Title: Google Cross Scripting attack? Last modified: May 30, 2024 --- # Google Cross Scripting attack? * Resolved [masterthehero](https://wordpress.org/support/users/masterthehero/) * (@masterthehero) * [1 year, 12 months ago](https://wordpress.org/support/topic/google-cross-scripting-attack/) * Wordfence is telling me that a human is trying to perform an XSS cross scripting attack on my website [http://www.thesilverninja.com](http://www.thesilverninja.com) * But when I check the WHOIS results, it says that the “attack” is originating from Google. The system (I’m assuming is a crawler of some sort) has been hitting my website all day today and has now brought up my hits to 300k. * Should I allow this? I’m not sure what to do. It’s non-stop. * Copy/paste if my image doesn’t upload. * [North Charleston, South Carolina, United States](http://maps.google.com/maps?q=32.8608017,-79.9746017&z=6) was blocked by firewall for XSS: Cross Site Scripting in query string: query=% 22%26%23×27%3B%3E%3CsVg%2Fonload%3Dalert.bind()(1)%20class%3Ddalfox%3E at [https://www.thesilverninja.com/blog/?query=%22%26%23×27%3B%3E%3CsVg%2Fonload%3Dalert.bind%28%29%281%29+cl…](https://www.thesilverninja.com/blog/?query=%22%26%23x27%3B%3E%3CsVg%2Fonload%3Dalert.bind%28%29%281%29+class%3Ddalfox%3E) * 5/29/2024 10:29:27 PM (6 seconds ago) * **IP:**34.23.26.131**Hostname:** 131.26.23.34.bc.googleusercontent.com * **Human/Bot:**Human * Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/ 75.0 * ![](https://wordpress.org/59dabecd-8343-4fe9-a050-52e567538c47) - This topic was modified 1 year, 12 months ago by [masterthehero](https://wordpress.org/support/users/masterthehero/). Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [1 year, 12 months ago](https://wordpress.org/support/topic/google-cross-scripting-attack/#post-17792487) * Hi [@masterthehero](https://wordpress.org/support/users/masterthehero/), thanks for checking with this. * Requests from `*.googleusercontent.com` rather than `*.googlebot.com`, as stated in [Google’s documentation](https://developers.google.com/search/docs/crawling-indexing/verifying-googlebot) are coming from a third party such as a site hosted on Google Cloud, for example. User content hosted by Google could be anyone, for any reason, with any type of intent. * It’s generally unnecessary to have a manual blocking regime as IPs are often reassigned, so management can be difficult to keep up with. Naturally as you’re getting so many requests and it’s attempting to run an `onload` script as part of the query string, I would certainly try a manual permanent ban on the IP from the **Wordfence > Blocking** page. * As Wordfence is an endpoint firewall, it can catch/restrict/block users using [Brute Force](https://www.wordfence.com/help/firewall/brute-force/) or [Rate Limiting](https://www.wordfence.com/help/firewall/rate-limiting/) settings after PHP loads but, when optimized, before the point your site tries to host content to them. Restrictions therefore are possible, but it can’t stop the requests from initially hitting your site, even if it ends up blocking them so you may still see Live Traffic mentions. * Just ensure your [Rate Limiting](https://www.wordfence.com/help/firewall/rate-limiting/) rules already don’t limit Verified Google crawlers, and **throttle** instead of block. Throttling is generally better than blocking with crawlers because any good search engine understands what has happened if it is mistakenly blocked and your site isn’t penalized because of it: [My Rate Limiting settings](https://www.wordfence.com/wp-content/uploads/2021/09/ratelimitingpreferred.png). * Thanks, Peter. * Thread Starter [masterthehero](https://wordpress.org/support/users/masterthehero/) * (@masterthehero) * [1 year, 12 months ago](https://wordpress.org/support/topic/google-cross-scripting-attack/#post-17792660) * Hi Peter, * Thank you for providing all these informative links. I’ve read through the material and implemented the recommended throttling changes. Really loving the simplicity of this plugin and plan to upgrade to premium once my budget is all squared away. * Thank you for taking the time to respond! * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [1 year, 12 months ago](https://wordpress.org/support/topic/google-cross-scripting-attack/#post-17794970) * No worries at all [@masterthehero](https://wordpress.org/support/users/masterthehero/), we’re always happy to help out with any queries and pleased to hear you’re happy with how things are going! * If you have further questions at any time, open up a new topic and we’ll do our best to answer fully. * Peter. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Google Cross Scripting attack?’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [google bot](https://wordpress.org/support/topic-tag/google-bot/) * [xss](https://wordpress.org/support/topic-tag/xss/) * 3 replies * 2 participants * Last reply from: [wfpeter](https://wordpress.org/support/users/wfpeter/) * Last activity: [1 year, 12 months ago](https://wordpress.org/support/topic/google-cross-scripting-attack/#post-17794970) * Status: resolved