Banned from Google

Something really weird happened when I had the password problem last week — I completely disappeared from Google. It’s not just the search for Matt, but almost every page on my site has disappeared even for super-obvious searches. This happened within a day of the guy getting into my blog account. I have two theories, one is that when all my links started pointing to blogspot (he changed my siteurl) that triggered some sort of anti-spam flag, and my second theory is that [H]e turned on the new Blog Privacy feature in WP that adds noindex,nofollow to the header of your page, and Google was crawling me that very instant and removed my site. BTW, as an update to the previous entry, I have since found out that I did not have a super-obvious password, but rather he found it embedded in the source code in the SVN repository of a new project I’m working on that hasn’t been released yet. I’ve axed the repo, but at least now I don’t feel so bad about having an awful password on my blog. Regardless, the event was a good excuse to review my password strategy and make sure everything was fairly locked down. Update: I’m certain it was the noindex thing, which looks like it was on for about a week. Let’s see how long it takes to bring everything back and if I rank the same. Update 2: Everything is back to normal. 🙂

48 thoughts on “Banned from Google

  1. You might be right but I wouldn’t be so sure about what happened. Every page on Newsvine disappeared entirely from Google for a few days last week without explanation and now it’s back without incident. I just think that weird stuff happens there sometimes. I thought about contacting Google immediately to see what was wrong but I’m glad I waited a few days… just seemed like some sort of indexing hiccup.

  2. there’s a lot going on with google’s datacenters now. that may or may not have something to do with it as well. the best thing you can do is sit back and try not to concern yourself with it. if you weren’t up to no good, you should be groovy.

  3. Matt, I don’t know how to tell you this, but Google has been breaking since March. I can send you links to articles that explain about this Big Daddy update (a 64-bit datacentre). Here is the latest finding from last night, posted in UseNet (AISE):

    What the heck?

    The page at Webmasterworld where these sites were first made public today
    just went offline!

    [URL snipped]

    Here is my little conspiracy theory of the day: someone does not want this
    information public

    If you missed the first message here, here are the search queries to play
    with on Google’s site:

    After 5 minute investigation we have: 56100000 3010000000 1260000000 80800000 42900000 69000000 252000000 27400000 62700000

    Giving a grand total of 4,860,900,000


    have fun!

  4. Whoa! I don’t know what I’d do if I lost the Google ranking I’ve got, since it’s already fairly low despite years of trying. Definitely a cautionary tale for all on the Internet about making sure where your info is at all times!

  5. Well, you’re lucky to be in Google. I’m waiting for three months now and still nothing. I’m gonna die and our business is falling appart. O mighty Google, please index us!

  6. Sorry to hear that some damage was done, some people are just jerks. Hopefully it will correct itself, google seems to be pretty regular on the updates on indexing.

  7. Strange. Someone got into a few of our WordPress blogs (mine specifically) and deleted our accounts. I could not log in. Anyway, we were using weak ass passwords as well (they are stronger now). Wonder if the events were connected?

  8. Hey Matt

    Everything is now well, I am sure that, that MD5 hash string you published in the mailing list was the starting point, I used several types of brute-force password cracker programs last year and found that even though it’s a time consuming way but it _works_ . I know many hackers have powerful tools to mix up brute-force and dictionary attacks.

    Don’t worry, google spider is too smart. You still have a 8/10 ranking on google 😉

  9. Would have sucked alot more if you where physically banned from google. The majority of my traffic is from google, so it would pretty much kill my traffic.

  10. That sucks. I had a similar situation happen (Google On, Google Gone) where Google had pulled my site from its listing. Unlike yours, my delisting was due to my own error (repeat posts, redirects, basically all the stuff you are NOT supposed to do). It took Google a good few months (about 3) before they correctly re-indexed my site and restored its proper page rank.

  11. Sorry to hear about the loss of your google standings, those aren’t easy to build up. Well, not really. I’m now ahead of you in the search for Matt. Sorry I shouldn’t take pleasure in your pain. But it’ll be fun while it lasts. 😀 (I doubt it’ll last long).

  12. Do you really think it’s a bigger crime to have a potentially weak password than it is to check it into what I’m assuming is a public SVN repository? 🙂

  13. Call me a paranoid. But every single password that I use for any website is unique.

    I sign up for many web services. One fear I have of using a single password is the single compromise that compromises everything.

    For this I find using Password Safe very useful.

  14. Hi Matt

    try a reinclusion request

    don’t sit down and wait — or you sit down for the next six months

    kindly regards


  15. Regardless of the strength of your password for your blog you should always take extra steps to ensure that you as prepared as possible against vicious attacks, I would have to say the first step you should take at the very least is rename your wp-admin folder and then password protect it with an .htaccess file

  16. as i state don the 16th, there is an update underway, and the results vary according to what datacenter you hit.

    keep on doing what you need to do, and the engines will figure it out accordingly.

  17. Perhaps this should be a catalyst to tighten up the security in wordpress in general. I’m an average user with an average wordpress setup. And I think there are some steps the development team could take to improving the basic security setup. One of the key attributes to WordPress’s success are it’s ease of use from the non techie’s perspective. These suggestions would not be too difficult to implement yourself but if they were included by default would offer the average user a lot more protection, especially as WordPress continues to grow in popularity.

    Be given an option at install/upgrade to rename the wp-admin directory.
    Be given a security management tool that allows you to define IP ranges that are permitted to login as admin
    Be asked for random characters of your password not the whole thing every time.
    Have the wp-admin interface tell you when and from where you last logged in from.

    I dont know if some of these are more suited to plugins (if in fact they might already exist!) but hey I’m just an average user!

  18. Man thats horrible. Some might think its petty, but I look at it like breaking into someone’s house. Get a gun and protect your domain. 😉

  19. It’s nice to see the Good Guys like Matt get their ranking restored quickly once the problem is fixed (He’s #1 again for a search on ‘Matt’), while the Bad Guys loose their ranking just as quickly – see :
    (I think this is the incident Roy was talking about above).

    (Small off-topic nit pick – The strike tag is used in the original post. It was deprecated in HTML 4.01 and is invalid in XHTML1.1 (the validation link given at the bottom of this page). I’ve been brushing up on XHTML tags lately and discovered the del and ins tags – del or a CSS equivalent is what you want to use.

  20. I think that happens when you choose that option. Noindex thing is dangerous.

    By the way, do you want to find out if you are a workaholic?

    I found one recently
    It is kind of personality , behavior test kind of thingy. It is sort of quiz.

    I am a workaholic according to the result. 🙁
    Have fun guys.