Task 77 : WordPress Cloaking Japanese SEO Spam Blackhat – WP Spartans 300
By : Farooq Shah
Publish Date : April 15, 2019

Task 77 is a special task about WordPress hack Removal regarding Cloaking – Japanese SEO Spam – A well know blackhat SEO Technique .

In this task, I discussed a few things about cloaking. We discussed its types such as :

User-Agent Cloaking (Browser/ Bot)
IP based cloaking (IP is compromised)
JS cloaking (browser/ Server etc)
HTTP_REFERRER cloaking.
HTTP Accept-language header cloaking

Cloaking means to present different content to different users and Googlebots etc. Sometimes, this is done as per IPs. It functions same as Canadian Sparma Spam (Which was used to sell drugs in recent years).

As #WpSpartans300 keyword was gaining popularity, so someone tried to cloak wpspartans300.com site. I followed the following steps to clean it:

1) Downloaded a backup
2) Changed all credentials.
3) Removed all old WP Core Files (Except wp-content folder)
4) Downloaded fresh WordPress CMS from official website.
5) Uploaded to GoDaddy.
6) Within WP-ontent, removed all themes and plugins (Noted down their details)
7) One by one uploaded fresh copies of plugins and themes etc.
8) Went to PHP My Admin. Renamed Databases. Passwords etc.
9) Updated wp-config.php.
10) Went to Google Webmaster Tools (Search Console). Checked security. No issues found. But the issue was there. So, checked all verified users. Deleted users. Created new ones. Updated all files, txt records etc.
11) Went to cloudflare. Changed credentials. Updated other files.
12) After having gone through each measure, I realized the problem was still there. So, as a last resort, I had to reset goDaddy server to its default position.

Then repeated all steps one by one. Removed Chrome. updated WINDOWS 10. Removed extra software. Updated software. Cleaned cookies. Tried to find any key logger etc.

In short, my precious time was wasted in a silly activity. Bots did that, and who did bots. My guys will find that out.

Went to Google Developers Section. they mentioned a few steps. Acted upon them one by one.

I had to change my email, passwords etc. Just in case. Actually, i was making tuts for my Spartans from Pakistan, India and Bangladesh. And someone couldn’t face the reality of success. Jealousy or hatred, someone did my waste my time with a pathetic code injection.