Discuss and resolve questions on Liquid, JavaScript, themes, sales channels, and site speed enhancements.
Symptom
A lot of webshops have these strange tags, containing the text "Contact-My-Telegram [KungHac]" or variants with added strings, see attachments for examples.
Context:
For a certain webshop I subscribe to a Google Alert to discover new places it got mentioned or new terms by which it got indexed by search engines. So 24 of April I got an alert containg a tag
"/ hack-call-details + ⭕My + Telegram【@Kunghac】⭕-hack-call-history-of-airtel-mobile-number + hack-airtel-mobile-number-details + idea-call-history-hack + call-details-hack-app + hack-vodafone-number-call-details + hack-airtel-call-details + vodafone-call-details-hack + call-detail-hack-kaise-kare + call-details-hack + 74d2"
Reproducing this
Use Google or DDG for the string "Shopify【@Kunghac】" and among the search results it shows many Shopify powered webshops containing this tag.
Question
Does anybody know what causes this?
Insecure third party app?
And how to remove it?
btw why are png for screenshots not supported to attach?
The file type (.png) is not supported. Valid file types are: mpp, xls, xlsx, ppt, pptx, csv, mp4.
Seems to be a widespread Shopify issue across especially Canadian Shopify stores. This Google search shows multiple sites compromised by this: https://www.google.com/search?q=instagram+kunghac&oq=instagram+kunghac&aqs=chrome..69i57j69i60.4522j...
@Shopify you need to look into this, as many sites have been potentially compromised.
Thank you for your response. 🙏
And I dont get it, did contact Shopify webcare team, pinged their CISO at LinkedIn. Just radio silence.
At this stage I even don't know if its just a silly wannabee hack or something serious.
But littering countless webshops with bogus tags cant be good either.
And I am no customer so can't call support directly. Posts here cant be labeled "security" or "infosec" either. If anyone knows of a Responsible Disclosure procudere for Shopify please help me.
The whole ordeal sure makes a good first impression.
We are Shopify Plus customers so I've alerted our Success Manager, we will see if that raises any alarm bells on their end. Most likely it's an app that's been compromised, and from what I can tell, not a serious issue, but something to monitor closely none-the-less.
I have a similar index on my site in /collections/all Here's a screenshot of a random website I found with the same issue. If you Google search for "Shopify collections/all diablo iv" you'll find there's many
Interesting, that's a similar URL but slightly different. It makes me think Shopify has been compromised from the infrastructure level.
On my website if I type anything in the url bar after collections/all/ for example collections/all/spamtest it doesn't 404, it generates my text "spamtest" as a sort of home button. I think the spammer is hoping to get exposure for free by piggy backing off any and all sites once Google indexes it. It's bizarre because I have 2 other nonindexed pages in addition to the third, but the third is indexed
According to Google Analytics:
Indexed, though blocked by robots.txt.
Crawl allowed? - No. Blocked by robots.txt
Page fetch - Failed: Blocked by robots.txt
Indexing allowed? Yes
Not sure why it would index after being blocked? Shopify support told me to Do this.
However this comment seems to be the best solution for the recent vendors query spam problem, so maybe there's a similar solution to this, I don't know much about liquid.
Can reproduce:
- Search for a Kunghacked Shopify webshop
- In the URL remove everything after "https://www.your-domain.com/collections/all/"
- Instead type something random after the slash, like "stupidproducts".
If someone continues with:
- Screenshot this micro-defacing.
- Share on social media for reputation damage. Add the authentic URL for credibility.
This last steps are obviously no advice but more of a risc.
Got a rather generic answer from support to one of the affected webshops.
- Advise: use two factor authentication for every staff member. Good one but besides the point.
- Diagnose: its a spam backlink.
- Advise: Ignore it if SEO isnt affected much and otherwise use Googles Disavow Tool
- Advise: They took a look on the shops Google Analytics page and give some advice on conversion optimization. Also rather besides the point I guess.
What I really want to check is their diagnose: afaik spam backlinks are links to a spammers website as part of a profile of somebody posting a comment, review or forum message.
But this:
- is a tag/collection (albeit bogus) instead of a comment, review or forum message.
- doesnt link back at all, but links to the store's page itself.
All in all I'd rather see them giving this problem to a second-line support member with a focus on security.
Oh, finally got time to study your links to other forum threads @Skrim87 ... thnx
Solved: Website hacked ?! - HELP - Shopify Community
Solved: Has my site been hacked? - Shopify Community
Could it be possible its 'just' the same 'malware' or bot but the theme itself actually doesnt create the backlink or the rendered page omits this?
Bigger webshops have it too sometimes, dont know when they do/dont tho:
Shop All | Shop Caterpillar UK – tagged "🚨🚨🚨 Spotify republishes anything you pass in as a tag 🚨...
Did anyone resolve this? I have the same issue.
Sadly, radio silence from Shopify.
Was also thinking "what does someone hope to gaine from this"?
Its like spray-painted graffiti, tagging oneself everywhere. Like defacing a site, but in a 'micro' way. And it doesnt lead to traffic to malicious sites because they lack backlinks.
But I think these little hack-adverts help to grow credibility for someones services. Because if thousands of sites mention you even without linking, they must represent a legit service?
Anyway, two cents.
That's what I think, they're spamming big sites like Caterpillar construction to take advantage of their SEO rank to boost their own somehow. I wonder if their fake product url come up as a "recommended" search term on their websites like CAT?
2m ago Learn the essential skills to navigate the Shopify admin with confidence. T...
By Shopify Feb 12, 2025Learn how to expand your operations internationally with Shopify Academy’s learning path...
By Shopify Feb 4, 2025Hey Community, happy February! Looking back to January, we kicked off the year with 8....
By JasonH Feb 3, 2025