Fletch probably doesn't have a ton of free time, if I had to guess, but if you want to talk to him further about the details he doesn't want to go into on this public forum, you might consider just replying to him and not including the list. ;)
/includes the list on this email because sux On Wed, Nov 2, 2011 at 2:42 PM, John Schoenick <nephy...@doublezen.net>wrote: > I get what you're saying, but there's a difference between magic bullets > and leaving the door unlocked. If you needed to setup 31 F2P accounts, get > multiple IPs to avoid super-easy abuse detection, and use an external tool > to have them all auth into your server (which is VAC bannable) it'd be a > hell of a lot more involved than typing 'fake players' into a sourcemod > plugin search and copying the first result into your server folder. > > - Neph > > > On 11/02/2011 01:59 PM, Fletcher Dunn wrote: > >> That doesn't really work. I don't want to get into the details on this >> public forum, but I can guarantee that the result of what you describe is >> that the problem would just be escalated higher, meaning more convincing >> bots with avatars, with valid steam accounts that are logged into steam, >> etc. A few weeks (or maybe even a few days) later, we'd have the same >> problem, only the avatars would be fixed and it would be even harder for a >> human to recognize them. This is exactly what I meant by an arms race. We >> would spend all that time, and maybe some people decided it was too much >> effort for them, but likely many would still continue to do it. >> >> The delusion that the problem is trivial or that there is magic bullet is >> only enabled by ignorance of what people are able to and the lengths they >> go to do this sort of thing. >> >> - Fletch >> >> From: John Schoenick >> [mailto:john@pointysoftware.**net<j...@pointysoftware.net> >> ] >> Sent: Wednesday, November 02, 2011 1:48 PM >> To: Half-Life dedicated Win32 server mailing list >> Cc: Rob Liu; Fletcher Dunn >> Subject: Re: [hlds] [hlds_linux] Fake clients, misreported bots, >> infringing usage of player names/images >> >> Missing avatars is a big clue. Hit steam overlay -> recent players or >> whatever, if they don't show up there, they're not actually in the server. >> >> All steam needs to do is keep clients updated on steamIDs auth'd with a >> server. TF2 could then just label steamIDs that are being shown on the >> scoreboard but not present according to steam as bots. It could evenly >> passively report this discrepancy via the abuse system. >> >> It's hardly unwinnable, it just requires adding some more capabilities to >> steam. Ideally, we'd just get our server lists from there and not trust >> servers to be honest. >> >> - Neph >> >> On 11/02/2011 01:42 PM, Rob Liu wrote: >> Can anyone share some tips on identify those "spoof" server? There are a >> few servers I know that's doing it, but they're hiding it so well. it's >> really hard to tell they're using bots. >> On Thu, Nov 3, 2011 at 9:24 AM, Fletcher Dunn<fletcherd@valvesoftware.** >> com >> <fletch...@valvesoftware.com><mailto:fletcherd@**valvesoftware.com<fletch...@valvesoftware.com>>> >> wrote: >> >> The abuse reporting system has only been live a total of 4 days. Give it >> some time. There are no plans to give any (non-Valve) entity any special >> route to get their claims of abuse escalated more quickly. >> >> There are still simple things we can do to increase player awareness of >> this functionality, and we are working on them. >> >> Give it a couple of weeks or so. We'll see how much data we get back >> from players, and how effective the system is at curbing these sorts of >> problems. >> >> Your humble servant, >> Fletch >> >> -----Original Message----- >> From: >> hlds-bounces@list.**valvesoftware.com<hlds-boun...@list.valvesoftware.com> >> <mailto:hlds-**boun...@list.valvesoftware.com<hlds-boun...@list.valvesoftware.com> >> **> >> [mailto:hlds-bounces@list.**valvesoftware.com<hlds-boun...@list.valvesoftware.com> >> <mailto:hlds-**boun...@list.valvesoftware.com<hlds-boun...@list.valvesoftware.com> >> **>] On Behalf Of msleeper >> Sent: Wednesday, November 02, 2011 12:45 PM >> To: Half-Life dedicated Win32 server mailing list >> Subject: Re: [hlds] [hlds_linux] Fake clients, misreported bots, >> infringing usage of player names/images >> >> Fletcher - Is there someone we can report blatantly, aggressively >> abusive servers to in an attempt to escalate the worst offenders to >> human intervention? I don't think any of us here are expecting a >> flawless programmatic solution to the issue of Bad Servers, nor would >> we expect Valve staff to spend paid manhours joining and checking >> servers instead of working on much more important tasks, but as >> someone else said, the 1% worst offenders are "too big to fail" and >> seem to be falling through the cracks in your automated systems. The >> reporting tool sounds like a great solution, but my immediate concern >> is that it might not pan out like you (and us server ops) are hoping >> since the vast majority of players probably aren't even aware of such >> problems. >> >> On Wed, Nov 2, 2011 at 2:50 PM, Fletcher Dunn >> <fletch...@valvesoftware.com<**mailto:fletcherd@**valvesoftware.com<fletch...@valvesoftware.com>>> >> wrote: >> >>> This is a problem we're obviously aware of. It's definitely not that we >>> don't care. However, it is essentially an arms race that is provably >>> unwinnable by Valve. Furthermore, any change we make in the name of >>> security will almost certainly cause a disruption of legitimate service, >>> due to bugs on our part, or usage cases we're just not aware of. It is a >>> classic conflict between security and accessibility. >>> >>> Hopefully those two reasons help explain our reluctance to address these >>> sorts of problems through technology. They will create an ongoing arms >>> race, in which we can possibly limit this activity and make it harder, but >>> probably never eliminate it completely. Furthermore, this benefit comes at >>> a cost of taking resources away from adding features and fixing bugs, and >>> also disrupting legitimate users. >>> >>> When we can do simple and safe things to make it harder to do these >>> sorts of things, we will. We have some protocol changes that will make it >>> harder to do this sort of spoofing, which have been beta tested for some >>> time now. We'll be rolling those out in the next couple of months. >>> >>> Crowdsourcing using the abuse reports helps us stay out of the arms >>> race, and it's the safest and simplest way to deal with this problem and >>> many others like it. >>> >>> Your humble servant, >>> Fletch >>> >>> >>> -----Original Message----- >>> From: >>> hlds_linux-bounces@list.**valvesoftware.com<hlds_linux-boun...@list.valvesoftware.com> >>> <mailto:hlds_**linux-bounces@list.**valvesoftware.com<hlds_linux-boun...@list.valvesoftware.com>> >>> >>> [mailto:hlds_linux-bounces@**list.valvesoftware.com<hlds_linux-boun...@list.valvesoftware.com> >>> <mailto:**hlds_linux-bounces@list.**valvesoftware.com<hlds_linux-boun...@list.valvesoftware.com>>] >>> On Behalf Of Mart-Jan Reeuwijk >>> Sent: Wednesday, November 02, 2011 5:39 AM >>> To: Half-Life dedicated Linux server mailing list >>> Subject: Re: [hlds_linux] Fake clients, misreported bots, infringing >>> usage of player names/images >>> >>> there is some italian group that does that. >>> >>> they have dozens maybe even in the hundred of servers in server list, >>> but all get redirected to 1 server. and those server report a variety of >>> maps played, names in server lists etc. you click info, refresh, says for >>> example dustbowl, and then join, get redirected to their server, with bots, >>> and another map then advertized in the server info. Its damn annoying. And >>> indeed, they change IP's a lot, to evade blacklisting. >>> >>> >>> ______________________________**__ >>>> From: daniel jokiaho<daniel.jokiaho@gmail.**com<daniel.joki...@gmail.com> >>>> <mailto:daniel.jokiaho@**gmail.com <daniel.joki...@gmail.com>>> >>>> To: Half-Life dedicated Linux server mailing list<hlds_linux@list.** >>>> valvesoftware.com <hlds_li...@list.valvesoftware.com><mailto:hlds_** >>>> li...@list.valvesoftware.com <hlds_li...@list.valvesoftware.com>>> >>>> >>>> Sent: Wednesday, 2 November 2011, 7:27 >>>> Subject: Re: [hlds_linux] Fake clients, misreported bots, infringing >>>> usage of player names/images >>>> >>>> what about servers on different ips and port that have exactly the same >>>> players. >>>> >>>> I join server x. U join server y. And still we play against or with each >>>> other :-( >>>> On 2 Nov 2011 06:53, >>>> "msleeper"<msleeper@**ismsleeperwrong.com<mslee...@ismsleeperwrong.com> >>>> <mailto:msl**ee...@ismsleeperwrong.com <mslee...@ismsleeperwrong.com>>> >>>> wrote: >>>> >>>> Are you sure they're not just adding more servers? Changing IPs is a >>>>> server playerbase suicide as anyone who had it bookmarked won't be >>>>> able to find it again. I suppose they could use those servers for >>>>> redirects, but in theory that would get those IPs blacklisted pretty >>>>> fast if Valve's scoring/reputation system is still in effect. >>>>> >>>>> On Wed, Nov 2, 2011 at 1:42 AM, Jesse Porter<reacherg...@gmail.com<** >>>>> mailto:reacherg...@gmail.com>> >>>>> >>>>> wrote: >>>>> >>>>>> The problem with blacklisting these servers is that they seem to show >>>>>> up >>>>>> >>>>> a >>>>> >>>>>> few weeks later with a new batch of ip addresses. Can't blacklist them >>>>>> effectively when they do that. >>>>>> On Nov 1, 2011 7:40 PM, "Robert Paulson"<thepauls...@gmail.com** >>>>>> <mailto:thepauls...@gmail.com>**> wrote: >>>>>> >>>>>> >>>>>> It is very rude of you to repeatedly spam the mailing list to >>>>>>> pressure >>>>>>> Valve into doing whatever you want instead of working on crashes and >>>>>>> content. >>>>>>> >>>>>>> Valve has already put in a huge effort making these servers less >>>>>>> >>>>>> prominent. >>>>> >>>>>> - Blacklist >>>>>>> - Quickplay >>>>>>> - Reputation >>>>>>> >>>>>>> It isn't perfect but blacklisting takes care of the servers you don't >>>>>>> >>>>>> like >>>>> >>>>>> once you've spotted them. Quickplay and reputation filter most of the >>>>>>> >>>>>> ones >>>>> >>>>>> you haven't spotted yet. No one I know has any problems finding a >>>>>>> server >>>>>>> full of real players. Everyone I know just blacklists and move on. >>>>>>> >>>>>>> Server IPs do not change often since it costs money to buy new ones >>>>>>> and >>>>>>> >>>>>> you >>>>> >>>>>> need proper ARIN justification to get more due to the IPV4 shortage. >>>>>>> The >>>>>>> fact that you are on here spamming about it as though TF2 is going to >>>>>>> >>>>>> die >>>>> >>>>>> out next week makes me think that you are struggling with your own >>>>>>> >>>>>> server >>>>> >>>>>> rather than being a concerned player. >>>>>>> >>>>>>> I also hate the big pay-to-win servers with fake clients, but it >>>>>>> would >>>>>>> >>>>>> be a >>>>> >>>>>> mistake for Valve to just de-list them, wrongly assuming no one really >>>>>>> wants to play there. I have a friend who wouldn't be playing TF2 if >>>>>>> they >>>>>>> didn't exist and has bought hundreds of dollars worth of Mann Co >>>>>>> keys. >>>>>>> >>>>>> And >>>>> >>>>>> from what he tells me he isn't the only one. Yes he knows there are >>>>>>> >>>>>> bots. >>>>> >>>>>> The "cloaked" bots appeal to him for the same reason Valve decided not >>>>>>> >>>>>> to >>>>> >>>>>> name bots bot1, bot2, bot3 and to have them taunt randomly. >>>>>>> >>>>>>> These servers still exist not because of a fake player plugin but >>>>>>> >>>>>> because, >>>>> >>>>>> as much as it pains us to believe, some players actually prefer them. >>>>>>> >>>>>>> No one here is enthusiastic about having Valve delist servers based >>>>>>> on >>>>>>> anonymous reports because we all know that the system will be abused >>>>>>> >>>>>> even >>>>> >>>>>> though they have "taken basic measures to prevent" it. We know this >>>>>>> >>>>>> because >>>>> >>>>>> they also took "measures" to prevent F2P players from avoiding VAC >>>>>>> bans >>>>>>> >>>>>> by >>>>> >>>>>> making throw-away accounts, yet I still see hackers that have made at >>>>>>> >>>>>> least >>>>> >>>>>> 5 of them in a row and even adding their old VAC banned account on >>>>>>> their >>>>>>> friends list. >>>>>>> >>>>>>> To save Valve the administration overhead and abuse, and to satisfy >>>>>>> both >>>>>>> server administrators and players, I suggest dropping the server >>>>>>> report >>>>>>> function and adding either of these 2 features. >>>>>>> >>>>>>> 1. Add a check-box for Valve-only/Favorites-only Quickplay servers. >>>>>>> >>>>>>> 2. Let premium players rate servers from 1 to 5 upon disconnection. >>>>>>> Each >>>>>>> player may only vote once. To prevent voter apathy, servers are >>>>>>> automatically rated a 5 if the player does not vote. Then the user >>>>>>> can >>>>>>> decide for him/herself to connect to the server based on the rating >>>>>>> >>>>>> rather >>>>> >>>>>> than a few opinionated complainers. >>>>>>> >>>>>>> These two solutions address the root of the problem and lets the >>>>>>> player >>>>>>> decide while freeing Valve to work on more content. >>>>>>> ______________________________**_________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>> archives, >>>>>>> please visit: >>>>>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list.valvesoftware.com/mailman/listinfo/hlds_linux> >>>>>>> >>>>>>> ______________________________**_________________ >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> >>>>> please visit: >>>>> >>>>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list.valvesoftware.com/mailman/listinfo/hlds_linux> >>>>>> >>>>>> ______________________________**_________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list.valvesoftware.com/mailman/listinfo/hlds_linux> >>>>> >>>>> ______________________________**_________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list.valvesoftware.com/mailman/listinfo/hlds_linux> >>>> >>>> >>>> >>>> ______________________________**_________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list.valvesoftware.com/mailman/listinfo/hlds_linux> >>> >>> ______________________________**_________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/**mailman/listinfo/hlds<http://list.valvesoftware.com/mailman/listinfo/hlds> >>> >>> ______________________________**_________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/**mailman/listinfo/hlds<http://list.valvesoftware.com/mailman/listinfo/hlds> >> >> ______________________________**_________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/**mailman/listinfo/hlds<http://list.valvesoftware.com/mailman/listinfo/hlds> >> >> >> >> >> >> ______________________________**_________________ >> >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> >> http://list.valvesoftware.com/**mailman/listinfo/hlds<http://list.valvesoftware.com/mailman/listinfo/hlds> >> >> ______________________________**_________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list.valvesoftware.com/mailman/listinfo/hlds_linux> >> > > > ______________________________**_________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/**mailman/listinfo/hlds<http://list.valvesoftware.com/mailman/listinfo/hlds> >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
