new "pa?zer" bots creating false flags on all other players

[robotjohn]

It seems new bots are posting messages that name another player then say some bot phrases to get those players marked as bots by this program.

In this example all the people saying "www.myg0t.gg" are false. That is all the work of the "pa?zer" bot

[robotjohn]

Here is a cleaned up console.log of this moment. It looks like for now the dates they are faking are static. I assume they will fix that shortly.

https://hastebin.com/vabihuwufu.diff

[robotjohn]

I'm not sure it is that easy. There is no difference in console.log for a newline from a bot vs a newline from TF2 itself. They are both [CR][LF] in my console.log. They could insert a few lines of fake kill feed then a fake bot chat.

We could try going based on the recent history of the player in the game but anyone newly joined would get marked as a cheater.

for now I just cut out most of the chat detection from rules.official.json

https://hastebin.com/equmihelal.json

Even with just the newline and fake name rules this is still abuse-able but they are not currently doing that.

[id-rotatcepS]

Initial thought: most likely the current adaptation is using unmodified cheat client - they just use existing chat spam to include a random user name, a newline, and static text for the date. Getting a properly formatted dynamic date in their spam would probably require a cheat client software update, so until that happens, detecting that the date of the chat is reasonable should filter out this technique thoroughly.
As usual, it's just an arms race: if you do a detector update, might as well handle this case of unreasonable dates, forcing cheat bots to do a complete software update before this trick works again, and buying "us" time figure out a more permanent solution.

[id-rotatcepS]

I just thought of a solution.
Not hard, but requires spamming the log with a lot more content.

• Pick a random number on startup.
• Register that number via the generated config files you exec.
• Constantly execute "echo rndnum" every ?TBD?ms (I assume that would be done with a bind script that loops on itself with a short wait time)
• lines that only contain your private random number are the "official" newline that cheaters can't duplicate.
• to minimize spam, maybe only start the spam when a possible cheater is detected, then disable spam when it stops seeing interesting content (like possible cheaters or new connections).

If it does require a bind script with wait then this won't work on servers where that's disabled. And since that's a server setting I don't know whether a server would notice and complain about constant use of the command if it's enabled? that seems unlikely though.

[PazerOP]

Same core issue as #68. This should be fixed now, on startup the localization files are modified to surround chat messages with a randomly generated sequence of zero-width characters.