Thread: Anonymous users created by googlebot?

We have a moderately secure site where no one can access any storefront pages or data until they have logged in. There are only 3 admin users who can create new customer accounts, users cannot.

Over a period of 3 days, four records were added to our customer table with no information provided. the only fields that are populated are the GUIDs, dates, and lastIP address. For example: 66.249.67.21 and 66.249.67.47

These IP addresses appear as googlebot. Is there some way Google can bypass admin credentials and create phantom customer records when searching? Since we're not yet trying to attract new customers to our B2B site there's no need for Google to crawl the site. Is there a security hole that we should address?

How do you have the site locked down? Google isn't 'bypassing' any credentials but if the site is accessible, it can crawl around the site and might 'click' any of the options that create an anonymous customer record for their visit. If you want to prevent that entirely, you'll need to either make the site unreachable entirely (maybe set Windows auth credentials on it) or modify the robots.txt to keep bots out.

Hi,
I'm having similar problem. Yahoo, Google and couple of other Search Engines are continously browsing the product details page resulting a *blank* record in customer table. on an average 1 customer record is getting created for every 3 seconds - this is annoying.

Any insight to avoid this ? I've 8.0 ML Source.

Thanks.

There's not really a way to prevent that that isn't going to keep the bots from indexing your site entirely, which is generally not something you want. Those anonymous records don't hurt anything and if you're performing the monthly maintenance regularly through the admin site they shouldn't build up too horribly bad. If you prefer you can set up a DB trigger/scheduled event to clear out anonymous records periodically, just keep in mind that if a genuine anonymous customer (one who just hasn't registered or logged in yet) is browsing your site and has items in the cart when those records are wiped, they'll lose them and have to add them again.

We have notices some 10,000 annonymous accounts been created all by the same ip, I can only assume its a bot or somebody up to no good.

What exactly has to happen for an annonymous acocunt to be created? and other than block ther ip (shutting the door after the fact) does anyone have any ideas to prevent this?

use your robot.txt file to block addtocart.aspx, Make all links that add items to the basket rel="nofollow".

This is how we stop any bots creating anon customers but allow them to crawl the site.