Support » Plugin: Cerber Security, Anti-spam & Malware Scan » crawl-66-249-64-77.googlebot.com Probing for vulnerable PHP code

  • Resolved ebturner

    (@ebturner)


    Question about the blocking…

    I am seeing LOTS of “googlebots” coming to the site and probing for vulnerable PHP code.

    URL: xxxxxxxxxxx.org/buccinoid-pyroxylic1187zaxu80/bs0637i4588887ld98.php
    URL: xxxxxxxxxxx.org/costing-pyroxylic1194zaxu122/is58dzb1ac5o03of57.php

    WP Cerber is doing great in stopping hackers. I’m concerned as to why this is coming from a googlebot and the problems with blocking real googlebots. If google cannot crawl the site because of being blocked, then this basically hurts my rank.

    All blocked within a few minutes of each other.
    crawl-66-249-64-75.googlebot.com
    crawl-66-249-64-77.googlebot.com
    crawl-66-249-64-79.googlebot.com
    (and more if I search the history)

    I did verify they are actual IP’s owned by google so they are real google bots. If I whitelist the IP’s, then I’m not stopping the probing and loose protection. I’m seeing this on almost all my websites.

    If someone is able to control the google bots to probe for vulnerabilities on a particular site that will lead to all the google bots being blocked. Then the site will loose rank on google because the good google bots will not be able to crawl normally.

    Hopefully someone here can make some sense of this. I’m concerned as blocking google from crawling is not wise.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Gregory

    (@gioni)

    Hi! That happens if Google previously discovered those pages on your wesbite and indexed them. Those page looks like traces of some malware/infection because a normal publicly accessible web page doesn’t have a PHP extension. Now those page are not accessible and all attempts to request them are blocked by Cerber. Anyway, no worries, Cerber never blocks access to real, normal pages on a website and doesn’t prevent search engines from crawling a website.

    Actually no, the site was never hacked and those files never existed. I know for fact because I have several websites…some new, some old. I also see this on clients websites where googlebot is “probing” and the sites are clean and were never hacked previously.

    Also, for that to be true then the url being probed would be listed in the google search results…and its not either.

    I will continue to look for a solution I guess. Thank you for the reply.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘crawl-66-249-64-77.googlebot.com Probing for vulnerable PHP code’ is closed to new replies.