Hi Trevor!
Have there been any efforts made towards tracking these vulnerabilities?
Another thing we noticed recently, (FROM MY VERY LIMITED UNDERSTANDING OF THIS WORLD) we are able to generate what should be non-existant pages with SQL ( site:baistgloves.com + best ) injections, retuning pages like this " https://baistgloves.com/collections/best-selling-collection?page=4 " Is this avoidable? Notice, it’s not only showing a collection we are unaware of/never made, it’s taking you to the 4th page with no products on it. Why?
Hey @Trevor
i reported this exact issue back in October but was ignored numerous times. Seems like it’s not gotten much worse for many other merchants.
There is now a new bug I found last week - this one is even more serious for you to get fixed as it seems that even noindex or robots.txt can’t fix this new bug. Please flag this below to all the people necessary at Shopify.
https://community.shopify.com/post/1918809
I was on a different thread about this which was then hidden and I can no longer access it.
That thread had some great code to use similar to the above, and I asked if using the Search Console REMOVALS tool for www.yourwebsite/collections/vendors was a good idea. One person said yes .. curious what others think.
A Shopify person in early Jan said that Shopify was making changes so any click on a /collections/vendors link would return a 404. (?)
My shopify support person couldnt confirm if the URLS were “generated by a spam bot entering search queries (to trigger indexable pages with the spam sites in)” OR if the “website had been maliciously hacked”.
One woman said she removed the most recently installed app and the attack stopped. But I think she was lucky as millions of stores cant have been using that app.
Can anyone add more info?
Hi, has this been fully rolled out yet? I’m still seeing this issue on my site at the moment (spammy links in …/Collections/Vendors?Q=…) and its has been occurring for many months now.
Hello, I still have the same problem today, it has been exactly three month this started to affect our store, no solution?