Why you can't search for phpBB on Bing

I've discovered an interesting bug: You can't search for "phpBB" on Bing.

I was doing some research for my startup naming business when I came across a deleted forum post I wanted to read. Google didn't have a cached copy, so I decided to paste the URL into Bing. The result looked something like this:

Did I just crash Bing?

No search results, no human-readable error message, just Bing doing its best impression of the Blue Screen of Death.

At first I thought it was a problem with the URL I was searching for, but it turns out any search containing the words "view topic" will crash Bing. Here's a few examples to illustrate the extent of the problem:

"what topics do they discuss on The View?"

"hottopic.com page views"

"topical viewing"

I went back to Google and ran a site search against Bing to see if there were any other broken keywords.

Google turned up several thousand Bing error pages, but most of them weren't keyword related. In fact, I was only able to find one other keyword that would reliably crash Bing: "phpbb". At this point, I knew I was on to something.

phpBB is a free, open source forum package that enjoyed a lot of popularity back in the mid-2000s. These days, there's a huge glut of old, abandoned phpBB forums clogging up the net with spam.

Worse, these old phpBB versions (particularly prior to version 3) often contain serious security holes. Doing a little research, I found a number of phpBB exploits actively targeting a file called viewtopic.php. Many of these exploits had been weaponized in the form of IRC bots that would remotely query search engines for new forums to infect.

bots using bing

Now it all made sense. People were using bots to search out vulnerable versions of phpBB using strings like "phpbb viewtopic", and since Google is pretty good at filtering out automated queries, the bots had moved on to probing for targets via Bing.

Here's my theory: Bing, either by human error or by some faulty heuristic, has gone massively overboard in their bot-blocking efforts. Instead of just filtering out malicious searches, they're dropping everything containing any of the target strings, including virtually all searches for anything related to the phpBB forum software.

This isn't a short-lived problem, either. Google's cache shows Bing has been dropping phpBB searches all the way back to March 7th. Further, it appears the keyword "ASP" suffered the same problem for a while, although it's since been fixed.

One additional note: These forbidden searches will actually work in a few specific cases, for reasons I'm not exactly clear on. You'll get results in IE9, for example, but not IE8.

It appears there's some browser-specific redirects kicking in before the bot filtering takes effect. A quick check with BrowserShots.org verified the error occurred in 64 out of 65 browsers.

Update: Roughly 36 hours after this was posted, Bing seems to have fixed the problem.

Comments? | Share on Twitter

Posted by John on 2011-08-01
Tags: