Honestly my big concern is if this is effecting our ranking on google, is this effecting our traffic and sales!!!
Someone found a vulnerability where they seem to be forcing google to index searches created on our website.
We have this on our website too. We have opened a case with support but the first line agents don’t understand the issue and don’t seem to know how to fix it. They have tried to explain to me that this is a backlink and tried to send me to the Google Disavow tool. Nope, its not a back link. It resides on our website and we didn’t create it.
1 Like
Ok, got some answers back from some smart folks in the “Shopify Entrepreneurs” facebook group. A great resource you should be in if you are not already there.
To resolve this issue you should create a robots.txt entry for your theme and add the statement below. This will help prevent these from showing up in search. That is the main concern at least for me.
Disallow: /*?q=*
As for the URL these can be created by anyone. You can create one yourself.
The main concern is them getting published in Google SERPs but that can be fixed by adding the robots.txt file.
Hope that helps you!
Its true that fut fifa coin url link can be created by anyone which is vulnerability by it self. If you look into your store code you will not find any fut fifa page.
In simple terms whats happening is there is a hack/bot going around using a vulnerability in our search and vendors?q feature. to display that page on our sites. At the same time that bot is using other sites to link to that created url and forcing google to index that page. Even thou shopify robot.txt is telling google not to index it. But google has this stupid policy that if another page is linking to a page on your site it will still index that page and show it in the search result. Even if your robot.txt says do not index.
Go on google and search “fut 23 coin” , i just did and i got 35 million results , lots of website like ours have this issue, i don’t think its just a shopify problem.
Shopify gave me the same solution which is to disavow the site linking to that fifa url, but i only see one site linking to that url! I m watching to see if another site does it soon or is it always the same site.
I personally think the problem is with vendors?q . Blocking it using robot.txt is not working i think shopify is already doing that!
Also i want to know if this is effecting our online stores ranking traffic and sales?
Has anyone notice a big drop in sales?
Good information…we still need to get to the root of the problem. This is a security risk if an outsider / app can create collections which are hidden on our sites.
1 Like
I see. Using the Google Robots.txt test. tool I was able to confirm that the link I was seeing should have been blocked with the below rule and an edit as I stated above is probably not needed.
Disallow: /collections/+
Update: the Vendor URLs are not blocked by default.
Would you mind walking through how you did that step by step? Thank you!!!
I just followed this article.
https://help.shopify.com/en/manual/promoting-marketing/seo/editing-robots-txt
I m not sure if i was clear in my last post. But google is completely ignoring the robot.txt and still indexing the created fake spam url on your site. That is is due to the fact that this nasty bot is also creating another link on another website to the fake spam url that was just created on your website.
So you can try modifying your robot.txt all you want. Google has this stupid policy where they will ignore robot.txt and still index a page if another site has a link to it.
One fix would be for shopify to change there main code and turn off the venders?q function , this way a spam url can’t be created using that vulnerability and honestly i m not sure why they haven’t done that yet???
Another way would be for google to change there policy on indexing pages site owners don’t want them too just because another website has a link to it. Imagine the negative seo that can be done against you using that method.
2 Likes
Same issue, very annoying.
The spam URL is in Google SERPS and on my site.
here is a link to a solution Jizo_Inagaki suggested that me and few others are trying so far it seems to work :
1 Like