Yesterday morning, James Breckenridge discovered a huge bug in Google Webmaster Tools that technically gave anyone the ability to remove any site from Google's index.
I held off on reporting it here and on Search Engine Land until I know Google fixed the issue. At about 2:30pm (EDT) yesterday, Google informed me that they are investigating the issue and has pulled the URL Removal feature until they can fix it. It was then safe for me to report it and I did.
Google told us:
We're still investigating this report, and to be cautious we disabled all URL removals earlier this morning.
So what happened? How did this work? James Breckenridge explained the steps well, as he said:
The process is actually very simple and just requires some minor modifications to a URL, followed by a form submission. Edit the following URL:
https://www.google.com/webmasters/tools/removals-request?hl=en&siteUrl=http://{YOUR_URL}/&urlt={URL_TO_BLOCK}
Replace in the URL above:
- {YOUR_URL} = A URL you control within Webmaster Tools
- {URL_TO_BLOCK} = The URL of the site you want to block:
- You can request removal of the following:
- Site – Provide top level domain (E.g. http://www.someurl.com/)
- Section – Provide URL of the folder (E.g. http://www.someurl.com/somefolder/)
- Page – Provide URL of the page (E.g. http://www.someurl.com/somefolder/somepage.html)
Google has yet to get back to me on why this happened, how many sites were removed through this method and how this was such an oversight.
Forum discussion at Sphinn and WebmasterWorld.
Update: Google sent us a statement that they have fixed the issue. A Google spokesperson said:
We've confirmed that there was an issue within the URL removal feature in our Webmaster Tools and have already pushed out a fix and re-enabled URL removals.The URL removal feature keeps detailed records, so we're currently reprocessing earlier removal requests to ensure their validity. Our initial examination has shown only a limited impact.
