@Mont I’ve tried some merchant sites and that first sitemap URL results in a 400 error
Topic summary
Shopify store owners discovered spam pages being indexed by Google through exploited URL parameters, primarily affecting /collections/vendors?q= and /search?q= endpoints. Malicious bots create fake URLs by appending spam queries (often FIFA coin advertisements) that get indexed when external sites link to them, despite robots.txt blocking.
Root Cause:
The vulnerability stems from Shopify themes displaying search queries as page titles on zero-result pages instead of returning 404 errors. Google indexes these pages when external spam sites create backlinks, ignoring robots.txt directives.
Community Solutions Implemented:
- Add noindex meta tags to vendor/search pages with zero results
- Modify theme.liquid to prevent spam text in titles
- Update collection-content.liquid to display 404 messages for empty vendor queries
- Use Google Search Console’s temporary removal tool for bulk URL removal
- Avoid Google Disavow tool (recommended only for manual penalties)
Shopify’s Response:
After community pressure, Shopify deployed fixes making /collections/vendors?q= pages return 404 status. Similar fixes were implemented for search pages and web-pixels-manager spam. However, new variants continue emerging (e.g., /collections/all/ spam).
Current Status:
The /vendors?q= issue is largely resolved. Affected stores report gradual deindexing over weeks, with SEO rankings recovering. Store owners should verify noindex implementation and ensure robots.txt doesn’t block crawlers from seeing 404/noindex responses.
The culprit is vendors?q= after collections/ At least Google excluded it. that’s good
Shopify’s 1st fix was to send all of those vendors?q= to a 404 page, but that’s a short cut fix IMO.
GOOD NEWS …cool business btw. anyway I went to https://www.french-address.com/sitemap.xml
TRY this. Looks like your sitemap was altered as well by shopify. So now go ask google console to re-index your https://www.french-address.com/sitemap.xml ASAP
Google continues to index “search” spam pages. This is really becoming problematic, and it’s starting to impact my SEO (loss of keywords, loss of traffic…).
The solution with “no index” doesn’t work. Every day, google indexes new “search” spam pages.
The right solution would be to implement a 404 on these pages. As for the “vendors” problem. It is through this solution that the “vendors” problem has been solved.
What about Shopify, why don’t you implement this same solution ?
Be aware that our stores are directly impacted by your failures, and the delay counts.
Thank you for considering my request.
Best regards
2 Likes
I would just like to confirm that new “search” spam pages are also still being indexed by Google on my end also.
The number of spam pages being indexed keeps going back up.
Is any permanent solution in the works?
1 Like
@Maxime_Breton_V can you DM a /search link that is being indexed?
I’m getting new spammy pages being indexed by Google on my end as well.
1 Like
We’re aware of the collections/all/ spam. Please DM me to let me know if you’re using an official Shopify theme or a third-party theme.
2 Likes
Hi Greg,
Today I noticed https://mywebsite/search?q= spam urls are increasing. I was down in the 4K for indexed but it’s rising again due to these so I’ve submitted a removal request until I hear from someone on this board to keep the numbers from shooting up again.
@Vicky6 please DM me one of the search URLs that has been indexed. Those should be 404’d.
I’m now experiencing similar vendor spam on one of my sites, but after /collections/all
What code can we enter into our headers to set any filters / pages created after a genuine collection path as noindex?
For example…
GOOD: example.com/collections/mens-shirts (index)
GOOD: example.com/collections/all (index)
BAD: example.com/collections/all/best-site-ps4-ps5 (noindex)
BAD: example.com/collections/mens-shirts/spam-text (noindex)
Thanks.
1 Like
Hi Dave,
Thanks for your reply. To me, this is the best solution and the only one that makes any sense.
However, I am not sure how to do this (or too dumb!)
Do you have the contact of your dev team? I would like someone to do it for me.
Thanks,
Claudia
Yours looks like mine. blah blah blah /search?q=ddos攻击安卓手机… Did you find any solution?
Please advise!
Thanks
I just don’t understand why we need to waste time trying to figure this out.
Shouldn’t be included in the fee we pay every month? Or access to a manual? a training? anything?
I’ve read the whole thread, and I am lost. I am not sure what to do and have hundreds of pages INDEXED in Chinese.
Please please what should I do?
I am using a third-party theme. And I need help 
I am soooo lost!
Hi all,
I am having a similar issue I have found a link in Google search console that appears to originate from my website however it does not and is promoting some diablo levelling up service. Shopify support keep repeating that I should disavow the link, this may not be a good idea disavowing links from my website in general. Shopify have not offered any further solution but did provide links on how to make my account secure before later telling me my account was secure. I have found many instances of people having similar issues on the internet and have sent to Shopify but keep getting a generic reply.
1 Like
I wrote an article on this with many solutions a little while back. I believe the same solutions will still apply and work today.
Feel free to comment back on here if you have any questions!
2 Likes
thank you!
Hi @gregbernhardt , I’m having the same issue with collections/all/ spam links. I’ve already contacted Shopify customer support twice, but I had no luck. Could you please help me? Can I DM you one of the links?
@MJC I’m experiencing exactly the same thing with diablo stuff links. Did you somehow resolve this issue?
1 Like
Hi @pauldrecksler ,
Did you find solution for this? Thank you
I’m curious to know if you were able to solve this issue. I’m currently facing the same challenge and even similar SPAM URLs including diablo stuff.