Why am I getting threat alerts for my search engine?

Created at:
Avatar
Updated

Sometimes you might get a threat alert indicating that a search engine threat attempt was detected.

For example:

“Blocked 1 SQL Injection attempt from United States (66.249.71.25) by Bot – Googlebot”

This usually means that someone has planted a link in another website that causes search engines that follow it to execute an attack on your web site. Since search engine bots follow links more or less blindly, this is pretty easy to make them attack other web sites.

Although we treat all search engines as good bots, we do inspect their requests and if a request poses a threat to your web site’s security we will stop it.

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    jankph

    I am using the WordPress Bad Behavior plugin http://wordpress.org/extend/plugins/bad-behavior/ for my blog, but had to deactivate after enabling Incapsula because it blocked some legitimate bots from visiting my site, e.g. Googlebot

    Admittedly, this perhaps more  a Bad Behavior issue than an Incapsula problem, but I think the cause is Bad Behavior reads Incapsula's IP, which doesn't match the Googlebot IP and consequently denies access. If Incapsula would keep the original IP in the traffic it sends through this problem would go away.

  • Avatar
    echai

    I also believe that the fact requests are sent from a small set of IPs is causing Bad Behavior to block requests.

    See my comment on your feature request on a similar topic:

    http://support.incapsula.com/entries/20243476-original-ip

     

    I think it should answer your question. Let me know otherwise.

Powered by Zendesk