Re: Has my site been hacked?

Solved

Is my site hacked with spammy fifa coin links?

MikeTaylor
Excursionist
19 2 13

Google search console threw up some URLs from my site tha haven't been indexed.

They seems to be spammy links to a fifa coins site.

But I didn't create them

Any help would be hugely appreciated.

Best

Mike

 

 

Screenshot 2022-07-31 at 00.00.34.pngScreenshot 2022-07-31 at 00.00.39.png

 

Accepted Solutions (2)
MikeTaylor
Excursionist
19 2 13

This is an accepted solution.

Hey.

I just had the similar reply (see below). They're obviously aware of the issue and have decided this is how they deal with it for now. I feel that this issue is bigger than "it's just a thing you can't stop and doesn't matter - get Google to disavow them..."

 

Hi Mike,

Thank you for reaching out to us. My name is XXXX and I am here to assist you today.
I understand there are some unauthorised activity initiated in your store and I would be more then happy to resolve this issue for you.

 

I've taken a deeper look on all the information you've provided on the thread and I am very happy to share with you that your store is safe and it is just a little bot running wild.

The odd-looking url and domains that you have posted on the thread are actually search terms of what some visitors to your site have actually searched.


This search term is usually distinct from typical searches on the site (such as being in Korean on an American shop, and including a domain) and may span up to thousands of these kinds of backlinks. It can be a bit scary for the merchant but there are no real security concerns here.

The technical term of what has happened is called Spam Backlinks. I get that this is not exactly the most pleasant thing to have so I have attached a link here on how you can potentially stop it from happening.

 

Whatever that is happening at the moment does not pose any form of threat to your store in anyway. Taking that into consideration there are 2 courses of action here that you can take:

Option 1: Not take any action as none is actually necessary and taking steps would not do anything other then removing some search data that is not affecting you now or in the future

 

Option 2: "Code" it away
Using your SEO reporting software (Which in your case is Google Search Console) you can collect all the bad backlinks into a .txt file and report them via Google's Disavow Tool. Information on the structure can be found in their help doc here. Note that the backlinks to list will be the referral site address rather than their search term URL.

 

Please understand that option 2 is fairly complicated and in light of that I will need to share this disclaimer with you pertaining to Option 2:

This is an advanced feature and should only be used with caution. If used incorrectly, this feature can potentially harm your site's performance in Google's search results. We recommend that you only disavow backlinks if you believe that there are a considerable number of spammy, artificial, or low-quality links pointing to your site, and if you are confident that the links are causing issues for you.

**

View solution in original post

Jizo_Inagaki
Shopify Partner
1100 410 716

This is an accepted solution.

My simple solution.

{%- if request.path == '/collections/vendors' and collection.all_products_count == 0 -%}
  <meta name="robots" content="noindex">
{%- endif -%}

Details are on my blog.
But it's Japanese, not English.

https://webutubutu.com/webdesign/11116

Jizo_Inagaki | フリーランスのwebデザイナー
- テーマのカスタム承れます。
- 記載した回答で解決できましたらベストソリューションの承認をお願いします。
- DMや指名による対応はご依頼として有料でのみ承ります。

View solution in original post

Replies 79 (79)

Dirk
Shopify Staff
2428 259 541

Hey, @MikeTaylor 

 

Have you had someone do some work on your store in the past? With that said, based on the URL it looks like that link was created in part by using the 'Vendor' field to create a URL based on Fifa coins.

 

Go to your Admin > Products page and click on the 'Product Vendor' filter to find any vendors that mention 'Fifa Coins'. When you filter them, those products that include that vendor will appear in the products list. From there you can select those products for editing, and the fifa coins mention from the vendor field.

 

 

If there is anything else I can help you with, please let me know.

Dirk | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Italia-Straps
Explorer
58 1 53

Hi There,

 

August 18th -- I'm having the same issue as MikeTaylor. Google search console found a couple SPAM pages that I didn't create. It's the same spam about FIFA coins.

 

I don't know how to get rid of them as the pages aren't in any accessible area of Admin. Had a call into Shopify support earlier today and they were very perplexed and said they will get back to me with a resolution. (hopefully)

 

I tried the fix above but there were no selections for another vendor.

Any further help would be most appreciated.

 

MikeTaylor -- Did you see more SPAM pages appear after your post July 30th?

 

Thanks

Michael

Italia-Straps
Explorer
58 1 53

To respond to Dirk's question...In my case no one outside has worked on the site and all admin has been done from the same location for years. Login is always done via two-stage.
Nonetheless, it has the appearance that someone on the outside was able to generate the SPAM pages.

MikeTaylor
Excursionist
19 2 13

Exactly. If this is the case, Shopify has a major security issue on its hands. 

Italia-Straps
Explorer
58 1 53

 

 

Michael_Salerno_3-1660920362496.png

 

I agree it looks like a security issue.  Curious to see how many other shop owners have the same issue since not everyone checks their indexed pages or Google Search Console all the time.  For reference, I uploaded a screen shot of the SPAM urls Google found. Again, these were generated somewhere outside, not by me and there is not a way to delete the bogus pages. I have not yet heard back from Shopify Support but will contact them again today.

 

MikeTaylor
Excursionist
19 2 13

Hi Michael

Did you hear anything from Shopify support?

MikeTaylor
Excursionist
19 2 13

Hi. I’ll need to check Google Search Console (I’m away). But Dirks experience is exactly mine. 

MikeTaylor
Excursionist
19 2 13

Sorry Michael’s issue. Doing this on a phone. (Badly). 

stephanie_savon
Visitor
1 0 4

We have just discovered the same issue. No work done by outsiders. No vendors for Fifa found under products. It seems like some security breach. 

MikeTaylor
Excursionist
19 2 13

Hey Shopify. This really seems to be a problem. It looks like a flaw in your platform is being exploited and people are able to manipulate our websites. Can you please update us on where you are with this?

Best

Mike 

SimBAF
Tourist
5 0 12

Hi Dirk, 

 

I wanted to just highlight that we have all tried this but nothing shows up. I've also made all the changes to ensure it wasn't a breach however this is starting to look like an issue with shopify itself. I keep getting told whenever I reach out it could be a theme issue, yet all the sites here are different templates most of which are shopify templates (mine is third party). We are also told it could be apps but what is the likelihood that we all downloaded the same app? The same spam can be seen through all our sites. I am seriously concerned about customer data right now and all your team is doing is shifting the blame to us and saying we should "hire experts". 

This really needs to be fixed, it's not enough to tell us to disavow on search console. If you do not solve this many more of your sites will be compromised. 

We have a huge season coming up and need this fixed asap. 

Chris_Hall1
Shopify Partner
3 0 8

Hi All,

 

Sept 8th and our site has shown this same issue in Google Search Console.

 

Definitely appears that @Shopify has some sort of breach they are hopefully fixing. This threw a warning in our Search Console on Sept 4th.

 

-C

 

WEIRD CODE Spotted by Google Search Console Screen Shot 2022-09-08 at 2.50.41 PM.png

MikeTaylor
Excursionist
19 2 13

Hey all.

Months on and still no action from Shopify and still the URLs are there (and I still can't get rid of them).  Great that they've put our copyright on the bottom though...

hack.pngfifa.png

Angela_Wisler
Tourist
4 0 2

Hello unhappy to report my shopify site has the same rogue fifa url indexed as a collection.  How many of your paying customers have to endure this before a proper fix is initiated?  Referring me to take action that requires you to issue a disclaimer to me because I could destroy my google search results is not a solution at all.  C'mon Shopify, you are better than this. At least you used to be.hacked collection.JPG

 

 Please do something about this.

Angela

 

SimBAF
Tourist
5 0 12

Will you respond to us?? 

Chris_Hall1
Shopify Partner
3 0 8

Hey Dirk, 

 

Are you even checking in on this? What is Shopify doing about this apparent hack of all of our stores? Is your team removing the rogue code and patching the vulnerability?

 

-Chris

IanBoothSEO
Tourist
3 0 4

Hey folks.

 

If I may suggest, this appears to be an SEO hack that exploits the fact that search query URLs are indexable by search engines. The hacker can easily create new pages that will appear on Google with their website and code added in the title.

 

It's not a specific Shopify issue, in fact, I am auditing a Magento-based site now and found this thread while Googling the issue. 

 

I think if your Vendor search pages weren't indexable, this wouldn't be an issue.

You should use Robots.txt to disallow such URLs from being crawled, e.g.:

User-agent: *
Disallow: *?q=*

 

I am also seeing that the URLs with search parameters are self-canonicalising. i.e URLs like: [domain]/collections/vendors?q=Visit%20Cheapfifa23coins.com%2030%25%20OFF%20code%3AFIFA2023%7C%20Excellent%20company.%20Very%20trustworthy%20and%20professional%20for%20%20fifa%2023%20100k%20coins%20in%20UKRAINE%21..%20%20u2ai

 

The static URL /collections/vendors/ should be the canonical URL for all query URLs.

 

Hopefully this can help you all out and maybe Shopify will consider improving their many indexation issues.

Vicky6
Excursionist
25 0 3

@IanBoothSEO Can you please explain exactly how we implement your solution of...

Use Robots.txt to disallow such URLs from being crawled, e.g.:

User-agent: *
Disallow: *?q=*

 

Thanks in advance!

wardn
Visitor
1 0 1

Same issue in my Google Search Console. Doesn't appear connected to my shop at all, nothing found in vendors or products, nobody else has done work on my shop.

Google shows the referring page to this bogus link as:
www_reviewopolis_com_slash_4r468_slash_c42rs_dot_pptx

Looks like this referring page was created back in June. Stayed up for a month before disappearing, then came back last week. It is now gone again.

Vicky6
Excursionist
25 0 3

@wardn can you please explain exactly how we locate the referring page for our spam links so we can disavow it in Google Search Console? Thanks in advance!

SimBAF
Tourist
5 0 12

Hi Mike, 

 

I am having the same issue. Did you happen to install the app Easy Redirects 301 & 404? Shopify keeps telling me it could be an app and perhaps we can try to narrow down which (if any) it is. 

tonybo
Tourist
3 0 4

Shopify only recommended us to disavow this in search console, but did not provide a solution to remove this from the website. Apparently they can't fix this so far. 

tonybo
Tourist
3 0 4

Screen Shot 2022-09-01 at 6.29.10 PM.pngGoogle shows 327 000 search results with this page. This looks like a mass problem. Conversation with support ended only on second recommendation to disavow the link. This is not the backlink, this is a page created on my domain! And the screenshot shows that those pages are indexed! 

MikeTaylor
Excursionist
19 2 13

This is an accepted solution.

Hey.

I just had the similar reply (see below). They're obviously aware of the issue and have decided this is how they deal with it for now. I feel that this issue is bigger than "it's just a thing you can't stop and doesn't matter - get Google to disavow them..."

 

Hi Mike,

Thank you for reaching out to us. My name is XXXX and I am here to assist you today.
I understand there are some unauthorised activity initiated in your store and I would be more then happy to resolve this issue for you.

 

I've taken a deeper look on all the information you've provided on the thread and I am very happy to share with you that your store is safe and it is just a little bot running wild.

The odd-looking url and domains that you have posted on the thread are actually search terms of what some visitors to your site have actually searched.


This search term is usually distinct from typical searches on the site (such as being in Korean on an American shop, and including a domain) and may span up to thousands of these kinds of backlinks. It can be a bit scary for the merchant but there are no real security concerns here.

The technical term of what has happened is called Spam Backlinks. I get that this is not exactly the most pleasant thing to have so I have attached a link here on how you can potentially stop it from happening.

 

Whatever that is happening at the moment does not pose any form of threat to your store in anyway. Taking that into consideration there are 2 courses of action here that you can take:

Option 1: Not take any action as none is actually necessary and taking steps would not do anything other then removing some search data that is not affecting you now or in the future

 

Option 2: "Code" it away
Using your SEO reporting software (Which in your case is Google Search Console) you can collect all the bad backlinks into a .txt file and report them via Google's Disavow Tool. Information on the structure can be found in their help doc here. Note that the backlinks to list will be the referral site address rather than their search term URL.

 

Please understand that option 2 is fairly complicated and in light of that I will need to share this disclaimer with you pertaining to Option 2:

This is an advanced feature and should only be used with caution. If used incorrectly, this feature can potentially harm your site's performance in Google's search results. We recommend that you only disavow backlinks if you believe that there are a considerable number of spammy, artificial, or low-quality links pointing to your site, and if you are confident that the links are causing issues for you.

**

MikeTaylor
Excursionist
19 2 13

Hey. I didn't install this app. Sorry. 

tonybo
Tourist
3 0 4

iconhookah.com - we are having the same issue. We need this to be solved please. 

Wildflowerclub
Tourist
9 0 0

We also have this problem. The page is live since 09-29-2022. 

I hope this can be solved very soon!!

Is therer someone that now how to fix this and remove the link from your website? 

Dirk
Shopify Staff
2428 259 541

Hey, folks!

 

If anyone is encountering a similar situation, I recommend reading through the accepted solution post in this thread for additional context and the next steps you can take regarding the search query URLs in Google Search Console.

 

If there is anything else I can help you with, please let me know.

Dirk | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

IanBoothSEO
Tourist
3 0 4

I disagree.

 

Has there been any indication that there are spam backlinks? I don't see this.

 

Stop allowing search engines to crawl search parameter URLs on your websites. There is potential for infinite URLs to be generated. This is what is being abused by spammers.

 

Use Robots.txt

 

User-agent: *

Disallow:*/vendors?q=*

 

 

SimBAF
Tourist
5 0 12

Sorry but I don't believe this is resolved.

Are you seriously telling us we have to manually disallow every single spam link?

Do you realise these people automate these processes and we could potentially be looking at dealing with thousands? That's if we even manage to pick them up in the first place. And don't you think this will have a negative impact on our SEO overall, something many store owners work extremely hard on? Why is shopify not actually doing something about this? It's getting ridiculous. 

Jizo_Inagaki
Shopify Partner
1100 410 716

This is an accepted solution.

My simple solution.

{%- if request.path == '/collections/vendors' and collection.all_products_count == 0 -%}
  <meta name="robots" content="noindex">
{%- endif -%}

Details are on my blog.
But it's Japanese, not English.

https://webutubutu.com/webdesign/11116

Jizo_Inagaki | フリーランスのwebデザイナー
- テーマのカスタム承れます。
- 記載した回答で解決できましたらベストソリューションの承認をお願いします。
- DMや指名による対応はご依頼として有料でのみ承ります。
IanBoothSEO
Tourist
3 0 4

Perfect.

SimBAF
Tourist
5 0 12

Thank you!! This is an actual solution! 

shadi1
Explorer
74 1 48

HI Jizo

 

Do you place this tag in the theme.liquid :

 

{%- if request.path == '/collections/vendors' and collection.all_products_count == 0 -%}
<meta name="robots" content="noindex">
{%- endif -%}

i tried that and its not working , can yo give me detail plz!

Jizo_Inagaki
Shopify Partner
1100 410 716

HI Shadia1.

 

It will work if you include it in the head tag.

Meta tags with the noindex attribute are output.

 

For more information on the effects of noindex, please refer to Google's documentation.
https://developers.google.com/search/docs/crawling-indexing/block-indexing

It does not mean that they will disappear from the search results immediately.

Jizo_Inagaki | フリーランスのwebデザイナー
- テーマのカスタム承れます。
- 記載した回答で解決できましたらベストソリューションの承認をお願いします。
- DMや指名による対応はご依頼として有料でのみ承ります。
shadi1
Explorer
74 1 48

Thank you its working now. Will keep an eye on it and see if anything changes in the future.

Maybe shopify should implement this across the platform!

 

Italia-Straps
Explorer
58 1 53

I wanted to check in with the group again on this one...as I'm not sure the situation has been "solved" for most of us. Our site just experienced another round of these SPAM pages being generated.  Are others seeing the same?

 

Also, I am curious to see if anyone used the disavow function on Google. It is my understanding that this tool is for Spammy backlinks from OTHER sites pointing to your site as opposed to Spammy links ON YOUR SITE which is the case here. In other words, you are disavowing a URL on your own site not from an outside site. Did anyone try this? and if so, what were the results? 

 

Not everyone is comfortable at inserting code into their theme so it would be good to have a solution that doesn't involve a code change.

Shopify should indeed look into implementing a fix across the platform. It's clear that there's a hole that allows exploitation of the query function. There's probably a lot of Shopify stores that don't know this is happening.

 

 

Italia-Straps
Explorer
58 1 53

For those who didn't see it, there is another discussion in the Shopify Forums here: https://community.shopify.com/c/shopify-discussions/website-hacked-help/td-p/1748004

 

According to the posters there, this is really a WIDESPREAD problem

 

MJ5
Tourist
4 0 13

This a widespread problem and Shopify appear to have no interest in helping their store owners resolve. When raised with support this morning it was made to seem that this issue was a one-off on our site and that we would have to hire a developer to help resolve. Not acceptable. Shopify should be IMMEDIATELY addressing the exploit in the search function to prevent this occurring - even if that is advising on what code can be implemented to assist in stopping the 'writing' of the text. For the monthly fees they charge we have a realistic expectation that Shopify would help protect us better. I am submitting a complaint and hope that others do to get some traction in getting this serious issue addressed.

JenDeg
Excursionist
10 0 3

Hi - We used the disavow tool at the root level and removed links from Google Search, it was not a solution. Adding the no index code and then forcing Google to re-index the site via search console seems to be working.

As I understand it, Shopify added code to prevent this on January 11, 2023, however there were 10,000 of these bad links generated on our site after the fix was in. Adding the code string already seems to be knocking these results out of Google.

 

You simply add it on Line 4 after the <head> tag in your themes liquid code:



{%- if request.path == '/collections/vendors' and collection.all_products_count == 0 -%}   <meta name="robots" content="noindex"> {%- endif -%}

CODE CREDIT TO USER Jizo_Inagaki
Onebyte
Shopify Partner
8 0 3

In multi-lingual environment, the code is not working.

 

Here is the changed code:

 

{%- assign targetPath = '/collections/vendors' -%}
{%- if request.path contains targetPath and collection.all_products_count == 0 -%}
<meta name="robots" content="noindex">
{%- endif -%}

 

 

Stefan Bommeli, Onebyte
fabmol1
Excursionist
31 0 9

Is this solution still working?

 

Where do I add it?

Vicky6
Excursionist
25 0 3

Hi Jizo_Inagaki,

 

Which liquid file does the code go into that you mention above? 

 

Can you be specific for us please? I am having the same issue as everyone here with spammy vendor links - hundreds of thousands of them!!

JenDeg
Excursionist
10 0 3

It goes in the theme area (theme.liquid) - Line 4, after the  <head> tag.

marieszz
Shopify Partner
1 0 0

Hi Jizo,

 

I added the code in the head tag in theme.liquid but can't see any difference when I try a query with "collections/vendors?q=test" 
Is it because I haven't published the theme where I modified the code yet?

Jizo_Inagaki
Shopify Partner
1100 410 716

Hi Marieszz,

 

Check the browser's source display to see if noindex is output within the head tag.

If you cannot confirm, I would suggest consulting with Shopify partner or expert.

Jizo_Inagaki | フリーランスのwebデザイナー
- テーマのカスタム承れます。
- 記載した回答で解決できましたらベストソリューションの承認をお願いします。
- DMや指名による対応はご依頼として有料でのみ承ります。
Liron
Tourist
4 0 2

Thank you- I tried pasting in my theme.liquid file, straight after the head tag but this spammy page is still showing- should it be placed anywhere else?

Liron_0-1672667554966.png

 

JenDeg
Excursionist
10 0 3

Thank you so much for posting this code. We just added it to our site.

JenDeg
Excursionist
10 0 3

Hi Jizo - Is there a code solution for attacks on sites using "/search?q="

Thanks ~Jen