Major Google Loophole Let Anyone Remove Any Site From Google

Jul 20, 2011 • 9:29 am | comments (14) by twitter Google+ | Filed Under Google Search Engine Optimization
 

Google WebmasterYesterday morning, James Breckenridge discovered a huge bug in Google Webmaster Tools that technically gave anyone the ability to remove any site from Google's index.

I held off on reporting it here and on Search Engine Land until I know Google fixed the issue. At about 2:30pm (EDT) yesterday, Google informed me that they are investigating the issue and has pulled the URL Removal feature until they can fix it. It was then safe for me to report it and I did.

Google told us:

We're still investigating this report, and to be cautious we disabled all URL removals earlier this morning.

So what happened? How did this work? James Breckenridge explained the steps well, as he said:

The process is actually very simple and just requires some minor modifications to a URL, followed by a form submission. Edit the following URL:

https://www.google.com/webmasters/tools/removals-request?hl=en&siteUrl=http://{YOUR_URL}/&urlt={URL_TO_BLOCK}

Replace in the URL above:

  • {YOUR_URL} = A URL you control within Webmaster Tools
  • {URL_TO_BLOCK} = The URL of the site you want to block:
    • You can request removal of the following:
      • Site – Provide top level domain (E.g. http://www.someurl.com/)
      • Section – Provide URL of the folder (E.g. http://www.someurl.com/somefolder/)
      • Page – Provide URL of the page (E.g. http://www.someurl.com/somefolder/somepage.html)
Personally, I did not test this out but I know it worked.

Google has yet to get back to me on why this happened, how many sites were removed through this method and how this was such an oversight.

Forum discussion at Sphinn and WebmasterWorld.

Update: Google sent us a statement that they have fixed the issue. A Google spokesperson said:

We've confirmed that there was an issue within the URL removal feature in our Webmaster Tools and have already pushed out a fix and re-enabled URL removals.

The URL removal feature keeps detailed records, so we're currently reprocessing earlier removal requests to ensure their validity. Our initial examination has shown only a limited impact.

Previous story: Link Building Through Old GeoCities Links?
 

Comments:

James Holden

07/20/2011 01:36 pm

Oh dear, that's some sloppy code there. Whoops :-(

andyblackburn

07/20/2011 02:03 pm

Other than James, nobody else can seem to replicate it. DaveN did a test and that site is still in the SERPs... I've posted about it here: http://bit.ly/mYQJNA - Seems a bit suspect to me, perhaps linkbait for James' brand new blog?

Nick Stamoulis

07/20/2011 02:16 pm

If someone were capable of doing what James did, I can see a lot of black hat spammers jumping at the chance. Hopefully few sites were affected by the bug. Will be interesting to hear what Google has to say about it.

aUsAys.com

07/20/2011 03:49 pm

http://www.ausays.com/ still not yet... :(

Mr. Gary Lee

07/20/2011 06:45 pm

whoever does this now is going to get a major smackdown from google . . . agree/disagree?

Home Remedies MD

07/20/2011 09:34 pm

Wow, this is probably a gold mine for blackhat marketers

Matt

07/21/2011 03:17 am

Round table - Some good reporting with this google hole , that would be a field day for the hackers.  A nice catch by James - Surely someone fell asleep at the wheel

Hiren Vaghela

07/21/2011 09:06 am

Might be some webmasters effects form this bug also and looking forward to what Big G is provide the solution for this issue.

andyblackburn

07/21/2011 09:09 am

I really don't think this bug actually works - I posted a link to my blog below which outlines that the other security measures employed by the URL removal tool will stop this from working.

john lewis uk

07/21/2011 10:03 am

Bugs in google, isn't it strange? Even i heard that the dropping of PR in twitter from 9 to 0 and back to 9 was also a bug. Don't know what reality is. But if this news is true than Google must think about it seriously.

Rob Abdul

07/21/2011 11:12 am

God bless James Breckenridge!

lien dofollow

07/21/2011 05:59 pm

It seems that BlackHat marketers didn't know this tip..  If they did, SERP's would have a very strange appearence :)

Hiren Vaghela

07/22/2011 05:11 am

I think this is fix now andy.

emma

04/21/2014 09:05 am

an old account of mine has been hacked and the hacker wrote very bad and indecent languange on the account so the admins of the site banned the account. that means i can't make any changes to it and it still appears in the top google search results and therefore, i can't remove it from google and it ruins my reputation! what should i do? please help me!

blog comments powered by Disqus