This is a problem we're obviously aware of. It's definitely not that we don't
care. However, it is essentially an arms race that is provably unwinnable by
Valve. Furthermore, any change we make in the name of security will almost
certainly cause a disruption of legitimate service, due to bugs on our part, or
usage cases we're just not aware of. It is a classic conflict between security
and accessibility.
Hopefully those two reasons help explain our reluctance to address these sorts
of problems through technology. They will create an ongoing arms race, in
which we can possibly limit this activity and make it harder, but probably
never eliminate it completely. Furthermore, this benefit comes at a cost of
taking resources away from adding features and fixing bugs, and also disrupting
legitimate users.
When we can do simple and safe things to make it harder to do these sorts of
things, we will. We have some protocol changes that will make it harder to do
this sort of spoofing, which have been beta tested for some time now. We'll be
rolling those out in the next couple of months.
Crowdsourcing using the abuse reports helps us stay out of the arms race, and
it's the safest and simplest way to deal with this problem and many others like
it.
Your humble servant,
Fletch
-----Original Message-----
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Mart-Jan
Reeuwijk
Sent: Wednesday, November 02, 2011 5:39 AM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Fake clients, misreported bots, infringing usage of
player names/images
there is some italian group that does that.
they have dozens maybe even in the hundred of servers in server list, but all
get redirected to 1 server. and those server report a variety of maps played,
names in server lists etc. you click info, refresh, says for example dustbowl,
and then join, get redirected to their server, with bots, and another map then
advertized in the server info. Its damn annoying. And indeed, they change IP's
a lot, to evade blacklisting.
________________________________
From: daniel jokiaho<daniel.joki...@gmail.com>
To: Half-Life dedicated Linux server mailing
list<hlds_li...@list.valvesoftware.com>
Sent: Wednesday, 2 November 2011, 7:27
Subject: Re: [hlds_linux] Fake clients, misreported bots, infringing usage of
player names/images
what about servers on different ips and port that have exactly the same
players.
I join server x. U join server y. And still we play against or with each
other :-(
On 2 Nov 2011 06:53, "msleeper"<mslee...@ismsleeperwrong.com> wrote:
Are you sure they're not just adding more servers? Changing IPs is a
server playerbase suicide as anyone who had it bookmarked won't be
able to find it again. I suppose they could use those servers for
redirects, but in theory that would get those IPs blacklisted pretty
fast if Valve's scoring/reputation system is still in effect.
On Wed, Nov 2, 2011 at 1:42 AM, Jesse Porter<reacherg...@gmail.com>
wrote:
The problem with blacklisting these servers is that they seem to show up
a
few weeks later with a new batch of ip addresses. Can't blacklist them
effectively when they do that.
On Nov 1, 2011 7:40 PM, "Robert Paulson"<thepauls...@gmail.com> wrote:
It is very rude of you to repeatedly spam the mailing list to pressure
Valve into doing whatever you want instead of working on crashes and
content.
Valve has already put in a huge effort making these servers less
prominent.
- Blacklist
- Quickplay
- Reputation
It isn't perfect but blacklisting takes care of the servers you don't
like
once you've spotted them. Quickplay and reputation filter most of the
ones
you haven't spotted yet. No one I know has any problems finding a server
full of real players. Everyone I know just blacklists and move on.
Server IPs do not change often since it costs money to buy new ones and
you
need proper ARIN justification to get more due to the IPV4 shortage. The
fact that you are on here spamming about it as though TF2 is going to
die
out next week makes me think that you are struggling with your own
server
rather than being a concerned player.
I also hate the big pay-to-win servers with fake clients, but it would
be a
mistake for Valve to just de-list them, wrongly assuming no one really
wants to play there. I have a friend who wouldn't be playing TF2 if they
didn't exist and has bought hundreds of dollars worth of Mann Co keys.
And
from what he tells me he isn't the only one. Yes he knows there are
bots.
The "cloaked" bots appeal to him for the same reason Valve decided not
to
name bots bot1, bot2, bot3 and to have them taunt randomly.
These servers still exist not because of a fake player plugin but
because,
as much as it pains us to believe, some players actually prefer them.
No one here is enthusiastic about having Valve delist servers based on
anonymous reports because we all know that the system will be abused
even
though they have "taken basic measures to prevent" it. We know this
because
they also took "measures" to prevent F2P players from avoiding VAC bans
by
making throw-away accounts, yet I still see hackers that have made at
least
5 of them in a row and even adding their old VAC banned account on their
friends list.
To save Valve the administration overhead and abuse, and to satisfy both
server administrators and players, I suggest dropping the server report
function and adding either of these 2 features.
1. Add a check-box for Valve-only/Favorites-only Quickplay servers.
2. Let premium players rate servers from 1 to 5 upon disconnection. Each
player may only vote once. To prevent voter apathy, servers are
automatically rated a 5 if the player does not vote. Then the user can
decide for him/herself to connect to the server based on the rating
rather
than a few opinionated complainers.
These two solutions address the root of the problem and lets the player
decide while freeing Valve to work on more content.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
