Hacked by Google?

The setup: I recently launched a new plugin that included a Demo page. To keep things flexible, I set up the Demo as a page on my experimental “Labs” WordPress installation, which is entirely nofollow, noindex and noarchive, meaning that Google can’t legitimately see what’s there.

The story: So I launch my plugin and the traffic starts rolling in and some of it goes to the Demo page, as planned. Everything was going fine for a number of hours – people were checking out the Demo, submitting sample posts into the ether, and all was well. There were no tricks, no spam, no traps, no phishing, no nuthin’ – as with everything I do here at Perishable Press, the USP Demo is white-hat, squeaky clean, and safe for the masses.

And then suddenly, traffic to my Demo page completely stopped, and I get a message from a few users saying something like:

Dude your plugin demo is flagged as an attack site by Google – better check it out..

Seriously? After immediately scouring my site/server for signs of mischief, I found no signs of tampering and was left to wonder why on earth anyone would bother reporting my humble Demo page to the Web Cops (read: Google). The conspiracy theories began taking hold, but after further investigation and a little more analysis, I’m thinking that it wasn’t anyone reporting anything to Google – but rather, it was Google itself that pulled the plug on my new Demo page.

What to do if your page is flagged as an “attack site”

First, check your site with nanoscope for any wrongdoing, evil scripts, and other tampering. If you discover some plot, eliminate it. That’s always priority number one: keep your site secure. If you don’t find anything weird, and your site is clean, the next step is to figure out why Google flagged your page. There are basically two possibilities here:

  • Someone reports it as an attack site
  • Google discovers it and considers it an attack site

For my flagged Demo page, my current hypothesis goes like this:

  1. Google saw a bunch of traffic suddenly going to a relatively new page
  2. Google wanted to check it out, but the page was nofollowed & noindexed
  3. Google gets paranoid and kills the new page

Did the actual content of the page (a post-submission form) play a role in Google killing my Demo? Not if Google obeys the noindex/nofollow/noarchive protocol, which for my page told them explicitly to stay out (I do not want my test WordPress installation interfering with anything search-engine related). Even so, I’ve got a strong hunch that Google dropped by anyway to check it out. And after seeing the form, the noindex, and the surge of traffic, Google takes it upon itself to be the Online Po-Po and hacks my site.

Why Google is wrong

I understand that keeping idiots away from badness is somebody’s job, but Google has no right to essentially hijack any page it wants with an ominous “this is an attack site, get me out of here” message. That’s my personal property you’re hacking, and Google has no right to interfere with anybody’s anything at all. But as a corpo mega-giant, they can pretty much do whatever they want, so if Google don’t like the way your site looks – or even if they just get an unhappy feeling about it – they can and will hack your site with their trauma-inducing anti-traffic propaganda.

And the scare messages weren’t just coming from the search-engine results, Google was intercepting and redirecting traffic right on my own website! For example, some user is reading about my new plugin and decides to click on the “Demo” link to experience the awesomeness. BUT NO, when the user clicks on my link on my site, Google intercepts and redirects a legitimate user going to a legitimate page on my own frapping website. If this were done by anyone else it would be called a malicious attack, but Google obviously does not see it that way.

Google’s response time is a joke

Often, the difference between a deliberate attack and a simple accident is communication. If some cracker breaks in, plants payload, and then escapes in the middle of the night, he/she isn’t going to send you an email explaining what’s up. Instead, they’re going to keep it dark, take their time, and wait for the perfect time to exploit your site. That’s just nasty behavior, and you would expect “do no evil” Google to not act like a criminal by actually communicating its intentions & actions with all of us lowly subjects. Unfortunately, Google SUCKS at timely communication. To illustrate, consider the following chain of events:

  1. February 17th, 2011 – launch plugin & Demo page
  2. February 17th, 2011 – Google hacks my site, shuts down Demo page
  3. February 17th, 2011 – multiple people report the Demo page as legit
  4. February 21st, 2011 – Google sends a generic, useless email telling me what the scare-page already told me
  5. March 1st, 2011 – over a week later and still no follow-up from Google

When your site gets hacked, it is critical to eliminate the risk and restore security as soon as possible. Every second counts, and any information you can get is going to help you diagnose and resolve the issue as expediently as possible.

So why did it take FOUR DAYS to hear anything back from those responsible for actually hacking my site? In this case, Google’s behavior is no different than that of an actual malicious attack. The minute I discovered that someone (Google) had attacked my Demo page, I kicked it into high gear, moving as swiftly as possible to diagnose and resolve the problem that Google started. Meanwhile what does Google do after hacking my website and accusing me of getting hacked? Nothing. They didn’t do a damn thing, even after multiple people reported that the Demo page was in fact legit. After a week and still no report, message, or nothing back from Google about the verifications.

Let’s review the chain of events to make everything crystal clear:

  • Google attacks a legitimate website after suspecting it of wrongdoing
  • Google’s attack intercepts and redirects traffic to an ominous “attack” page
  • Google’s attack scares off traffic, damages reputation of legitimate website
  • Site owner does best to respond and accommodate the demands of the attacker
  • Google ignores verification requests, does literally nothing
  • Google waits four days and then emails the same regurgitated information contained in their attack message
  • A week later, still nothing from Google about any of this

So what can I do? I’m just a small-timer with no real power. But I can write. I can share. I can post this information on the Web and tell you with all seriousness that Google is NOT your friend, and will attack your site if they feel like it.

The solution..

Simple: communication. How is it that the world’s largest harvester of data can’t/won’t send a simple email before they attack your website? If this sounds familiar, it’s because Google is the worst at communicating with their users. Think about it: how many web admins and bloggers bend over backwards trying to satisfy Google’s every command. Why can’t/won’t Google return the favor with a quick message before they destroy your site, reputation, and income? It would be so nice..

I remember feeling frustrated like this before, back when Microsoft was in power.