Google Hacking Me

Update: they haven’t done this in awhile now – maybe they stopped this behavior (October 2011).

(original post follows)

I know this is probably under the radar for most people, but Google, who says “do no evil” tries to hack web sites on a regular basis. Last night, Googlebot (more specifically the host “”) tried to send a made-up QUERY_STRING variable to one of my web site programs. (For those who don’t know, the QUERY_STRING is the stuff starting with a “?” in a long url; it is a way of passing information to a program, similar to submitting a web form). Googlebot tried to send a completely made-up “action” parameter in an effort to see how my script would respond.

Of course since I know what I’m doing, my script kicked Googlebot off and did not reveal anything, but it still ticks me off that a company who says “do no evil” goes poking around in what can only be a nefarious manner, since there is no legitimate reason to pass random parameters to web scripts.

Leave a Reply

Your email address will not be published. Required fields are marked *