Blog

Google Webmasters Flaw Allows You To Remove Any URL From Their Index

by

29 Comments http://bro.gs/vanv

Sounds crazy? It’s Matt Cutts worst nightmare…

The story was reported by James Breckenridge on his blog (which is brand spanking new, I guess he wanted to get some link juice out of this)!!!!

Basically you access Webmasters Tools and use the following URL:

https://www.google.com/webmasters/tools/removals-request?hl=en&siteUrl=http://{YOUR_URL}/&urlt={URL_TO_BLOCK}

So we thought we’d give it a try with Alex’s bingo site (http://bingoplayuk.com/) – Alex has kindly given me permission to do this.

Here’s the URL we’re going to use:

https://www.google.com/webmasters/tools/removals-request?hl=en&siteUrl=http://www.bronco.co.uk/&urlt=http://bingoplayuk.com/

I have access to the www.bronco.co.uk domain, but not bingoplayuk.com – so if the removal is successful it means that I could remove any URL: Facebook.com, ebay.com, amazon.com – I’m guessing Google will get it fixed pretty sharpish if that were to happen!

And here is the screenshot of it indexed before:

After using the URL above I got sent to a confirmation page where it said “This will remove all instances of http://bingoplayuk.com/ from Google search results” and asked me to confirm my request:

I clicked submit and tried it again, it’s still there, but tomorrow we should be able to see if it is removed.

James has shown a couple of examples on his original blog post, which you can read here.

29 Comments

  • Martin Macdonald 673 days ago

    http://seoforums.org

    doesnt work unless its also backed up by a robots.txt disallow.

    It does appear in the target WMT messages though, so the site owner does see the removal request and subsequent cancellation.

    Reply

  • David Whitehouse 673 days ago

    Hi Martin,

    It does appear to work, I imagine it needs robots.txt for a permanent removal – as it says on the image.

    Secondly, the owner may not log into Google Webmasters Tools – and Alex hasn’t received an email warning of the site removal. I don’t just GWT for my own personal site every day – so I think it’s quite feasible this could happen.

    Tomorrow I’ll have the results – even a temporary loss in traffic could be critical for some businesses.

    Reply

  • Paul Gailey 673 days ago

    http://paulgailey.com

    are GWT emailed message notifications of logs active by default ?

    Reply

    • David Whitehouse 673 days ago

      I’m not sure…

      Reply

  • Clayburn 673 days ago

    http://www.clayburngriffin.com/

    Remove all the Internets!

    Reply

  • jan | rt-designs 673 days ago

    http://www.rt-designs.de

    No, action -> e-mail is not the default setting in GWT.
    I could imagine that spotting abuse of this exploit – if it really works – could be pretty easy and the punishment hard..

    Reply

  • Justin Throngard 673 days ago

    http://www.simplecmsdesign.com

    Someone should remove GWT from the index…..

    Reply

  • Dave 673 days ago

    As far as I can tell, it worked on bingoplayuk.com. A search for site:bingoplayuk.com returns no results.

    Reply

  • Joost de Valk 673 days ago

    http://yoast.com/

    Even if it’s true David, do you think it’s wise to blog such a thing? I’d rather you’d email someone at Google and get it fixed.

    Reply

    • jboutin 673 days ago

      If you read the blog post at all, the blog post that David links to that covers the story originally, already notified Google.

      Reply

      • Joost de Valk 673 days ago

        http://yoast.com/

        I did read it, Dave & David have other channels to Google though.

        Reply

      • Joost de Valk 673 days ago

        http://yoast.com/

        And btw, he noticed it yesterday, emailed some people and blogged it, that is not responsible disclosure. Responsible would be to wait for a couple of days until he’s heard back. If you don’t hear back after 2 weeks and blog it, that’s another story.

        Reply

    • David Whitehouse 673 days ago

      Hi Joost, I fully agree, it was irresponsible to post this, unfortunately I was told to do it as part of my job. Although it was already in the public domain, Dave’s blog will have amplified it to its subscriber base.

      Oh and I don’t have any other channels to Google than anyone else, maybe Dave does, but I don’t really know much about that.

      Reply

  • jboutin 673 days ago

    I wonder what would happen..

    https://www.google.com/webmasters/tools/removals-request?hl=en&siteUrl=http://yourURL&urlt=http://google.com/

    Reply

  • Joost de Valk 673 days ago

    http://yoast.com/

    I think you should treat stuff like this exactly the same as a security flaw, and disclose responsibly.

    Reply

  • Alex 673 days ago

    http://www.technologycerts.com

    Very interesting, I am curious to see how this pans out tomorrow and the coming days. I find it unlikely anyone would want to do this, except to mess with the competition of course, in which case Google would surely fix it immediate;y.

    Reply

  • Vov 673 days ago

    http://www.alltechienews.com/

    Its too good to be true!

    Reply

  • Darren Singleton 673 days ago

    http://darren.me/

    I’m not seeing the website showing up in results, here’s a screenshot to show:

    http://i.imgur.com/7dEUm.png

    Reply

  • mental 673 days ago

    http://mentalmind.info

    Whoa, i don’t have any results for site:bingoplayuk.com as well. I can’t believe that google can overlook something like that.

    Reply

  • Ving 673 days ago

    http://www.vcmarketing.co.uk

    Shows up when I use site:bingoplayuk.com in Google.co.uk and google.com

    Reply

  • David Whitehouse 673 days ago

    I haven’t seen anything removed yet, I did a search without “site:” if you just search bingoplayuk.com it is still there.

    Reply

  • The Google Webmaster Tools Flaw – Perhaps not so flawed after all… 672 days ago

    [...] don’t need to go over this in too many details as you can read about it on Dave Naylor’s Blog, where he performed a number of tests. The tests though, seem flawed. Dave managed to submit the [...]

  • Roger Bert 672 days ago

    http://www.letsshop247.com

    I don’t think this woks.

    The process of removing URLs is too stringent.

    I have been trying to remove my own domain for a while and keep getting problems.

    Reply

  • Google pulls plug on URL removal tool – ZDNet UK – Social Network News 672 days ago

    [...] Google Loophole Let Anyone Remove Any Site From GoogleSearch Engine RoundtableDavid Naylor’s SEO Blog (blog) -Search Engine Landall 6 news [...]

  • LordManley 671 days ago

    http://twitter.com/?status=@lordmanley

    This is not new – it has been possible to remove anyone else’s page (or indeed entire site) if they have any errors in their robots.txt file for some time.

    Certainly I was able to do it successfully back in 2006, although the details must remain private.

    Reply

  • Heather 671 days ago

    http://callmestupidbut.co.uk

    Rumour has it, Google has now fixed this: http://www.v3.co.uk/v3-uk/news/2095734/google-fixes-major-flaw-url-removal-tool

    Although I haven’t found reference to this on any of the official Google blogs.

    Reply

  • Mitchell 671 days ago

    http://www.rosarykingdom.com

    hey guys, i am 20 years old ,im new to web technology , can someone please inform me.

    what is a robot.txt?
    what is a GWT? A WMT?

    please and thanks

    Reply

  • cayon 658 days ago

    lol i thought it was a 1st april fool. no, that’s real. excelent

    Reply

  • mauritius seo 638 days ago

    http://www.mauseo.com/

    Wow so dangerous hope Google fix it already

    Reply

Write your comment

Optional

The Bronco Family
Work With Us