Google won’t let you search for PHP resources anymore. What's next?
 | ||
 | Email weblog link | |
 | Discuss | |
 | Blog this |
Nitesh Dhanjani
Feb. 18, 2005 01:26 AM
Permalink
URL: http://www.google.com/search?q=inurl:blah.php&hl=en&lr=&c2coff=1&start=10&s...
Try the following URL:
http://www.google.com/search?q=inurl:blah.php&hl=en&lr=&c2coff=1&start=10&sa=N
You will get this message:
In other words, Google won’t let you look beyond the first 10 results if you request it to find URLs that point to PHP resources. This is most likely Google’s response to recent worms that have been using Google to look for vulnerable versions of PHP code.
In this case, Google is attempting to help thwart the propagation of malicious worms, and that is a good thing. To some degree, it is also in Google's self interest to help out: thousands (perhaps more?) infected machines were consuming Google's resources.
Although the number of users who may want to search for PHP resources (in the URL) may be small, this concerns me. Where will Google draw the line in the future? Should Google continue to forbid more types of queries, it will become less useful to legitimate users.
In my Google Your Site For Security Vulnerabilities article, I mention various queries that can be used to find vulnerabilities using Google. The ideas in that article derive from the excellent resources at Jonny Long’s website which contains a huge database of such queries. What if a worm in the future were to use an entire database of such queries to help it find vulnerable targets? At what point will Google decide against banning a certain query because doing so would interfere with legitimate use?
On the other hand, imagine a few hundred thousand PCs infected with worms hammering away Google for additional attack targets, thus causing a denial of service attack on Google's network. In such a case, Google will be left with little choice but to ban a bigger list of queries. It will be interesting to see how this plays out in the future.
Nitesh Dhanjani is a well known security researcher, author, and speaker.
Showing messages 1 through 3 of 3.
-
More search results
2005-02-19 01:23:24 rkm28 [Reply | View]
You can see more search results if your Google preferences are set to more than 10 results per page. I am set to 100/page and I saw all 100. The 2nd page, however, still brings up the error.
-
Looks pretty simple to me
2005-02-18 02:47:29 aristotle [Reply | View]
There's a pattern of queries that's causing Google problems, so they're reacting by filtering queries that look like it. Where's the trouble? I don't think they decide to filter queries out of the blue. In related concerns, see tragedy of the commons. -
Looks pretty simple to me
2005-02-18 13:37:43 Nitesh Dhanjani [Reply | View]
I don't have a problem with it as of now. What if worms in the future abuse Google with queries that if blocked will prevent legitimate searches? Will Google continue to block every query a worm uses to hammer its resouces? Who knows.. but I'll be interested to see how this plays out :-)
| Showing messages 1 through 3 of 3. |
Return to weblogs.oreilly.com.
Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express, and O'Reilly Media, Inc., disclaims any and all liabililty for that content, its accuracy, and opinions it may contain.
This work is licensed under a
Creative Commons License.
