1. Home
  2. Forums Index
  3. Search Engines and SEO / Google Search and SEO 4:09 pm Apr 23, 2026

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Malicious requests from Google - listed in WMT Crawl Errors

         

g1smd

8:24 am on Mar 26, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



We're all used to seeing malicious requests in the server logs coming from all over the place. It's much more rare to see Googlebot making such requests.

Yesterday, I was surprised to see a whole load of "Access Denied" entries in the WMT Crawl Errors report.

They were all of the form: 
/shop/update.php?id=836+AND+1=5+UNION+SELECT+0


These requests now show in the Crawl Errors report since all URL requests with UNION or SELECT or a whole list of other banned terms are denied whoever requests them.

However, what surprises me is that Google would even attempt to request such a URL. I'd have thought they would filter out malicious URLs found in links so as not to do other people's dirty work for them.

As expected, the Crawl Errors report doesn't list where this malicious link was found.

One other thought comes to mind.

Could it be that Google invented those URLs merely for testing the site security in order to rate it, in the same way they request 
/noexist_1b4c6325b27d2a.html
style URLs from time to time?

lucy24

9:12 am on Mar 26, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I'd have thought they would filter out malicious URLs found in links so as not to do other people's dirty work for them.

Oh, come on. You know they don't work that way. G### never met an URL it didn't like. Otherwise, it would be a no-brainer to similarly filter out obviously broken urls like

/directory/fi... *

Could it be that Google invented those URLs merely for testing the site security in order to rate it?

I think they're disappointed you didn't return a 404 ;)


* I've flagged all the others as "fixed", and so far they haven't reappeared, but I flatly refuse to address something that is so obviously garbage.

Sgt_Kickaxe

10:08 am on Mar 26, 2012 (gmt 0)



I regularly see requests that are explicitly for known wordpress core files, which I don't have on that site, and they seem particularly interested in seeing if remote publishing is on or off.

My guess is it's a security test, or perhaps just a way of gathering CMS info to know what type of site they are dealing with.

g1smd

2:52 pm on Mar 26, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Since many of the common CMS, blog, forum and cart packages have inbuilt limitations and design errors, it would make sense that Google detects what system you're using and then applies a set of known fixes to the data they get back as they crawl the site.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Search Engines and SEO / Google Search and SEO 4:09 pm Apr 23, 2026