Jump to content

MSFN and its lack of search results in Google, Bing, and all search engines depending on them

AstroSkipper

By AstroSkipper
in Site & Forum Issues

 Share

Recommended Posts

NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

AGREED !!!    KEEP IT UP !!!

1) members get to know Astro the "worker bee"
2) members get to witness the total lack of "management" by our OWNER (seriously, request a REFUND if you've ever "donated"!)

Granted, maybe there is a third:
3) "Sorry guys, I've been held up in the hospital, I am back now and I will fix this, this is a SERIOUS matter and I take FULL RESPONSIBILITY in letting you all down."


AstroSkipper

AstroSkipper

Posted
  • Author
Posted (edited)

If @xper or @Tripredacus can bring themselves to take my comments seriously and investigate the MSFN server, they must do so very thoroughly, as the infection is more or less hidden or invisible.

In IT security, this phenomenon is known as "cloaking" (making content visible only to search engines) or shadow injection.

Here is an attempt at a factual, technical explanation of why this Thai content was invisible to visitors in their browser:

1. The phenomenon of "cloaking" (the user-agent switch)
The malware that has infected the forum checks the user agent (the visitor’s identifier) every time a page is loaded:
 If you, as a normal user, visit the site using a browser, the server sees: “Ah, a normal person.” The script ignores you and delivers the completely clean, familiar MSFN forum. You don’t see a single spam post.
When the Google bot (Googlebot/2.1) visits the page, the malicious script recognises the identifier and switches over. It injects the Thai keywords, casino text and spam links into the HTML code specifically for this one bot.
As the Google bot sees this, it stores it in its index. As a user, you won’t notice a thing until you search for MSFN via Google and wonder about the hieroglyphics.

2. Exploiting the internal search function (URL injection)
Many forum software packages have a vulnerability in the way they process search queries. Bots send millions of specially crafted search queries containing Thai terms to MSFN.
The forum then dynamically generates a page with the title: "Results for the search: [Thai casino link]" . The bots copy this generated URL and link to it en masse on dubious external websites. When Google follows these links, the bot lands on MSFN on a Thai results page (which exists for it) that never appears in normal forum operation or in the sub-forums.

3. Hidden system files (database level)
Often, the attackers do not embed themselves in the visible text area of the threads, but instead modify a deep-level system file (such as the .htaccess file on the server or a core file of the forum software). This file intercepts the data stream and adds the Thai code in the background – but only if the request comes from a search engine.

Conclusion:
There’s no need to worry: the forum on MSFN that people use and love every day is clean in terms of its content. The database of genuine threads remains unaffected.
This is a purely technical "parasite infestation" running in the background, specifically optimised to deceive the Google bot and exploit MSFN’s reputation (domain authority) for illegal advertising purposes. As the administration doesn’t see this malicious code during normal forum operations, it usually only comes to light when Google’s hammer strikes mercilessly in the wake of a core update.

Edited by AstroSkipper
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

My conclusion differs slightly:

1) Google CARES about their "reputation" being visually impaired by "spam results"
2) Google CARES about their consumer by NOT feeding them "spam results"
3) MSFN does NOT CARE...  Period...  "No answer IS an answer."

The Google Bot is doing what EVERY FORUM OWNER *KNOWS* that it IS DESIGNED TO DO, it hasn't done anything here "in secret".
LET THAT HAMMER STRIKE, in my not-so-humble-opinion.  FORCE the OWNER to spend donations on the SERVER instead of "home repairs" or "groceries".  Just paraphrasing, of course.

AstroSkipper

AstroSkipper

Posted
  • Author
Posted
6 minutes ago, NotHereToPlayGames said:

1) Google CARES about their "reputation" being visually impaired by "spam results"
2) Google CARES about their consumer by NOT feeding them "spam results"

Google cares about Google. And nothing else. When they say that new optimisations have been performed, then they have minimised their costs and maximised their profit. Google doesn't really care about consumers or preserving knowledge for future generations.

NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
18 minutes ago, AstroSkipper said:

they have minimised their costs and maximised their profit

And I *support* that!

 

19 minutes ago, AstroSkipper said:

Google doesn't really care about consumers or preserving knowledge for future generations.

But no, I do *not* support that.  But I really don't think that's what this COMPLEX issue can be MINIMIZED to.  In a black and white world, there are sh#tloads of "gray" (or "grey", if you prefer).

NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

Regarding Google's Core Update, I do personally think that Google should have had some sort of "advance notice" to forum owners, some form of "Warning:  You are about to be de-indexed because of your LACK OF PATCHING SECURITY HOLES and your web site's SIX MONTHS AND COUNTING quantities of the "Japanese/Thai Keyword Hack".

But:
1) is that really fair, would Google have had to send a notice to ONE web site or one MILLION web sites?, and
2) IT WOULD NOT HAVE MADE ONE D@MN BIT OF DIFFERENCE, our owner (in my opinion) would have done NOTHING differently...  *NOTHING* !!!

AstroSkipper

AstroSkipper

Posted
  • Author
Posted

I’ve been a Google user from the very beginning when their first search engine was released. And an Android user since 2014. Nothing Google has done is for the benefit of its customers or users; it serves only its own interests. And if there were a real alternative, I would have moved on long ago. The good thing is, I’m a very experienced Android user and can make up for a lot. :P

nicolaasjan

nicolaasjan

Posted
Posted (edited)
58 minutes ago, AstroSkipper said:

When the Google bot (Googlebot/2.1) visits the page, the malicious script recognises the identifier and switches over. It injects the Thai keywords, casino text and spam links into the HTML code specifically for this one bot.
As the Google bot sees this, it stores it in its index. As a user, you won’t notice a thing until you search for MSFN via Google and wonder about the hieroglyphics.

Indeed.

This is what the bot sees when visiting this particular thread (screenshot of part of a long page):

spacer.png

Edited by nicolaasjan
1
AstroSkipper

AstroSkipper

Posted
  • Author
Posted
57 minutes ago, nicolaasjan said:

Indeed.

This is what the bot sees when visiting this particular thread (screenshot of part of a long page):

spacer.png

It is precisely observations like these that are important and useful. Thank you, @nicolaasjan:)

2
nicolaasjan

nicolaasjan

Posted
Posted
6 minutes ago, AstroSkipper said:

It is precisely observations like these that are important and useful. Thank you, @nicolaasjan:)

I just changed `general.useragent.override.msfn.org` to: 

Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

:)

But why doesn't the administrator do something about it? :dubbio:

2
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
5 minutes ago, nicolaasjan said:

But why doesn't the administrator do something about it? :dubbio:

Your guess is as good as anyone's.

Where we are at now, I'm kind of "expecting" a 404 when visiting MSFN.  I'm kind of disappointed that it hasn't happened yet.  Sarcastic.  But not really.

AstroSkipper

AstroSkipper

Posted
  • Author
Posted (edited)
37 minutes ago, nicolaasjan said:

But why doesn't the administrator do something about it? :dubbio:

No idea! I’m just compiling facts, analyzing connections and drawing conclusions. And that doesn’t come particularly hard for me, as I’ve been doing nothing else for decades, and it’s second nature to me. Let’s hope he might still take action! I’ve never had any contact with @xper. To me, he’s always been a bit of a mystery. :cool:

Edited by AstroSkipper
2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...