Easy Hack Allowed Anybody to Remove Domains From Google’s Index

0

Google’s Webmaster Tools are a collection of handy utilities for website owners to check how Google sees their sites, report moved sites and check on search engines stats for their domains. Today, however, UK-based developers James Breckenridge also found a way to use this tool to remove any domain from Google’s index with just a simple copy and paste hack. Google is already blocking this attack, so while you may be able to think of a few sites you don’t want Google to ever find again (either yours or others), it’s now too late to use this exploit.

Here is how Breckenridge explained the hack:

The process was actually very simple and just required some minor modifications to a URL, followed by a form submission.

Edit the following URL:

https://www.google.com/webmasters/tools/removals-request?hl=en&siteUrl=http://{YOUR_URL}/&urlt={URL_TO_BLOCK}

Replace in the URL above: [list]

  • {YOUR_URL} = A URL you control within Webmaster Tools
  • {URL_TO_BLOCK} = The URL of the site you want to block:
    • You can request removal of the following:
      • Site – Provide top level domain (E.g. http://www.someurl.com/)
      • Section – Provide URL of the folder (E.g. http://www.someurl.com/somefolder/)
      • Page – Provide URL of the page (E.g. http://www.someurl.com/somefolder/somepage.html) [/list]

Given the importance of having your site listed in Google’s index, it is surprising that a massive issue like this went undetected for a potentially very long time. It’s not clear if anybody else had already found and exploited this issue before Breckenridge reported it, but given how easy this hack was, I wouldn’t be surprised.

Frederic Lardinois founded SiliconFilter in 2011. Before starting this site, he wrote about 1,500 articles for ReadWriteWeb. His areas of interest are consumer web and mobile apps, as well as Internet-connected devices like cars, smart sensors and toasters. You can reach him at [email protected]

NO COMMENTS

Leave a Reply