You’re not understanding the issue. “Vendors” is not a collection on our store (and I would expect this is the case for many of the other stores in this thread), so /collections/vendors/ shouldn’t exist. A 404 is the expected response. On top of that, “q” is getting passed into the collection title ( {{collection.title}} in the template outputs the query parameter) for some reason. So, the spammers simply pass anything they want into “q” at /collection/vendors/ for their exploit.
Allan-EP
74
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Is my site hacked with spammy fifa coin links? | 79 | 1051 | September 28, 2023 | |
| Shopify Big Bug: collections/vendors?q=XXXXXX | 44 | 732 | May 7, 2026 | |
| WARNING: /collections/vendors can be a HUGE security risk for your site | 37 | 688 | September 10, 2024 | |
| How can I prevent the new indexing bug from creating useless pages on Google? | 385 | 4895 | July 6, 2023 | |
| Loophole in Shopify stores (Chinese websites hacking attempts) | 31 | 374 | March 22, 2023 |