Open TrickyTrix935 opened 3 years ago
Matchmaking bans based on kick record
this does not work in csgo and it will not work in tf2. people will abuse kicks even more.
What would be great is if someone could be reported as a bot and then block those reported to a threshold from joining any valve casual servers. To prevent that from being abused (threshold), the majority of the team would need to report the bot in several different new matches meaning the bot would need to disconnected join another (or same by chance) server for the majority of the team report to have an effect. This would require a large effort on the player part and would be slow given that many people may not read chat, hear voice chat, care, or even know how to participate to majority report. But, if you could get enough people to see a difference, I think you could get the same people behind it and be effective over time. What I feel like now is that reporting someone rather than kicking them has uncertainty that the category they were kicked for has anyone reviewing it or has any effectiveness and if you want to kick them for hacking or some other reason, the worst that can happen is that they are banned from that single valve server, but not the rest. The benefit of reporting instead of using kicks as a metric is that the alleged player doesn't get kicked and so, if used in conjunction with the aforementioned abuse reduction system, it will less likely used for abuse and abuse by bots when they are the majority on a team.
Of course, the next step would be for bots to then start choosing a random name from a predefined dictionary and then to change classes and reduce the bots' automated features to appear less annoying and less like a bot. This might be a good thing because then they would reduce their cheating to such a degree that they would have slightly harder adversaries to play around with rather than op machines. But it would probably turn into McCarthyism at least for younger people because somebody thinks someone is a bot because the alleged bot is better and the consorted group effort thinks like a group and not individually unless the alleged says they are not. In this case, this system would be worse than kicking since you don't know how many people to convince you are not a bot and how much time left. Yes, it requires several matches worth of reporting, but if the McCarthyism got so bad it was on many casual servers (which is doubtful) then I would hope there would be an appeal process.
The cheating software the bots run on is entirely open-source. A better alternative would be to plug signatures found in the source code into VAC, and force Linux users to run VAC at root level in order to make it more effective on those types of systems. The software in question only operates on Linux, as VAC has less permissions on Linux compared to say, Windows. Additionally, running multiple accounts on one PC is nigh impossible on Windows, causing VAC authentication errors when attempted. (With a few exceptions.) But due to how VAC on Linux works, it doesn't hand out any errors for this type of behavior, thus causing this problem.
As it stands, free accounts are already heavily discriminated against as it is due to this nonsense. Not being able to use voice and text chat completely neuters any sort of team interaction and communication, let alone the addition of disabling voice commands. Some sort of solution needs to be found to this at some point. While I understand the current world situation has made life difficult for many people, the team has shown that they still have the ability to make some changes to the game during all of this.
So, let's not introduce any more changes that could turn even more people off of this game. That'll just make things worse. Bot owners have already made a good majority of their accounts paid in order to bypass the restrictions currently set in place. So it's silly to even keep them.
another option besides giving the signatures of cathook to VAC's blacklist? have TF2 do some checking on it's own, and make it so that Tf2 would crash 5 minutes after injecting cathook on linux.
Hi. Current bots try to disguise their name as a player from the same team.
Could you display the same info in the voting menu as in the scores? People can't understand who they kick so if they choose a legitimate player then the bot is still in the game.
Also sorting by name would help too.
And no, I wouldn't like to run anything under root level. This is not needed. What's next? VM escape detection? That's not realistic.
Disallow newly connected players from calling votes in casual and competitive Currently some of the bots are programmed to call votes on other players as they join the game, this is to trick others in the lobby into kicking someone else aside from the bot, as well as delay the voting process intended to be used on the bot itself. A simple solution to this would be to disallow newly connected players from calling votes for a certain amount of time, which could be implemented through a cvar if adjustment is needed for other modes and in community servers.
i like this, but players who recently changed their name on the server also need the restriction
otherwise the bots could join with an innocuous name to avoid being kicked, hang around until the timeout is over and then perform their "attack" (steal a player's name, hide the name change message by spamming newline characters in the chat, then call the vote)
if name changers had the same restriction then i couldn't think of a way they could work around it anymore
@huglovefan I think a way they could get around it is: They can mass connect casual matches and the have access to the steam api to get player names. They can decrease the list of players to target by keeping track of who changes their name frequently and only keeping the ones who change names from a range of once per month to account creation as well as keeping track of the names who remain who play on TF2 casual regularly (they check by either cross referencing the ips that the player tends to join with an existing list or they try connecting and test if they get disconnected because you can't join a casual game by ip). So they change the bot names to the remaining people on that list and wait the time out (week or hours). Then, like they already do, they flood casual matches or try to fill in both teams on the matches that are empty because sometimes bots are part of bot parties and the bots communicate with each other to coordinate. Except, this time, the bots are communicating to swap out the server with only 5 - 10 or more bots with steam names that match the players on the server. In this way, it is effectively a slower way to change names, but less likely to encounter players on a server who have their names copied, but conceivable nevertheless.
One suggestion I've not seen in this thread is to start displaying the hidden characters cheaters use in their name to disguise themselves as another player. It's much easier to tell who's a cheater when comparing "Player" with "Pl?ayer?" for example.
The third-party TF2 Bot Detector utility does this.
This doesn't address the problem exactly, as they'll still be able to join games and spoil it until they are kicked, but it would at least help reduce the amount of times the innocent player who's name has been copied is kicked instead of the bot.
I think identifying humans from bots is especially important if there is some kind of matchmaking ban for being kicked.
In-game captcha
This is the software that cheaters are using to invade bots
<Link removed by moderator>
As of recently, the bots are now all called "BARRY WHITE'S FISTING" and cannot be kicked since they lag out the server as soon as a vote against them is started. Provided you actually managed to fix the lag exploit that was used a few years ago to do the same thing, this is most likely now caused by DDOS attacks against your servers, which means your hardware & network is suffering, Valve. I just quit a two hour gaming session after 80%+ of the games were ruined by unkickable bots. Seriously, this game is getting increasingly unplayable. I don't understand the decision to leave the servers running and let the bot hosters do their thing. After five years of this issue persisting it's about time to do something meaningful, please.
Honestly, I can't believe this issue isn't fixed yet and much less can I believe this thread isn't the most active on this entire bug tracker.
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-1062095840
This specific scenario isn't a DDOS attack. It's yet another exploit.
There is one fix we could all apply: Don't use Steam and Valve. I play only on community servers.
If you're gonna do anything for the #savetf2 movement then please at least fix the lag exploit so we can attempt to actually kick the bots ...
I only play on community servers. Valve succs.
When I play tf2 in 2023 in Africa.. it seems like valve hasn't done enough I swear like 23 bots are on the other team please if someone could help African servers it would be a great thing...
Valve doesn't care.
Someone had to say it...
At this point, most players would be content with bot numbers sheared down to at least a manageable level.
It has been 3+ years, and most of the players have evolved to quickly identify and votekick all types of bots. All patches that have been put into place since the issue began have only served to complicate bot developers' path to hosting. As well as disable some of the methods they can exploit with their bots.
This has been mentioned many times and will be mentioned again: all code relating to textmode tf2 should be entirely scrapped.
It serves no practical purpose to non-malicious players, and has repeatedly been a troublemaker for the community; whether it be the item idling programs from the early drop system or our current bot crisis. The small cases where it can actually be utilized is a valid sacrifice to make. Even if the bots were not an issue, removal of textmode would be more comparable to a "spring cleaning", rather than a patch for longevity.
Bot hosts achieve the numbers they have thanks to textmode being extremely lenient on hardware usage. Forcing them to switch to visual tf2 would be like a Windows user attempting to open 30+ instances of the game using sandboxie -- not too friendly for the CPU.
Some argue that this realistically would not do much to stop hosts, and it would not. However, the numbers absolutely will drop, as many hosts would be forced to purchase much more expensive hardware just to achieve enough bots to flood 1 server before their hardware fails.
It is asinine to assume half of the hosts (who are likely just kids who got bored of cheating) would simply purchase 10x expensive hardware just to get the same volume of bots they had previously online again.
Scorched earth on the issue tracker.
Anyways, as far as I can tell, every solution that has been recommended is circumventable in some way. It sucks, but as Kisak has mentioned, the only way to resolve this issue would be to discuss it on non-public forums, where cheat developers cannot see the active resolutions being proposed.
Some argue that this realistically would not do much to stop hosts, and it would not. However, the numbers absolutely will drop, as many hosts would be forced to purchase much more expensive hardware just to achieve enough bots to flood 1 server before their hardware fails.
It is asinine to assume half of the hosts (who are likely just kids who got bored of cheating) would simply purchase 10x expensive hardware just to get the same volume of bots they had previously online again.
I'd like to take a page out of RuneScape's book for a moment. RuneScape has had an ongoing bot crisis since around 2012. There have been several effort to stamp out this, but one sticks out, at least for me. The community hosted Bot Detector plugin, which uses a combination of neural networks and player driven reports, to detect bots, to a ~1 percent error margin. It uses several factors, such as location, gear, activity, name, chat activity, and other factors to come up with a decision. This is then sent to the developers through a special report channel, which are all looked at by humans, and permanently banned if needed. I believe a system like this could work wonders in Team Fortress 2. Bots are almost always immediately detected by humans, and properly trained neural networks could handle this too. However, this would take several employees at Valve manually reviewing cases to see if they are cheaters or false positives. This has worked pretty well for RuneScape, resulting in tens of thousands of bots being banned, and I believe might be one of the best solutions for TF2 at the moment.
However, this would take several employees at Valve manually reviewing cases to see if they are cheaters or false positives. This has worked pretty well for RuneScape, resulting in tens of thousands of bots being banned, and I believe might be one of the best solutions for TF2 at the moment.
It would be nice; however, Valve has insistently made it clear they want to avoid solutions that turn into a treadmill problem. The manually reviewing of flagged accounts is unrealistic from Valve's standpoint.
If there were a way to automate this process on Valve's side, then I could see it working quite well. There are already some interesting projects developers are making that Valve could make use of if greenlit, such as the whole MAC project in the works.
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-2068141034
@Kacey2k this is already being discussed in https://github.com/ValveSoftware/Source-1-Games/issues/4475
Also, apologies for the ping but @kisak-valve, you noted that if we had something to share with the team about the anti cheat we could discuss it over email. What email address could I send something to if I had a recommendation/solution for the anti cheat?
Hello @ethanholt1, https://help.steampowered.com/en/faqs/view/571A-97DA-70E9-FF74#report looks relevant.
[TF2] Feature Request: Suggestions to reduce bot farming
Issue transferred from https://github.com/ValveSoftware/Source-1-Games/issues/5953. @KimmyTF2 posted on 2024-04-30T21:32:52:
As many have speculated for years already, bots (not cheating bots) are being massively used to farm items, especially during Scream Fortress and Smissmas. To make them as unprofitable to run as possible, here are a few suggestions:
I have high hopes for this.
I think we need some kind of manual administration if possible.
What if they just made it so in order to play casual, you need to finish the the tutorial? (Not including the class specific tutorials.) It'll teach new players some of the basics and add an extra hoop that bot hosts will need to jump through to annoy people.
What if they just made it so in order to play casual, you need to finish the the tutorial? (Not including the class specific tutorials.) It'll teach new players some of the basics and add an extra hoop that bot hosts will need to jump through to annoy people.
Just thought of this after posting, but it'll also give an excuse to revamp the tutorial.
With the bot accounts being more rampant, it's now possible that Valve has now lost all faith with its TF2 community, allowing the game to rot even further even with the 64-bit update. Now TF2 is a cesspool of security exploits in Valve's Casual, Competitive and VAC servers, meaning they can't do anything about, which means that TF2 is "The New IE 6".
Now for those that are wondering, what is the term "The New IE 6"? Well it's a common term on the internet since around the late-2000s to early-2010s where a software product's current state is compared to that of the infamous web browser by Microsoft, Internet Explorer 6 released in 2001 (the year of 9/11), which was a popular browser during the 2000s but was then criticized for its bugs and security exploits, and has now been hailed as one of the worst software products ever made, resulting in almost all websites dropping support for the outdated browser in the 2010s.
This means that bot accounts that are developed with software that violates Steam's guidelines have now taken over the actual userbase of TF2, resulting in only the community servers being a safe place for the playerbase.
Also, Its not just the TF2 bot problem, its the fact that the Orange Box/SteamPipe branch of the Source engine is "The New IE 6"!
WHY?! Because Valve has always had a lack of communication between its Steam userbase and its modding community, and pretty much now lets any older engine branch of Source 1 to firmly rot with security issues and bot accounts. In addition, Valve is a company where any of its employees do whatever they want to, meaning they are extremely silent with communication between the consumers and the developers. This means that any common law funded by the SIIA and ESA that involves "Software Patching Law", "Game Patching Law", "Patching Law" and "Security Fix", all terms you can search on Google is now pretty much useless at Valve, because its developers and employees do whatever they want to.
Here's all the reasons why the Orange Box/SteamPipe branch is now the new IE 6, and all the reasons why the branch is so broken:
What this basically means that Valve has just pretty much let every single hacker group exploit all security problems in the Orange Box/SteamPipe branch, meaning every Steam user who plays Team Fortress 2, Counter-Strike Source, Day of Defeat Source, Half-Life 2 Deathmatch and Half-Life Deathmatch Source are now going to be victim of remote code execution which are hosted on servers tied to hacker groups. This also means that Valve will never likely fix any of the security exploits that causes bots to invade TF2 servers both from Valve and the community because VAC hasn't been update to support any newer networking and security APIs made years after DirectX 9 was discontinued.
[TF2] Feature Request: Suggestions to reduce bot farming
Issue transferred from #5953. @KimmyTF2 posted on 2024-04-30T21:32:52:
As many have speculated for years already, bots (not cheating bots) are being massively used to farm items, especially during Scream Fortress and Smissmas. To make them as unprofitable to run as possible, here are a few suggestions:
1. Rework the drop system. In Dota 2 this problem was also big, until Valve just straight up made all random drops untradable. This obviously won't work in TF2, as crafting and trading are directly connected, but something similar to the CS2 drop system could work, where players need to actually play and earn XP to receive rewards instead of idling. There are many ways to do it. Like adding daily challenges that reward players with a weapon or case (maybe even let them pick the reward they want). 7 weapons, 1 cosmetic and 1 war paint case in 7 days is similar to the current drop rate of items. 2. Change how cases drop. Giving F2P accounts cases doesn't make much sense. They are not able to trade them and most likely won't ever open them. For normal players who are not interested in spending money in TF2 they only clutter their already limited backpacks. However, bots can collect them, even on F2P accounts (also in the main menu), and if needed, $5 can be spent to let it move farmed cases to another account, flooding the market. 3. Giftapults. This is the most serious issue. Giftapults have no restrictions on who can receive the package. It can even be a F2P account idling in the main menu. There is no easy way to deal with it. Either straight up disable this item, as Secret Saxton exists, and we know that a player playing on the same server will receive our present instead of some bot, or only allow Premium accounts to send and receive presents. 4. Secret Saxtons. This is less of an issue than the others above, but Premium accounts are being used to farm Secret Saxtons given during Smissmas. The easiest way would be to make them untradable so only their owners can use them. (Not directly related to the issue, but Noise Maker - Winter Holiday has no 'Not Tradable or Marketable' attribute attached to it, like Noise Maker - TF Birthday, which every year generates only more and more items. Please make them untradable too.)
Additional stuff as part of this post:
With the Counter Strike team having once again "Added Overwatch system to enable match demo review by trusted partners" as of the April 25th patch this year in an attempt to filter out bad actors and cheaters, I'm surprised that nobody in this thread has mentioned a similar or identical system being added for Team Fortress 2 at this point? Perhaps much easier said than done, since gameplay-wise CS2 is still fundamentally different than TF2, but at the very least definitely worth mentioning in this thread. Since Valve's Overwatch backbone is clearly being tested again right now, it makes a lot of sense to extend the support and testing out to other Valve games including Team Fortress 2 which could, in theory, heavily benefit from such a system if tuned correctly
Hi @kisak-valve, are you in a position to share any updates or plans for this issue from Valve? Thank you.
Migrated here from Heated Topic.
Here to say that TF2 Bot Detector is deprecated as of March 2024. So we are looking for new options.
if it hasnt been said already, there is no anti cheat in the world that can survive agaisnt this type of automated cheater attack, yes every multiplayer game is at risk of being fucked by people hosting bots, thats the sad truth
the best i think valve could do is disable matchmaking and move people to community servers (maybe by readding quickplay like most people seem to want)
there is no anti cheat in the world that can survive agaisnt this type of automated cheater attack
I don't think this isn't true - the bots are reasonably unsophisticated and can be detected through all sorts of different means. It should be possible for valve to roll something out server-side that detects bots via a constellation of different heuristics that they keep private.
@sylveonsylvia This seems like you're just trying to suck up to Valve, a company who couldn't care less. If I had to guess, a vast majority of bot hosters are just copying other people's homework, and in that case, even a monthly patch might be enough to stop a lot of the bots. And I disagree that bots are these unstoppable, god-like things, community servers aren't plagued by bots because they have their own anti-cheats.
@sylveonsylvia This seems like you're just trying to suck up to Valve, a company who couldn't care less. If I had to guess, a vast majority of bot hosters are just copying other people's homework, and in that case, even a monthly patch might be enough to stop a lot of the bots. And I disagree that bots are these unstoppable, god-like things, community servers aren't plagued by bots because they have their own anti-cheats.
community servers are harder to target en-mass and have human moderators who can mass ban any bot squatting in a server during downtime
the issue with all anticheats is they arent instant and they can all be circumvented (even vanguard as invasive as it is has been defeated several times)
and btw im not trying to suck up to valve, im just being realistic with this problem, theres very few actual solutions that wont be completly undone within a week
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-2146294788
at the very least, if valve released patches that would temporarily fix the bot problem every two months or so, casual would be somewhat playable because there would likely only be 50 or so bots at any given time, the main reason the bots are so wide-spread is because anybody with enough hardware can host them
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-2146297649
im sorry this is not a sustainable solution
"Undone within a week" Is inaccurate.
Better anti-cheats and better moderation do work. It's not foolproof, it never will be, But doing nothing is far less effective than doing something. Some more recent FPS games happen to use a form of AI to detect for unusual or inhumane movement. Even if this doesn't outright stop bots, it'll slow them down greatly and make them less effective.
Text-mode is what's generally screwing things up, As some have mentioned already. Restricting actual play to visual-mode only will drastically reduce the bots. As someone already said, can't run 30 instances of TF2 if you have to run all the graphics, too.
Something is better than nothing. Don't be a pessimist.
Some more recent FPS games happen to use a form of AI to detect for unusual or inhumane movement.
cs2 has this and it results in you being instantly and permanently banned if you move your mouse too rapidly. very much not a good solution at all
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-2146300514
valve needs to do something, otherwise all of their new pvp games will have this issue, including deadlock.
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-2146294788
Valid, but I feel like as it stands now bot farms are able to scale way too easily. If at the very least we could completely gimp their ability to run TF2 in text mode or otherwise force bots to take on high compute costs to fly under the radar, we can massively reduce the problem. This would make casual significantly more playable and leave cheaters in the minority, making votekicks more effective and 6-party bots more rare.
cs2 has this and it results in you being instantly and permanently banned if you move your mouse too rapidly. very much not a good solution at all
i mean, at the very least it's something compared to tf2, which has nothing
cs2 has this and it results in you being instantly and permanently banned if you move your mouse too rapidly. very much not a good solution at all
... No? That's not how it works. The AI doesn't sample a moment of play, it observes over an extended duration of time and judges off of that. If it's confused, it's likely they have it to where it'll send in a report for manual review and have a real person judge it.
And way to ignore my second point.. Kid, please, stop trying to shoot down everyone's ideas.
Replying to #3477 (comment)
at the very least, if valve released patches that would temporarily fix the bot problem every two months or so, casual would be somewhat playable because there would likely only be 50 or so bots at any given time, the main reason the bots are so wide-spread is because anybody with enough hardware can host them
Well this outcome would end up being the dreaded "treadmill problem", which Valve developers have insistently stated they do all in their power to avoid. Given they are one of the most rich companies in the world for employee headcount it makes sense.
However, releasing some changes that could automate the work for them is of course a very much needed, and anticipated, patch that the game rightfully deserves.
There are ways to solve this with automation to ensure the game is at least playable; Valve is simply not lending their resources to tackle it.
Well this outcome would end up being the dreaded "treadmill problem", which Valve developers have insistently stated they do all in their power to avoid. Given they are one of the most rich companies in the world for employee headcount it makes sense.
ooooooh noooo big company scared of doing work to actually fix their game!!!!!! but seriously, i guess it does make sense because valve is structured in a way that allows employees to pick and choose what they want to do, which ends up not working for treadmill problems, and also kinda screws over their older games because nobody wants to work on the mess of code that is tf2, and at this point they might be better off porting all our inventories to a new game, but they also can't count to three so
Replying to #3477 (comment)
my personal solution would be to revert the game to the pre meet your match quickplay system. this would spread bots out among several community servers where they can be easily delt with by thier moderators, it would also breath new life into the community.
centralized matchmaking will always be vulnerable to this issue
Ever since the code leak of 2017 bots have been on the rise in TF2 and have only been getting worse with various workarounds to everything implemented against them, below I have listed a few possible things which could be used to stop or at least hinder the bots and their creators:
While the community has become accustom to kicking bots on sight, the bots themselves still exist unhindered in large numbers within TF2s matchmaking system. While I'm unsure if these solutions would permanently stop these bots, it could potentially slow them down to a degree and reduce their effectiveness.