BotID uncovers hidden SEO poisoning

A financial institution experienced a spike in suspicious bot traffic, initially suspected to be malicious, but later identified as verified Google bots executing strange search queries unrelated to their business. Investigation revealed that their previous infrastructure had been compromised years ago through SEO poisoning, where attackers manipulated search engines to index malicious content. Although the institution had since moved to a new platform, Google's index still contained these poisoned URLs, causing its bots to re-crawl the old, corrupted pages. By using BotID for precise bot identification, the institution avoided mistakenly blocking Google's legitimate crawlers and instead focused on updating their robots.txt and using Google Search Console to remove the outdated, harmful pages. This case highlights the importance of accurate bot identification over immediate blocking, as understanding the source of bot traffic can distinguish between active threats and residual effects of past vulnerabilities.