Solved

Website hacked ?! - HELP

MVUILL
Explorer
66 0 17

Hi! 

I received an alert from google search console saying they excluded a page from indexation, and when I look at the page it's spam publicity: 

 

MVUILL_0-1663842242468.png

URL : https://www.french-address.com/collections/vendors?q=Buy%20FUT%2023%20coins%2C%20Cheap%20FIFA%2023%2...

 

How can I delete this page, I can't find it anywhere? 

Thx for your help!!

Accepted Solutions (2)

Shay
Shopify Staff
2645 430 554

This is an accepted solution.

Hi @MVUILL 

 

I can definitely understand your concern! Based on the URL you shared it looks like this might be a collection created within your admin or possible from the new Shopify Collabs service. 

 

The "spammy" content of that page you shared is what appears to be the collection page title. If you still cannot find this page within your store admin please reach out to our live support team for additional help with this. 

 

Please know that our theme and technical support team may be limited in what they can do depending on where/how this page was created. We generally can only support theme edits on our own in-house themes or technical issues that resolve around the Shopify platform itself. That doesn't mean they won't do everything they can to help you get this resolved! 

 

To contact live support please follow this link: Contact Support - Shopify Help Center.

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

View solution in original post

Shay
Shopify Staff
2645 430 554

This is an accepted solution.

Thank you @NEI-Arlene for that additional information and your open tickets about this situation. I have connected with our security team about this concern and I can share some insight and best next steps to get this resolved. 

 

When reviewing these links, it is important to understand how they function and how they were initially created.

 

Example URL: https://www.yourstoreurlhere.com/collections/vendors?q=test 

 

The "?q=" in the URL is sending a search query to the website in the first part of the url structure and it is searching for whatever is placed after the URL. 

 

If you went to your own website and added "/collections/vendors?q=test" to the end of your store address and hit enter, you would see a page show up with the page title being "test" and no products found. These URLs can be made by anyone and will generally work on any website with a search function. 

 

Malicious external websites will create these empty backlinks to store URLs to help promote their services or products by using the search query on the website to generate a page with their product details as the title. The page itself doesn't exist independently, it only exists as part of a search result on the website being targeted. 

 

How to disavow these backlinks from Google.

 

 

Using a SEO reporting software you can collect all the bad backlinks into a .txt file and report them via Google's Disavow Tool. Full steps on how to do this are in the link. (NOTE: the backlinks you need to list will be the referral site address rather than the search term URL.)


Please note the following warning on Google Search Console:

 

This is an advanced feature and should only be used with caution. If used incorrectly, this feature can potentially harm your site's performance in Google's search results. We recommend that you only disavow backlinks if you believe that there are a considerable number of spammy, artificial, or low-quality links pointing to your site, and if you are confident that the links are causing issues for you.

Also, a great resource to learn more about how backlinks work: How to Stop Spam Backlinks from Ruining Your Google Reputation.

 

If you have any concerns about reporting these backlinks to Google or researching more information on your website's SEO then I recommend hiring an expert from our expert marketplace that specialize in this field and can assist you further: Hire Shopify Experts, developers, designers and freelancers.

 

Edited to add: There is another forum thread in the community here with a possible solution for stopping these kinds of backlinks from working:  Solved: Re: Has my site been hacked? 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

View solution in original post

Replies 221 (221)
Maelb22
Tourist
9 0 10

I'm agree with Z285chen, why the "404 solution" is not implemented for this case please ?

 

Noindex solution is not the right solution. A significant amount of "spam pages" are still indexed despite the implementation of the "noindex".

Vicky6
Excursionist
24 0 3

Hi Greg,

 

I've been a victim of the /collections/vendors?q= and /web-pixels-manager and now /search?q=.

 

What is the status on a resolution on Shopify's end for /search?q= exploitation please? I currently have the following code in my <head> but the crawled links are going up by the thousands. I hope to not get to millions again like last time before a solution. If I missed a memo, someone please let me know. I try to keep a good eye on these threads. 

 

<!-- Begin code to prevent spam URL exploiting search function -->
{%- if request.page_type == 'search' and search.performed and search.results_count == 0 -%} <meta name="robots" content="noindex,nofollow" /> {%- endif -%}
<!-- End code to prevent spam URL exploiting search function -->

 

I was hoping not to temporarily remove all mydomain.com/search?q= but maybe I need to to keep this under control till a solution????

Vicky6
Excursionist
24 0 3

Hi @Greg-Bernhardt

Today in my Google Search Console I noticed the ?q=ChineseSpam at the end of one of my pages (not search and not vendors). I caught them in the "Alternate page with proper canonical tag" section. When I open the link I don't see any Chinese on the page. There are a few hundred of them starting in January. 

Greg-Bernhardt
Community Manager
94 1 33

@vic that shows they are looking for new areas of vulnerability. If the URLs are tagged as "Alternate page with proper canonical tag" then there is nothing to worry about and Google is communicating they won't index that page with that spam parameter in the URL.

To learn more visit the Shopify Help Center or the Community Blog.

Vicky6
Excursionist
24 0 3

Thank you for this code. It did allow me to remove the Chinese spam language from the results page until the issue is fixed. 

Participant
Excursionist
14 0 2

Hi @Allan-EP,

 

I am wondering if the "nofollow" is actually necessary, or recommended, in this instance. For example, would it be better to just use this:

 

{%- if search.performed -%}
    <meta name="robots" content="noindex" />
{%- endif -%}

 

Mont
Explorer
58 1 27

Please someone tell me if this makes sense , my store can't take being slammed by Google anymore. Am I correct the issue is that our auto generated sitemap.xml includes these bad urls. What if built my own tidy sitemap and sent that to Google instead. 

Mont
Explorer
58 1 27

The culprit  is vendors?q=    after collections/  At least Google excluded it. that's good 

 

Shopify's 1st fix was to send all of those vendors?q= to a 404 page, but that's a short cut fix IMO.

 

GOOD NEWS ...cool business btw. anyway I went to  https://www.french-address.com/sitemap.xml

TRY this. Looks like your sitemap was altered as well by shopify. So now go ask google console to re-index your https://www.french-address.com/sitemap.xml ASAP

hdelara
Tourist
7 0 3

I'm getting new spammy pages being indexed by Google on my end as well.

Greg-Bernhardt
Community Manager
94 1 33

We're aware of the collections/all/ spam. Please DM me to let me know if you're using an official Shopify theme or a third-party theme.

To learn more visit the Shopify Help Center or the Community Blog.

Vicky6
Excursionist
24 0 3

Hi Greg,

 

Today I noticed https://mywebsite/search?q= spam urls are increasing. I was down in the 4K for indexed but it's rising again due to these so I've submitted a removal request until I hear from someone on this board to keep the numbers from shooting up again. 5-3-23 GSC Screenshot.jpeg

Greg-Bernhardt
Community Manager
94 1 33

@Vicky6 please DM me one of the search URLs that has been indexed. Those should be 404'd.

To learn more visit the Shopify Help Center or the Community Blog.

lemri025
Tourist
6 0 3

Hi @Greg-Bernhardt , I'm having the same issue with collections/all/ spam links. I've already contacted Shopify customer support twice, but I had no luck. Could you please help me? Can I DM you one of the links?

 

@MJC I'm experiencing exactly the same thing with diablo stuff links. Did you somehow resolve this issue?

Mario_h
Tourist
3 0 0

I'm curious to know if you were able to solve this issue. I'm currently facing the same challenge and even similar SPAM URLs including diablo stuff.

 

 

lemri025
Tourist
6 0 3

The good thing is that no one hacked you. Not sure how many of them you have, but I'm just using Google Search Console "Removals" option. Originally, I had around 10-15 links, which were removed with the Removals option. Around 2-3 new strange links appear on Google each week but I'm just removing them. 

That's not the perfect solution, but it works.

Other solution would be to hire Shopify Developer expert who is familiar with the issue, so he/she can add some codes to the HTML.

pauldrecksler
Shopify Partner
25 0 15

I'm now experiencing similar vendor spam on one of my sites, but after /collections/all

 

What code can we enter into our headers to set any filters / pages created after a genuine collection path as noindex?

 

For example...

 

GOOD: example.com/collections/mens-shirts (index)

GOOD: example.com/collections/all (index)

BAD: example.com/collections/all/best-site-ps4-ps5 (noindex)

BAD: example.com/collections/mens-shirts/spam-text (noindex)

 

Thanks.

Join my Shopifreaks E-commerce Newsletter: www.shopifreaks.com
Learn about affiliate marketing: www.shopaffiliateapps.com
Hire me to help with your store: www.ideasfocused.com

I wish you much success with your Shopify store!
lemri025
Tourist
6 0 3

Hi @pauldrecksler ,

Did you find solution for this? Thank you

CD
Excursionist
27 0 8

I am using a third-party theme. And I need help 😞 I am soooo lost!

MJC
Excursionist
22 0 20

Hi all,

 

I am having a similar issue I have found a link in Google search console that appears to originate from my website however it does not and is promoting some diablo levelling up service.  Shopify support keep repeating that I should disavow the link, this may not be a good idea disavowing links from my website in general.  Shopify have not offered any further solution but did provide links on how to make my account secure before later telling me my account was secure.   I have found many instances of people having similar issues  on the internet and have sent to Shopify but keep getting a generic reply.

jackgenesin
Shopify Partner
11 0 2

I wrote an article on this with many solutions a little while back. I believe the same solutions will still apply and work today.

 

https://jackgenesin.consulting/articles/spam-urls-appearing-from-bot-vendors-queries-shopify-store-h...

 

Feel free to comment back on here if you have any questions!

SEO with 7+ years experience working on global brands.
CD
Excursionist
27 0 8

thank you!

Egle
Excursionist
25 0 14

Attacks are keep coming now under search?q= ....

 

Screenshot 2024-02-27 at 23.07.44.png