess Redirects
If you’re using the Apache web server, inspect your .htaccess file for suspicious code. Comment out any dubious code with the character ‘#’. Compare the current .htaccess file with a backup to spot malicious changes. To do this, log in to your site via SSH and run the command:
diff file1 file2
Replace file1 with the current .htaccess file and file2 with the backup .htaccess file.
5. Identify Modified Files
To detect spam injected into your Magento store, look for recently modified files. Access your site via SSH and use the command:
find /path-of-www -type f -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r
Replace infected core files with fresh versions from a trusted source. Also, check your sitemap files for any suspicious spam links.
6. Disavow Links
You could use a disavow file to tell Google not to rank your site based on spammy backlinks.
- Create a file named “disavow.txt” and list all the spammy domains.
- Log in to your Google Search Console.
- Go to the menu and select “site property.”
- Click on “Disavow links.” Ignore the warning message and proceed by clicking “Disavow Links.”
- Upload your disavow file and click “Submit.”
That’s it! Your site will no longer be affected by those spammy backlinks.
Submit Site For Review
Here’s how to submit your Magento store for review:
- Access your Google Search Console account.
- Navigate to the “Security Issues” tab.
- Choose the specific issue and mark the checkbox labeled “I have resolved these issues.”
- Select “Request a Review.”
- In the new window, provide detailed information about the steps taken to remove the infection.
- Click “Request a Review” again to submit your request.
Repeat the same process for each issue if there are multiple.
FAQs
1. How can I identify if my Magento store has been infected with spam?
Look for unusual signs like new user accounts, spam in product reviews, or unexpected changes to your site’s files. Use the ‘find’ command via SSH to check for recently modified files that may be suspicious.
2. How does Magento hosting affect site security?
Choosing a secure and specialized Magento hosting service helps protect your site from security breaches and spam infections. Ensure regular backups and updates to maintain your store’s security.
3. What are some best practices to prevent spam infections on my Magento store?
Keep your Magento platform, themes, extensions, and plugins updated to fix vulnerabilities. Use strong - complex passwords and limit access to important parts.
4. What steps should I take if I find spammy backlinks pointing to my site?
Create a “disavow.txt” file listing all the spammy domains, then submit this file to Google using the Disavow Links tool in Google Search Console to prevent these links from affecting your site’s ranking.
5. Does replacing infected Magento core files with fresh versions secure a site?
Replacing infected files is crucial, but it’s not enough on its own. Also, check sitemap files for spam links and implement more additional security measures in order to prevent infections in the future.
6. After submitting my Magento store for review, how long does Google take to process it?
The review process typically takes around one day, but it can vary. Check your Google Search Console regularly for updates on your request.
7. What should I include when requesting a review in the Google Search Console?
Provide a clear summary of the actions taken to resolve the issue, including cleaning infected files, updating security patches, and removing unauthorized user accounts. This helps ensure a smooth and successful review process.
Conclusion
Magento search spam is in deed a serious problem for e-commerce stores. It can significantly harm website performance and damage brand’s reputation. Therefore, it’s crucial to detect and address these issues quickly to protect your business.
With the above instructions, you can clean up your Magento store and protect it from future attacks. For enhanced security and performance, consider managed Magento hosting with proactive measures and expert support to avoid spam problems.
