Uh, Google is trying to hack me?

Posted by & filed under , , , .

Late this evening I first noticed Google Bot was attempting to FTP to one of my servers. It is trying to connect anonymously via FTP. Not just from one host or IP, either. To my dismay, these (what I’m calling) hack attempts have been going for a few days and from a total of 23 different *.googlebot.com host names.¬†[Updates after the jump.]

So there’s your lead.¬†This is a new one for me and I haven’t been able to find anything about it on the web. I went to Bing, Ask, DuckDuckGo, and a slew of others — not just Google.

I’m going to paste some log snippets. If you’ve seen any similar activity please email me or leave a comment below and let me know what you’ve discovered.

Thanks in advance! I wonder if this post will appear in Google search engine results.

  • Jan 22 15:10:49 ftpd[12778]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-76-165.googlebot.com
  • Jan 22 15:10:49 ftpd[14780]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-76-165.googlebot.com
  • Jan 23 19:54:40 ftpd[63857]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-73-217.googlebot.com
  • Jan 23 19:54:40 ftpd[68158]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-73-217.googlebot.com
  • Jan 24 20:27:18 ftpd[70041]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-73-247.googlebot.com
  • Jan 24 20:27:18 ftpd[71642]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-73-247.googlebot.com
  • Jan 24 20:52:54 ftpd[79978]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-73-146.googlebot.com
  • Jan 24 20:52:54 ftpd[72975]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-73-146.googlebot.com

UPDATE – February 27, 2013 (almost a month later):

The attack attempts continue. I’m surprised no one has weighed in on this one. I have contacted Google in an attempt to find out what their reason is for connecting to servers via FTP with GoogleBot. Google has recently introduced more support options and contact information for the general public so hopefully they get back to me. I’ll let you know.

Here’s something from the logs just today:

Feb 27 12:13:55 ftpd[89067]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-75-170.googlebot.com
Feb 27 12:13:56 ftpd[89068]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-75-170.googlebot.com
Feb 27 12:34:36 ftpd[90176]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-75-199.googlebot.com
Feb 27 12:34:36 ftpd[90177]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-75-199.googlebot.com
Feb 27 12:55:42 ftpd[91033]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-75-62.googlebot.com
Feb 27 12:55:43 ftpd[91034]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-75-62.googlebot.com

UPDATE – January 28, 2013: Google continues anonymous FTP attempts on this server. What the deuce?

Jan 28 20:31:38 ftpd[92637]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-76-165.googlebot.com
Jan 28 20:31:39 ftpd[92638]: ANONYMOUS FTP LOGIN REFUSED FROM crawl-66-249-76-165.googlebot.com

3 Responses to “Uh, Google is trying to hack me?”

  1. Oscar

    Tim–

    Back in March of 2007 I had similar activity from googlebot. I had robots.txt on my server and I’d verified through Google Webmaster Tools that the robots.txt was properly formatted and being read by Googlebot so Google should not have been crawling my server in any way shape or form. Yet Googlebot ignored my robots.txt for FTP and was connecting to my server to not just index, but download my files.

    The general consensus I got from some people in Google Groups was that Googlebot follows links even if their, say ftp://x.y.z.com/file.zip not just http:// links. So if you have links anywhere on your web site or web sites on the same server as you that link to your server through ftp Googlebot follows it just the same as a regular web page link. It wants to know what the file is (if it can read it) so it can parse it, cache it and add it to Google’s search results. This = more search engine results available to searchers and more page views and ad revenue for Google.

    To wrap up, one pundit enlightened me with his reply to my post back then in ’07: “Google’s mission is to organize the world’s information and make it universally accessible and useful”.

    Reply
  2. Lonesome Walker

    Got me too.

    Very strange, because there are NO ftp links to my ftp server, also there is no anonymous access…?

    Google answers as always with their charming email robots: “have a look at the support pages, write nice essays in our forums…”

    I hate this sh*t, especially due the fact that these scans also make hard disk usage and eating my power of the server.

    Is there no law against that?

    Reply
  3. ernie cooper

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × five =

*