Is Your Firm’s Website a Victim of the Chinese Search Results Hack?

In the past several months we’ve observed several incidences of hacked websites. These are incursions by some malevolent actor who has added bad code to the sites, designed to boost search results for offshore companies selling merchandise that has nothing to do with the site’s owner. The merchandise might be legitimate or fradulent, but the intrusion tanks the owner’s search results, obviously doesn’t belong there, and over time can ruin the company’s reputation. And one of the worst aspects of the problem is that the firms were not even aware that the vandalism was happening.

Generally, this hack or its variants are known as the Chinese or Japanese Search Results hack. In the screen capture, taken from an example we noticed recently, you will see Asian characters appearing in sets of search results for an actual firm we observed. (To protect their identity, we changed their name and url to Any Old Firm at

What you can do

You can run a test for your own site by inserting your domain in a Google search using this simple phrase: The vast majority of sites will come up clean. But if you notice this happening to your site, you should fix it right away. Here are some steps we would suggest.

Verify the problem by testing your domain at a reliable web security website. We use the tool offered by Sucuri. It will show alert messages verifying the hack and possibly pointing to a cause. For instance, in the site we viewed most recently, it indicated a possible problem with the site’s “theme” (a kind of template used to build the site in WordPress and similar platforms). But rooting out the problem may involve delving into a website’s database, and you may need to hire a security expert to handle this.

Contact your designer or developer first, to see if they have the expertise required to fix the problem. WordPress offers several plugins for this purpose. On a website we viewed this past summer, the pages were plain html, an older format where each page is a standalone file without any database. The fix for html sites is to log in by FTP and remove suspect files. Several years ago we helped with such a site, and when we logged in the problem was evident: each spammy page was a file with an obvious name we could just trash.

In yet another instance we viewed over the summer, the client was aware of being hacked but was looking for a new designer. When they hired us, we created an entirely new site and the problem became moot. And because we monitor security reports on all our clients’ websites every day, we don’t expect the problem ever to appear.

But be vigilant about your own site. Feel free to contact us if you’d like further information.

Leave a Comment