Asides Google

Banned from Google

Something really weird happened when I had the password problem last week — I completely disappeared from Google. It’s not just the search for Matt, but almost every page on my site has disappeared even for super-obvious searches. This happened within a day of the guy getting into my blog account. I have two theories, one is that when all my links started pointing to blogspot (he changed my siteurl) that triggered some sort of anti-spam flag, and my second theory is that [H]e turned on the new Blog Privacy feature in WP that adds noindex,nofollow to the header of your page, and Google was crawling me that very instant and removed my site. BTW, as an update to the previous entry, I have since found out that I did not have a super-obvious password, but rather he found it embedded in the source code in the SVN repository of a new project I’m working on that hasn’t been released yet. I’ve axed the repo, but at least now I don’t feel so bad about having an awful password on my blog. Regardless, the event was a good excuse to review my password strategy and make sure everything was fairly locked down. Update: I’m certain it was the noindex thing, which looks like it was on for about a week. Let’s see how long it takes to bring everything back and if I rank the same. Update 2: Everything is back to normal. 🙂

48 replies on “Banned from Google”

You might be right but I wouldn’t be so sure about what happened. Every page on Newsvine disappeared entirely from Google for a few days last week without explanation and now it’s back without incident. I just think that weird stuff happens there sometimes. I thought about contacting Google immediately to see what was wrong but I’m glad I waited a few days… just seemed like some sort of indexing hiccup.

there’s a lot going on with google’s datacenters now. that may or may not have something to do with it as well. the best thing you can do is sit back and try not to concern yourself with it. if you weren’t up to no good, you should be groovy.

Matt, I don’t know how to tell you this, but Google has been breaking since March. I can send you links to articles that explain about this Big Daddy update (a 64-bit datacentre). Here is the latest finding from last night, posted in UseNet (AISE):

What the heck?

The page at Webmasterworld where these sites were first made public today
just went offline!

[URL snipped]

Here is my little conspiracy theory of the day: someone does not want this
information public

If you missed the first message here, here are the search queries to play
with on Google’s site:

After 5 minute investigation we have: 56100000 3010000000 1260000000 80800000 42900000 69000000 252000000 27400000 62700000

Giving a grand total of 4,860,900,000


have fun!

Whoa! I don’t know what I’d do if I lost the Google ranking I’ve got, since it’s already fairly low despite years of trying. Definitely a cautionary tale for all on the Internet about making sure where your info is at all times!

Well, you’re lucky to be in Google. I’m waiting for three months now and still nothing. I’m gonna die and our business is falling appart. O mighty Google, please index us!

Strange. Someone got into a few of our WordPress blogs (mine specifically) and deleted our accounts. I could not log in. Anyway, we were using weak ass passwords as well (they are stronger now). Wonder if the events were connected?

Hey Matt

Everything is now well, I am sure that, that MD5 hash string you published in the mailing list was the starting point, I used several types of brute-force password cracker programs last year and found that even though it’s a time consuming way but it _works_ . I know many hackers have powerful tools to mix up brute-force and dictionary attacks.

Don’t worry, google spider is too smart. You still have a 8/10 ranking on google 😉

That sucks. I had a similar situation happen (Google On, Google Gone) where Google had pulled my site from its listing. Unlike yours, my delisting was due to my own error (repeat posts, redirects, basically all the stuff you are NOT supposed to do). It took Google a good few months (about 3) before they correctly re-indexed my site and restored its proper page rank.

Sorry to hear about the loss of your google standings, those aren’t easy to build up. Well, not really. I’m now ahead of you in the search for Matt. Sorry I shouldn’t take pleasure in your pain. But it’ll be fun while it lasts. 😀 (I doubt it’ll last long).

Do you really think it’s a bigger crime to have a potentially weak password than it is to check it into what I’m assuming is a public SVN repository? 🙂

Hi Matt

try a reinclusion request

don’t sit down and wait — or you sit down for the next six months

kindly regards


Regardless of the strength of your password for your blog you should always take extra steps to ensure that you as prepared as possible against vicious attacks, I would have to say the first step you should take at the very least is rename your wp-admin folder and then password protect it with an .htaccess file

as i state don the 16th, there is an update underway, and the results vary according to what datacenter you hit.

keep on doing what you need to do, and the engines will figure it out accordingly.

Perhaps this should be a catalyst to tighten up the security in wordpress in general. I’m an average user with an average wordpress setup. And I think there are some steps the development team could take to improving the basic security setup. One of the key attributes to WordPress’s success are it’s ease of use from the non techie’s perspective. These suggestions would not be too difficult to implement yourself but if they were included by default would offer the average user a lot more protection, especially as WordPress continues to grow in popularity.

Be given an option at install/upgrade to rename the wp-admin directory.
Be given a security management tool that allows you to define IP ranges that are permitted to login as admin
Be asked for random characters of your password not the whole thing every time.
Have the wp-admin interface tell you when and from where you last logged in from.

I dont know if some of these are more suited to plugins (if in fact they might already exist!) but hey I’m just an average user!

It’s nice to see the Good Guys like Matt get their ranking restored quickly once the problem is fixed (He’s #1 again for a search on ‘Matt’), while the Bad Guys loose their ranking just as quickly – see :
(I think this is the incident Roy was talking about above).

(Small off-topic nit pick – The strike tag is used in the original post. It was deprecated in HTML 4.01 and is invalid in XHTML1.1 (the validation link given at the bottom of this page). I’ve been brushing up on XHTML tags lately and discovered the del and ins tags – del or a CSS equivalent is what you want to use.

I think that happens when you choose that option. Noindex thing is dangerous.

By the way, do you want to find out if you are a workaholic?

I found one recently
It is kind of personality , behavior test kind of thingy. It is sort of quiz.

I am a workaholic according to the result. 🙁
Have fun guys.

[…] I was happy to see that by the time I heard of some issues, they were already resolved. On June 16th, Matt Mullenweg posted that he’d been banned from Google. Happily, Matt kept updating the status as he learned more. It turns out that someone had uncovered Matt’s password by scouring the source code for a new project Matt was working on. The bad guy flipped on a privacy feature on Matt’s blog that added a “noindex” meta tag. And we know what the noindex tag does. When Matt figured this out, he removed the noindex tag and he’s back in Google now. In general, if your server is down for a few days and Googlebot can’t crawl your pages, those pages can drop out of our index. But when the pages are alive again, Google will usually find the pages quickly and you should usually return to where you were before. […]