?

Log in

No account? Create an account

Previous Entry | Next Entry

Google Over Reaction?

I'm working on a piece on web hosting at the moment.

To wrap up the copy I need some examples of hosting providers in different spaces. I needed to find a host who could be used to help build community sites, so I did what we usually do in the cases: I fired up a Google search for the innocuous set of terms "phpbb host uk", found nothing I wanted to use on the site on the first page, clicked "next", and got an HTTP 403 Forbidden message from Google:

We're sorry...

... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.

This came as a bit of a surprise, as I run a relatively secure network - not only do the desktop PCs and notebooks all run virus scanners, spyware scanners and personal firewalls, but I've got an extra layer of security in the shape of a hardened router.

I tried a few different search terms, but it appeared that any search that began with the phrase "phpbb" would return this error message, while other searches carried on happily. Put the term in second or third, and you'd be fine. Puzzled, I took my problem to the assorted minds in another place.

ramtops found a ZDnet piece from a year ago on a worm that replicated by using Google to search for unpatched PHPBB installations. It looks like Google's stopgap solution for preventing the spread of the Santy worm is still in place - and blocking access to queries.

I'm surprised that no one at Google has put a better fix in place yet. Especially as the worm isn't likely to be making its queries with the HTTP headers of a browser only released a couple of weeks ago.

Even a CAPTCHA would be better than blocking queries completely.

Comments

( 4 comments — Leave a comment )
del_c
Dec. 12th, 2005 05:24 pm (UTC)
I saw this for the first time this weekend, and observed that it only happened on queries containing one word.

What annoyed me was that the message implies it's the host that's triggering the lockout, when it's not, it's the search terms.

megadog
Dec. 12th, 2005 05:43 pm (UTC)
Block in haste, forgive at leisure (if at all).
One of Tanuki's Axioms is that once something makes its way into a privately implemented blocklist/filter, it's all-but impossible to guarantee that it will _ever_ be removed.

There are still plenty of filters the world over that date back to 1996/97 and the days of Cyberpromo/AGIS/Sanford Wallace - and the associated net space will in all likelihood remain tainted until the heat-death of the Universe.
blufive
Dec. 12th, 2005 08:00 pm (UTC)
I've seen something very similar mentioned elsewhere in the last day or two. IIRC, they said clearing cache/cookies sorted it. I'll have a look and let you know if I find it again...
blufive
Dec. 12th, 2005 09:40 pm (UTC)
Aha. See this post in mozilla. I can't read the German stuff they link, but it sounds like it could be down to you sharing a proxy with someone who is infected. Anyhow, the original poster claims that clearing cache and/or history seemed to help.
( 4 comments — Leave a comment )