Security4 min read

How to prevent abuse of your webshop’s search engine

By Tom Ketels on Thursday, 16 February, 2023

How to prevent abuse of your webshop’s search engine

In this article

Lately, we have been seeing a growing number of cases of cyber criminals abusing the search engine of online shops to generate Search Engine Optimisation (SEO) reach. It is a phenomenon sometimes dubbed as a part of “Black Hat SEO”.

This abuse can have a major impact on the performance and search engine ranking of your webshop. In this article, we will tell you how these cyber criminals operate and how you can prevent this on Hypernode.

Abuse of your webshops’ search engine

Cybercriminals use the search functionality to search a shop for certain terms. These terms do not exist in the shop but the search page does return these terms, both in the body and title. As a result, for every wrong search term, an (error message) page is created.

The criminals often use the same terms, such as “FIFA 23 coins” and “”, next to each other. Therefore, the search engines think that these words have something to do with each other. They then place links to these erroneous search pages on other websites so that they get indexed.

Once the error pages are in Google, crawlers will come back periodically to see if these pages still exist. The annoying thing, of course, is that these error pages are actually an error message from the online store’s search functionality. The number of error pages can add up quickly. We have already seen a few cases where thousands of error pages have been created, with all its consequences…

Poor performance and lower SEO ranking

The search engine of a webshop has large numbers of products to look through. This makes it a heavy and slow process. If cyber criminals abuse a webshop’s search engine, it directly has a negative effect on the performance of a webshop. In addition, ‘cache pollution’ can occur. This means that data is cached unnecessarily, degrading a site’s performance.

Apart from the reduced speed, the mere existence of these pages can also have a negative effect on the search engine ranking. We explain this through the example below:

A webshop sells clothes and accessories where everything integrates nicely with each other and all pages are well connected in terms of content. The search engine (Google) considers this is essential and therefore rewards the shop with a good ranking. Then cyber criminals place terms that do not match these topics. Google does not understand that these error pages, each containing completely different terms, are not meant to be real pages. As a result, the search engine rejects the webshop and the shop drops in terms of ranking.

This is what you can do to prevent search engine abuse

To tackle this abuse, the error pages have to be removed from Google and other Search Engines. You can do this by blocking the search results (/catalogsearch) of your webshop via robots.txt. This way, you make it impossible for Google crawlers to (re)index search results pages.

In addition, we recommend you to remove these pages from Google Search Console and, if necessary, we can place a piece of server configuration on your Hypernode. This configuration blocks such search behaviour, i.e. searches with certain terms and searches with more than ten foreign characters, directly on the server. This is done with a “410 GONE” notification, so that Google also knows that these pages do not exist. All this to avoid further impact of the googlebot on your site.

Would you like to use this server configuration? Contact us! We’re always happy to help.

Hi! My name is Dion, Account Manager at Hypernode

Want to know more about Hypernode's Managed E-commerce Hosting? Schedule your online meeting.

schedule one-on-one meeting +31 (0) 648362102

Visit Hypernode at