At a glance: Bot attacks spoofing Googlebot are surging significantly; website operators should verify IP addresses using Google’s verification tools.
Since June, website operators have been registering a wave of bot requests disguised as Googlebot to circumvent security measures. Security administrators should systematically verify requesting IP addresses.
Web administrators are observing hundreds to thousands of manipulated bot requests daily that impersonate the legitimate Googlebot user agent. The objective: to bypass security filters and rate-limiting measures, since genuine Googlebot traffic is exempted from blocking on most websites. Chris Siebenmann, Unix systems administrator at the University of Toronto, has documented the increase since June. The attacks are being carried out via IP addresses from various providers such as HostRoyale, M247, Latitude.sh, Web2Objects, and AWS — a pattern suggesting a coordinated campaign.