An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to

March 29, 2006

Googlebot Can Destroy Sites

Googlebot follows every links in the pages it indexes. But what if that links have disastrous effects? Here's a lesson about Googlebot's power to destroy a badly conceived site.

"Josh Breckman worked for a company that landed a contract to develop a content management system for a fairly large government website. Much of the project involved developing a content management system so that employees would be able to build and maintain the ever-changing content for their site.

Things went pretty well for a few days after going live. But, on day six, things went not-so-well: all of the content on the website had completely vanished and all pages led to the default "please enter content" page. Whoops.

Josh was called in to investigate and noticed that one particularly troublesome external IP had gone in and deleted *all* of the content on the system. The IP didn't belong to some overseas hacker bent on destroying helpful government information. It resolved to, Google's very own web crawling spider. Whoops.

As it turns out, Google's spider doesn't use cookies, which means that it can easily bypass a check for the "isLoggedOn" cookie to be "false". It also doesn't pay attention to Javascript, which would normally prompt and redirect users who are not logged on. It does, however, follow every hyperlink on every page it finds, including those with "Delete Page" in the title. Whoops."

So next time don't assume every visitor has JavaScript activated and validate the actions both on client side and on server side. If you want to validate your data for accuracy and security then you must use server side code to check your form inputs.

And something else: according to the HTTP 1.1 specification, the GET method is defined as a Safe Method which "SHOULD NOT have the significance of taking an action other than retrieval." If you to change a state (delete content, replace data), you should use POST.

Related posts about security:
Google Deleted... Google Blog
GMail vulnerability: GMail runs javascript in body
Get sensitive information using Google


  1. What?! You could access the admin area of the CMS with cookies and JS turned off? And you landed a large government contract?! Hat's off to your Marketing Dept...

  2. Talk about application flaw, not the Googlebots fault.

  3. You got the title wrong. It should read "Bad Coding Can Destroy Sites". Let us know which government gave you the contract will ya. ROFLOL

  4. That sounds like the worst programmed site ever. Why the hell would you make sure the user is logged in with javascript?!!? and why the hell you you use GET to delete stuff??!!!?

    learn basic programming dumbass!

  5. Title should be... "Clueless Programers Can Destroy Important Data" -- no surprise there!

  6. This can happen with your own bots. I ran an ftp link program designed to seek out every page to find dead links and orphan pages. It identified the directory containing phpmyadmin and proceeded to wipe a database clean


  7. Türkiye de rokettube pornoları çok fazladır, en güzel rokettube porno videosu için sürpriz sikiş porno sitesini ziyaret edin
    rokettube sikişleri gerçekten de rokettube sürpriz porno kadar kaliteli dir. sitesinde rokettube izleyin.
    rokettube sikişleri ve pornosu rokettube rokettube sikişi.

    Son zamanlarda anne pornoları çok izlenmektedir.Anne porno oldukça fazla google da aratılmaktadır, anne sikişleri çok rabet görür.
    en güzel anne pornoları sitesinde yer almaktadır, anne porno videoları izlemek için güncel olan siteye gelin.
    anne sikişi anne porn, anne porno
    anne porn, anneler sikiş.

    tecavüz pornoları en güzel site olan sitesinde yer almaktadır, tecavüz demek bir kadını zorla sikmek demektir.
    tecavüz pornosu da en çok sürprizporno sitesinde vardır, en güncel tecavüz pornosu izlemek için gelin sizde izleyin, tecavüz porno.
    tecavüz pornosu ve sikişler. tecavüz porno
    sikişi ve tecavüz izlenir.tecavüz porno.

    türkçe altyazılı porno dan kaıt şudur, türkçe değildir ve türkçe gibi lanse edilir.bu tarz türkçe altyazılı pornolar çok nadir de
    olsa sitemizde vardır, buyrun gelin kesin sitemizi beğeneceksiniz, türkçe altyazılı pornoların kralı biizm sitemizdedir.
    çünkü türkçe altyazılı porno demek yabancı pornoya altyazı eklemektir.
    türkçe altyazılı porno türkçe altyazılı sex porno.


Note: Only a member of this blog may post a comment.