
Fixing the Japanese keyword hack - polm23
https://developers.google.com/web/fundamentals/security/hacked/fixing_the_japanese_keyword_hack?hl=en
======
codedokode
I looked through the article in hope to learn about new vulnerability related
to Unicode handling but it turned out just a normal vulnearbility in outdated
PHP applications. It has no relation to Japanese language.

~~~
YayamiOmate
Comments like yours is the reason I read comments before articles.

Kudos for the service to all the servicemen.

------
tk2
One of my websites was affected by this. I'm currently doing some work to de-
obfuscate the php code.

[https://github.com/shiragami/japanese-
backdoor/blob/master/o...](https://github.com/shiragami/japanese-
backdoor/blob/master/obs.php)

Basically what it did: Create a htaccess file to redirect request. Respond
differently if client is web-crawlers i.e. seo cloaking. Download a php
backdoor. Rewrite sitemap.xml and robots.txt

I'm still not sure what exploit that it uses to gain access.

~~~
codedokode
Probably a vulnerable PHP application (for example, outdated Wordpress plugin)
or stolen admin's password.

------
federicosan
I remember cleaning a couple of client's wordpress sites that were infected
with this hack some years ago, during 2015 if I remember correctly, it was
hard work. It seems many sites were infected with this kind of spam at the
time.

------
polm23
I've seen this before, but always assumed it was because I'm in Japan - I had
no idea it was a world-wide phenomenon.

Anyone know why it's specifically Japanese?

~~~
comex
Maybe the creator is Japanese, or at least targeting Japanese shoppers.

------
meemoo
I've been hosting a handful of WordPress sites for friends for years. I
thought my setup on a shared host was secure enough, until some of them got
this Japanese keyword hack. It's a major pain to follow these directions to
clean a site out. Enough of a pain that I've been rewriting the sites with
another CMS / site builder, with hosting that I don't have to manage.

