homepage Welcome to WebmasterWorld Guest from 54.211.157.103
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

    
Malicious requests from Google - listed in WMT Crawl Errors
g1smd




msg:4433413
 8:24 am on Mar 26, 2012 (gmt 0)

We're all used to seeing malicious requests in the server logs coming from all over the place. It's much more rare to see Googlebot making such requests.

Yesterday, I was surprised to see a whole load of "Access Denied" entries in the WMT Crawl Errors report.

They were all of the form:
/shop/update.php?id=836+AND+1=5+UNION+SELECT+0

These requests now show in the Crawl Errors report since all URL requests with UNION or SELECT or a whole list of other banned terms are denied whoever requests them.

However, what surprises me is that Google would even attempt to request such a URL. I'd have thought they would filter out malicious URLs found in links so as not to do other people's dirty work for them.

As expected, the Crawl Errors report doesn't list where this malicious link was found.

One other thought comes to mind.

Could it be that Google invented those URLs merely for testing the site security in order to rate it, in the same way they request
/noexist_1b4c6325b27d2a.html style URLs from time to time?

 

lucy24




msg:4433441
 9:12 am on Mar 26, 2012 (gmt 0)

I'd have thought they would filter out malicious URLs found in links so as not to do other people's dirty work for them.

Oh, come on. You know they don't work that way. G### never met an URL it didn't like. Otherwise, it would be a no-brainer to similarly filter out obviously broken urls like

/directory/fi... *

Could it be that Google invented those URLs merely for testing the site security in order to rate it?

I think they're disappointed you didn't return a 404 ;)


* I've flagged all the others as "fixed", and so far they haven't reappeared, but I flatly refuse to address something that is so obviously garbage.

Sgt_Kickaxe




msg:4433462
 10:08 am on Mar 26, 2012 (gmt 0)

I regularly see requests that are explicitly for known wordpress core files, which I don't have on that site, and they seem particularly interested in seeing if remote publishing is on or off.

My guess is it's a security test, or perhaps just a way of gathering CMS info to know what type of site they are dealing with.

g1smd




msg:4433541
 2:52 pm on Mar 26, 2012 (gmt 0)

Since many of the common CMS, blog, forum and cart packages have inbuilt limitations and design errors, it would make sense that Google detects what system you're using and then applies a set of known fixes to the data they get back as they crawl the site.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved