Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security

Hacked by Google?

[ WP Cron HTTP Auth ] The setup: I recently launched a new plugin that included a Demo page. To keep things flexible, I set up the Demo as a page on my experimental “Labs” WordPress installation, which is entirely nofollow, noindex and noarchive, meaning that Google can’t legitimately see what’s there.

The story:

So I launch my plugin and the traffic starts rolling in and some of it goes to the Demo page, as planned. Everything was going fine for a number of hours – people were checking out the Demo, submitting sample posts into the ether, and all was well. There were no tricks, no spam, no traps, no phishing, no nuthin’ – as with everything I do here at Perishable Press, the USP Demo is white-hat, squeaky clean, and safe for the masses.

And then suddenly, traffic to my Demo page completely stopped, and I get a message from a few users saying something like:

Dude your plugin demo is flagged as an attack site by Google – better check it out..

Seriously? After immediately scouring my site/server for signs of mischief, I found no signs of tampering and was left to wonder why on earth anyone would bother reporting my humble Demo page to the Web Cops (read: Google). The conspiracy theories began taking hold, but after further investigation and a little more analysis, I’m thinking that it wasn’t anyone reporting anything to Google – but rather, it was Google itself that pulled the plug on my new Demo page.

What to do if your page is flagged as an “attack site”

First, check your site with nanoscope for any wrongdoing, evil scripts, and other tampering. If you discover some plot, eliminate it. That’s always priority number one: keep your site secure. If you don’t find anything weird, and your site is clean, the next step is to figure out why Google flagged your page. There are basically two possibilities here:

  • Someone reports it as an attack site
  • Google discovers it and considers it an attack site

For my flagged Demo page, my current hypothesis goes like this:

  1. Google saw a bunch of traffic suddenly going to a relatively new page
  2. Google wanted to check it out, but the page was nofollowed & noindexed
  3. Google gets paranoid and kills the new page

Did the actual content of the page (a post-submission form) play a role in Google killing my Demo? Not if Google obeys the noindex/nofollow/noarchive protocol, which for my page told them explicitly to stay out (I do not want my test WordPress installation interfering with anything search-engine related). Even so, I’ve got a strong hunch that Google dropped by anyway to check it out. And after seeing the form, the noindex, and the surge of traffic, Google takes it upon itself to be the Online Po-Po and hacks my site. So not cool bro.

Why Google is wrong

I understand that keeping idiots away from badness is somebody’s job, but Google has no right to essentially hijack any page it wants with an ominous “this is an attack site, get me out of here” message. That’s my personal property you’re hacking, and Google has no right to interfere with anybody’s anything at all. But as a corpo mega-giant, they can pretty much do whatever they want, so if Google don’t like the way your site looks – or even if they just get an unhappy feeling about it – they can and will hack your site with their trauma-inducing anti-traffic propaganda.

And the scare messages weren’t just coming from the search-engine results, Google was intercepting and redirecting traffic right on my own website! For example, some user is reading about my new plugin and decides to click on the “Demo” link to experience the awesomeness. BUT NO, when the user clicks on my link on my site, Google intercepts and redirects a legitimate user going to a legitimate page on my own frapping website.

If this were done by anyone else it would be called a malicious attack, but Google obviously does not see it that way.

Google’s response time is a joke

Often, the difference between a deliberate attack and a simple accident is communication. If some cracker breaks in, plants payload, and then escapes in the middle of the night, he/she isn’t going to send you an email explaining what’s up. Instead, they’re going to keep it dark, take their time, and wait for the perfect time to exploit your site. That’s just nasty behavior, and you would expect “do no evil” Google to not act like a criminal by actually communicating its intentions & actions with all of us lowly subjects.

Unfortunately, Google SUCKS at timely communication. To illustrate, consider the following chain of events:

  1. February 17th, 2011 – launch plugin & Demo page
  2. February 17th, 2011 – Google hacks my site, shuts down Demo page
  3. February 17th, 2011 – multiple people report the Demo page as legit
  4. February 21st, 2011 – Google sends a generic, useless email telling me what the scare-page already told me
  5. March 1st, 2011 – over a week later and still no follow-up from Google

When your site gets hacked, it is critical to eliminate the risk and restore security as soon as possible. Every second counts, and any information you can get is going to help you diagnose and resolve the issue as expediently as possible. Anyone working online should understand this basic principle:

Time is of the essence.

So why did it take FOUR DAYS to hear anything back from those responsible for actually hacking my site? In this case, Google’s behavior is no different than that of an actual malicious attack. The minute I discovered that someone (Google) had attacked my Demo page, I kicked it into high gear, moving as swiftly as possible to diagnose and resolve the problem that Google started. Meanwhile what does Google do after hacking my website and accusing me of getting hacked? Nothing. They didn’t do a damn thing, even after multiple people reported that the Demo page was in fact legit. After a week and still no report, message, or nothing back from Google about the verifications.

Let’s review..

Let’s review the chain of events to make everything crystal clear:

  • Google “attacks” a legitimate website after suspecting it of wrongdoing
  • Google intercepts and redirects all traffic to an ominous “attack” page
  • Google scares off traffic, damages reputation of legitimate website
  • Site owner tries to accommodate and obey all of Google’s demands
  • Google ignores verification requests, does literally nothing
  • Google waits four days and then emails the same regurgitated information contained in their original “attack” message
  • A week later, still nothing from Google about any of this
  • Feeling frustrated and betrayed, site owner pens insightful rant

So what can I do? I’m just a small-timer with no real power. But I can write. I can share. I can post this information on the Web and tell you with all seriousness that Google is NOT your friend, and will attack your site if they feel like it.

The solution..

Simple: communication. How is it that the world’s largest harvester of data can’t/won’t send a simple email before they attack your website? If this sounds familiar, it’s because Google is the worst at communicating with their users. Think about it: how many web admins and bloggers bend over backwards trying to satisfy Google’s every command. Why can’t/won’t Google return the favor with a quick message before they destroy your site, reputation, and income? It would be so nice..

I remember feeling frustrated like this before, back when Microsoft was in power.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
BBQ Pro: The fastest firewall to protect your WordPress.

48 responses to “Hacked by Google?”

  1. Avatar photo
    simplynonna 2011/03/04 2:49 am

    I wonder what u do if it wasn’t ‘Google” and you’re fairly clueless??I guess you might want to post so that any1 running CurrentTV website (#FOK) might be aware of it. Considering all the shit happening to me lately I assume NOTHING. Transparency & awareness are the keys. There will ALLways be someone who knows more than u ;)

    • Avatar photo
      Jeff Starr 2011/03/04 3:49 pm

      I admit to much more than being clueless ;)

      Interesting perspective, I agree that transparency and awareness are key, but that should be a two-way thing – it’s difficult to do when Google doesn’t play along.

  2. I share your grief with gaggle. They are all over my site, robot.txt be danged. And their results are crap these days – ala Rockford’s comments above. Is there an alternative format? It’s there somewhere – sort of an open source way of finding information.

  3. When problems occur with search engines:
    Google never respond in person and limit their automated “Canned” response to 1-2 emails
    With Bing real people respond within minutes

  4. Avatar photo

    Let us step back to the larger picture, which IMHO does not look very pretty.

    Is Google a search engine or the web police? One is inherently a ‘batch’ processor or categorization engine if you will. The other is inherently a web service, requiring fairly immediate response.

    Google can not be the web police while populated for ‘batch’ mode. It is like creating an on-line store with no customer service department.

    And what about Congress? I am surprised more webmasters and tech sites are not totally up in arms regarding the proposed ‘privacy’ bill by Congress in March 2011. Do they not see what will happen? If you think Google is unresponsive, wait until it takes an act of Congress to respond to changing technology.

    The Internet is a free market. Allowing that market to respond to individual preference is inherently more efficient and effective than federal laws.

    I would have thought the response from programmers to this bill would have been overwhelmingly immediate and negative. The big guys are taking over, and like any other industry, they are lobbying Congress to help them, BECAUSE IT WORKS.

    So back to Google. If you have a test server that you want to avail to a few users without attracting search engines, how do you do it?

  5. Avatar photo
    Eddie Barcellos 2013/06/05 8:03 am

    Did you ever search your access logs to see if a client using a Googlebot UA and was actually coming from a Google IP (use reverse DNS to check this) requested your page?

    • Avatar photo

      Yes, of course.

      • Avatar photo
        Eddie Barcellos 2013/06/05 2:51 pm

        Ok, so Googlebot DID disrespect robots.txt. That’s a new one to me!

      • Avatar photo
        Jeff Starr 2013/06/05 9:24 pm

        Yeah, it’s not uncommon, as you’ll discover with a little searching (around this site and the rest of the Web). Although compared to Yahoo’s notorious slurp bot (which I think is history now), googlebot is a saint. Slurp was the freaking worst.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
I try to make use of default functionality whenever possible. For everything.
Upgraded iMac to Ventura. Disabled "unsend mail" feature and found some (now) hidden wallpaper settings. Overall smooth upgrade.
( $this ) is bloat. ($this) is better.
The Legend of Zelda: Tears of the Kingdom coming May 12, 2023. Absolutely pumped.
Favorite thing for breakfast is a tall glass of cold water. Hits the spot every time.
Fall is my favorite season :)
Still a few days left before “Unlimited” pro licenses are no longer available.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.