MSFN and its lack of search results in Google, Bing, and all search engines depending on them

[NotHereToPlayGames]

Well, it is called a Japanese Thai Hack.  And that ad is for some "Japanese Trick".  

[EliraFriesnan]

3 hours ago, NotHereToPlayGames said:

Wow!  I use Stylus and uBO both to prevent the ads and ad containers here at MSFN.  I do that because some of the ads would get me FIRED if female coworkers took them out of context.

I just disabled, reloaded the page, and got the below!  Now then, imagine what a female coworker would think if she saw this but was standing too far away to read it was about Sleep Apnea.

"Japanese Trick" is posted in English, looks legit. No Siamese "affairs".

[EliraFriesnan]

3 hours ago, NotHereToPlayGames said:

Well, it is called a Japanese Thai Hack.

We don't know whether it comes from Thailand, it might be Cambodia, Myanmar, also Siamese language.

Do we have Asian linguists to distinguish the dialect?

wikipedia.

[AstroSkipper]

3 hours ago, NotHereToPlayGames said:

That has already been DENIED by @Tripredacus and @xper way back in March:

https://msfn.org/board/topic/187750-sometimes-redirecting-to-spamgamble-site-when-accessing-msfnorgboard/page/4/#findComment-1285830

They are IN DENIAL that the problem is ON THEIR SERVER, they have PUBLICLY said so.

And they "refuse" to admit that they were WRONG in that assessment.

 

That’s not the point. I said that unlike February, it now can no longer be denied. I always express myself very precisely and would appreciate it if a native speaker like you would take the words at face value. This is starting to get on my nerves.  Avoid any interpretations if possible! Facts are facts.

4 hours ago, AstroSkipper said:

There is a significant difference compared to February. We have proven here, unequivocally and beyond any doubt – with mathematical precision, so to speak – that the MSFN server has been compromised by malicious code. This can no longer be denied.  Any attempt to deny this would be embarrassing and would call into question the server operator’s technical competence. 

Everything @xper and @Tripredacus said in March is now null and void. The MSFN servers are infected and therefore compromised with 100% statistical certainty. 

Edited yesterday at 05:34 PM by AstroSkipper
Update of content

[NotHereToPlayGames]

F

[AstroSkipper]

@nicolaasjan This is an attempt to explain what happens when the contaminated MSFN server meets other search engine bots than Googlebot or bingbot.

For everyone else, it refers to @nicolaasjan's test and observation:

20 hours ago, nicolaasjan said:

I tested with the Mojeek bot:

MojeekBot/2.0 (compatible; http://www.mojeek.com/bot.html)

It sees nothing now  :

Why alternative bots (like MojeekBot) trigger the "Welcome Loading ..." freeze

1. The mechanics of the attack: The server-side user agent sniffer

The malware installed on the server uses a conditional script (usually written in PHP within core files like index.php or .htaccess rewrites). This script scans the incoming request for specific keywords in the User-Agent string to determine whether to serve the clean forum to a human user or the spam payload to a search engine.

2. The Googlebot trigger vs. the MojeekBot catch-all fault

With Googlebot: The malware has a fully defined template. When it detects Googlebot, it successfully injects the hidden HTML container containing the Thai spam, links, and keywords, allowing the page to render fully for the crawler.
With MojeekBot (and potentially other secondary search bots): The malware's sniffing routine recognizes the word Bot or Bot/ (via a regular expression or wildcard check like *bot*), flagging it as a search engine. However, the malware's backend does not have a valid spam-template or correct database-routing configured for this specific bot identifier.

3. The cause of the freeze: Broken Document Object Model (DOM) & JavaScript execution

The string "Welcome Loading ..." is part of the forum’s native lazy-loading or initialization layout (often used during the initial handshaking phase between the server and the browser's JavaScript engine).
When MojeekBot hits the server, the malware triggers, intercepts the request, but then crashes or terminates prematurely (e.g., throwing a silent PHP Fatal Error or an unhandled exception because the variable for the payload is empty or undefined).
The backend script crashes mid-execution:
It completely fails to fetch and load the actual forum database content (the threads, posts, and UI).
It leaves the HTML document incomplete and broken, trapping the page forever in the initial "Welcome Loading..." state.

This observation proves that the infection is not a static HTML injection into old threads, but an active, dynamic routing script on the server. It intercepts all automated crawlers based on a broad User-Agent filter, but breaks completely when encountering bots it wasn't explicitly optimized for (like Mojeek).
To fix this, the administrator @xper or supervisor @Tripredacus needs to look for malicious conditional statements filtering user agent keywords inside the server configuration or core PHP initialization scripts.

Edited 17 hours ago by AstroSkipper
Update of comment

[AstroSkipper]

On 6/1/2026 at 3:24 PM, AstroSkipper said:

On 6/1/2026 at 2:54 PM, NotHereToPlayGames said:

Agreed...

But remember, this was brought to their attention in FEBRUARY !!!

We *HAVE* been patient!  VERY patient!

There is a significant difference compared to February. We have proven here, unequivocally and beyond any doubt – with mathematical precision, so to speak – that the MSFN server has been compromised by malicious code. This can no longer be denied.  Any attempt to deny this would be embarrassing and would call into question the server operator’s technical competence. 

And it is, of course, perfectly clear that the infection was already present in February and that @LoneCrusader was already seeing it at that time:

On 2/14/2026 at 12:26 AM, LoneCrusader said:

I haven't seen this directly, but searching for msfn.org/board on Google yielded this. It seems to have propagated out into search results.
This is Firefox 115.32.0esr under Windows 7.

 

It could therefore have been nipped in the bud back in February, had it been investigated professionally, deeply and thoroughly. That is very regrettable and is completely beyond my comprehension.  

Edited 3 hours ago by AstroSkipper

[AstroSkipper]

And to complete the puzzle, there’s still one key piece missing. And that’s the 0-post accounts, which were created in large numbers during a specific period, or periodically, or stand out because of their name or other unusual characteristics. I’m currently looking into this in more detail, as far as I am able, and trying to identify any obvious connections.

Edited 6 hours ago by AstroSkipper