It is not uncommon for the search form to be spammed. In addition to random junk, you will often see SQLi and XSS attempts. I think they are clumsy robots. I do not think it's a legitimate attack vector (on an up-to-date Magento installation).
It is usually prudent to change the
catalogsearch_query table in the database.
catalogsearch_result is configured to remove lines related to
catalogsearch_query will eliminate unwanted data, but also all legitimate search terms, which appear as tips when users interact with the search form.
Most importantit will remove any custom search term redirection that may have been configured to return specific pages for certain searches, rather than search results. These contain a value in
I think that a safe approach is to back up
catalogsearch_query, then delete unwanted rows based on the templates you can find to identify them. For example. rows with
catalogsearch_query.num_results = 0 maybe most of the time undesirable.
catalogsearch_result should decrease in size accordingly.
Always safer, start by doing all this on a development site after importing your dynamic database.
FWIW, I tested the following query on a development site:
mysql> SELECT COUNT(*) FROM catalogsearch_query WHERE redirect IS NOT NULL; +----------+ | count(*) | +----------+ | 923 | +----------+ 1 row in set (0.02 sec) mysql> DELTE FROM catalogsearch_query WHERE redirect IS NULL; Query OK, 44367 rows affected (5.45 sec) mysql> SELECT COUNT(*) FROM catalogsearch_query; +----------+ | COUNT(*) | +----------+ | 923 | +----------+ 1 row in set (0.00 sec)
The reindexing process works normally, and the redirect search terms appear as indices and work as expected.