Source-1-Games
Source-1-Games copied to clipboard
ValveSoftware
[TF2] Suggestions regarding the Bot Crisis
Ever since the code leak of 2017 bots have been on the rise in TF2 and have only been getting worse with various workarounds to everything implemented against them, below I have listed a few possible things which could be used to stop or at least hinder the bots and their creators:
Matchmaking bans based on kick record in casual and competitive Currently the community is used to kicking any bots on sight, and has become accustomed to it. I propose using this to the games advantage and creating a matchmaking ban system. This could function like so, when a player is kicked [x] times within a [x] period, they receive a matchmaking ban from casual or competitive accordingly, this matchmaking ban is extended in duration based on how many times a player has received a matchmaking ban within a certain period from each other. To prevent accidental punishments, the kicks needed to trigger a matchmaking ban within a certain time period should be extremely high, and the matchmaking ban increase could reset after a certain amount of time has elapsed without the player receiving a matchmaking ban.
Disallow newly connected players from calling votes in casual and competitive Currently some of the bots are programmed to call votes on other players as they join the game, this is to trick others in the lobby into kicking someone else aside from the bot, as well as delay the voting process intended to be used on the bot itself. A simple solution to this would be to disallow newly connected players from calling votes for a certain amount of time, which could be implemented through a cvar if adjustment is needed for other modes and in community servers.
Restrict new steam accounts from casual and competitive play for a certain amount of time One of the main problems of the bot situation is derived from how easy it is for the creators to constantly create new steam accounts. If casual play was unavailable for new accounts for a certain amount of time it would make it more time consuming for bot creators to throw more bots or replacement bots into the game, combining this with the matchmaking bans suggestion would result in a much slower bot output.
While the community has become accustom to kicking bots on sight, the bots themselves still exist unhindered in large numbers within TF2s matchmaking system. While I'm unsure if these solutions would permanently stop these bots, it could potentially slow them down to a degree and reduce their effectiveness.
Matchmaking bans based on kick record
this does not work in csgo and it will not work in tf2. people will abuse kicks even more.
What would be great is if someone could be reported as a bot and then block those reported to a threshold from joining any valve casual servers. To prevent that from being abused (threshold), the majority of the team would need to report the bot in several different new matches meaning the bot would need to disconnected join another (or same by chance) server for the majority of the team report to have an effect. This would require a large effort on the player part and would be slow given that many people may not read chat, hear voice chat, care, or even know how to participate to majority report. But, if you could get enough people to see a difference, I think you could get the same people behind it and be effective over time. What I feel like now is that reporting someone rather than kicking them has uncertainty that the category they were kicked for has anyone reviewing it or has any effectiveness and if you want to kick them for hacking or some other reason, the worst that can happen is that they are banned from that single valve server, but not the rest. The benefit of reporting instead of using kicks as a metric is that the alleged player doesn't get kicked and so, if used in conjunction with the aforementioned abuse reduction system, it will less likely used for abuse and abuse by bots when they are the majority on a team.
Of course, the next step would be for bots to then start choosing a random name from a predefined dictionary and then to change classes and reduce the bots' automated features to appear less annoying and less like a bot. This might be a good thing because then they would reduce their cheating to such a degree that they would have slightly harder adversaries to play around with rather than op machines. But it would probably turn into McCarthyism at least for younger people because somebody thinks someone is a bot because the alleged bot is better and the consorted group effort thinks like a group and not individually unless the alleged says they are not. In this case, this system would be worse than kicking since you don't know how many people to convince you are not a bot and how much time left. Yes, it requires several matches worth of reporting, but if the McCarthyism got so bad it was on many casual servers (which is doubtful) then I would hope there would be an appeal process.
The cheating software the bots run on is entirely open-source. A better alternative would be to plug signatures found in the source code into VAC, and force Linux users to run VAC at root level in order to make it more effective on those types of systems. The software in question only operates on Linux, as VAC has less permissions on Linux compared to say, Windows. Additionally, running multiple accounts on one PC is nigh impossible on Windows, causing VAC authentication errors when attempted. (With a few exceptions.) But due to how VAC on Linux works, it doesn't hand out any errors for this type of behavior, thus causing this problem.
As it stands, free accounts are already heavily discriminated against as it is due to this nonsense. Not being able to use voice and text chat completely neuters any sort of team interaction and communication, let alone the addition of disabling voice commands. Some sort of solution needs to be found to this at some point. While I understand the current world situation has made life difficult for many people, the team has shown that they still have the ability to make some changes to the game during all of this.
So, let's not introduce any more changes that could turn even more people off of this game. That'll just make things worse. Bot owners have already made a good majority of their accounts paid in order to bypass the restrictions currently set in place. So it's silly to even keep them.
another option besides giving the signatures of cathook to VAC's blacklist? have TF2 do some checking on it's own, and make it so that Tf2 would crash 5 minutes after injecting cathook on linux.
Hi. Current bots try to disguise their name as a player from the same team.
Could you display the same info in the voting menu as in the scores? People can't understand who they kick so if they choose a legitimate player then the bot is still in the game.
Also sorting by name would help too.
And no, I wouldn't like to run anything under root level. This is not needed. What's next? VM escape detection? That's not realistic.
Disallow newly connected players from calling votes in casual and competitive Currently some of the bots are programmed to call votes on other players as they join the game, this is to trick others in the lobby into kicking someone else aside from the bot, as well as delay the voting process intended to be used on the bot itself. A simple solution to this would be to disallow newly connected players from calling votes for a certain amount of time, which could be implemented through a cvar if adjustment is needed for other modes and in community servers.
i like this, but players who recently changed their name on the server also need the restriction
otherwise the bots could join with an innocuous name to avoid being kicked, hang around until the timeout is over and then perform their "attack" (steal a player's name, hide the name change message by spamming newline characters in the chat, then call the vote)
if name changers had the same restriction then i couldn't think of a way they could work around it anymore
@huglovefan I think a way they could get around it is: They can mass connect casual matches and the have access to the steam api to get player names. They can decrease the list of players to target by keeping track of who changes their name frequently and only keeping the ones who change names from a range of once per month to account creation as well as keeping track of the names who remain who play on TF2 casual regularly (they check by either cross referencing the ips that the player tends to join with an existing list or they try connecting and test if they get disconnected because you can't join a casual game by ip). So they change the bot names to the remaining people on that list and wait the time out (week or hours). Then, like they already do, they flood casual matches or try to fill in both teams on the matches that are empty because sometimes bots are part of bot parties and the bots communicate with each other to coordinate. Except, this time, the bots are communicating to swap out the server with only 5 - 10 or more bots with steam names that match the players on the server. In this way, it is effectively a slower way to change names, but less likely to encounter players on a server who have their names copied, but conceivable nevertheless.
One suggestion I've not seen in this thread is to start displaying the hidden characters cheaters use in their name to disguise themselves as another player. It's much easier to tell who's a cheater when comparing "Player" with "Pl?ayer?" for example.
The third-party TF2 Bot Detector utility does this.
This doesn't address the problem exactly, as they'll still be able to join games and spoil it until they are kicked, but it would at least help reduce the amount of times the innocent player who's name has been copied is kicked instead of the bot.
I think identifying humans from bots is especially important if there is some kind of matchmaking ban for being kicked.
This is the software that cheaters are using to invade bots
<Link removed by moderator>
As of recently, the bots are now all called "BARRY WHITE'S FISTING" and cannot be kicked since they lag out the server as soon as a vote against them is started. Provided you actually managed to fix the lag exploit that was used a few years ago to do the same thing, this is most likely now caused by DDOS attacks against your servers, which means your hardware & network is suffering, Valve. I just quit a two hour gaming session after 80%+ of the games were ruined by unkickable bots. Seriously, this game is getting increasingly unplayable. I don't understand the decision to leave the servers running and let the bot hosters do their thing. After five years of this issue persisting it's about time to do something meaningful, please.
Honestly, I can't believe this issue isn't fixed yet and much less can I believe this thread isn't the most active on this entire bug tracker.
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-1062095840
This specific scenario isn't a DDOS attack. It's yet another exploit.
There is one fix we could all apply: Don't use Steam and Valve. I play only on community servers.
If you're gonna do anything for the #savetf2 movement then please at least fix the lag exploit so we can attempt to actually kick the bots ...
When I play tf2 in 2023 in Africa.. it seems like valve hasn't done enough I swear like 23 bots are on the other team please if someone could help African servers it would be a great thing...
At this point, most players would be content with bot numbers sheared down to at least a manageable level.
It has been 3+ years, and most of the players have evolved to quickly identify and votekick all types of bots. All patches that have been put into place since the issue began have only served to complicate bot developers' path to hosting. As well as disable some of the methods they can exploit with their bots.
**This has been mentioned many times and will be mentioned again: ** all code relating to textmode tf2 should be entirely scrapped.
It serves no practical purpose to non-malicious players, and has repeatedly been a troublemaker for the community; whether it be the item idling programs from the early drop system or our current bot crisis. The small cases where it can actually be utilized is a valid sacrifice to make. Even if the bots were not an issue, removal of textmode would be more comparable to a "spring cleaning", rather than a patch for longevity.
Bot hosts achieve the numbers they have thanks to textmode being extremely lenient on hardware usage. Forcing them to switch to visual tf2 would be like a Windows user attempting to open 30+ instances of the game using sandboxie -- not too friendly for the CPU.
Some argue that this realistically would not do much to stop hosts, and it would not. However, the numbers absolutely will drop, as many hosts would be forced to purchase much more expensive hardware just to achieve enough bots to flood 1 server before their hardware fails.
It is asinine to assume half of the hosts (who are likely just kids who got bored of cheating) would simply purchase 10x expensive hardware just to get the same volume of bots they had previously online again.
Scorched earth on the issue tracker.
Anyways, as far as I can tell, every solution that has been recommended is circumventable in some way. It sucks, but as Kisak has mentioned, the only way to resolve this issue would be to discuss it on non-public forums, where cheat developers cannot see the active resolutions being proposed.
Some argue that this realistically would not do much to stop hosts, and it would not. However, the numbers absolutely will drop, as many hosts would be forced to purchase much more expensive hardware just to achieve enough bots to flood 1 server before their hardware fails.
It is asinine to assume half of the hosts (who are likely just kids who got bored of cheating) would simply purchase 10x expensive hardware just to get the same volume of bots they had previously online again.
I'd like to take a page out of RuneScape's book for a moment. RuneScape has had an ongoing bot crisis since around 2012. There have been several effort to stamp out this, but one sticks out, at least for me. The community hosted Bot Detector plugin, which uses a combination of neural networks and player driven reports, to detect bots, to a ~1 percent error margin. It uses several factors, such as location, gear, activity, name, chat activity, and other factors to come up with a decision. This is then sent to the developers through a special report channel, which are all looked at by humans, and permanently banned if needed. I believe a system like this could work wonders in Team Fortress 2. Bots are almost always immediately detected by humans, and properly trained neural networks could handle this too. However, this would take several employees at Valve manually reviewing cases to see if they are cheaters or false positives. This has worked pretty well for RuneScape, resulting in tens of thousands of bots being banned, and I believe might be one of the best solutions for TF2 at the moment.
However, this would take several employees at Valve manually reviewing cases to see if they are cheaters or false positives. This has worked pretty well for RuneScape, resulting in tens of thousands of bots being banned, and I believe might be one of the best solutions for TF2 at the moment.
It would be nice; however, Valve has insistently made it clear they want to avoid solutions that turn into a treadmill problem. The manually reviewing of flagged accounts is unrealistic from Valve's standpoint.
If there were a way to automate this process on Valve's side, then I could see it working quite well. There are already some interesting projects developers are making that Valve could make use of if greenlit, such as the whole MAC project in the works.
Replying to https://github.com/ValveSoftware/Source-1-Games/issues/3477#issuecomment-2068141034
@Kacey2k this is already being discussed in https://github.com/ValveSoftware/Source-1-Games/issues/4475
Also, apologies for the ping but @kisak-valve, you noted that if we had something to share with the team about the anti cheat we could discuss it over email. What email address could I send something to if I had a recommendation/solution for the anti cheat?
Hello @ethanholt1, https://help.steampowered.com/en/faqs/view/571A-97DA-70E9-FF74#report looks relevant.
[TF2] Feature Request: Suggestions to reduce bot farming
Issue transferred from https://github.com/ValveSoftware/Source-1-Games/issues/5953. @KimmyTF2 posted on 2024-04-30T21:32:52:
As many have speculated for years already, bots (not cheating bots) are being massively used to farm items, especially during Scream Fortress and Smissmas. To make them as unprofitable to run as possible, here are a few suggestions:
- Rework the drop system. In Dota 2 this problem was also big, until Valve just straight up made all random drops untradable. This obviously won't work in TF2, as crafting and trading are directly connected, but something similar to the CS2 drop system could work, where players need to actually play and earn XP to receive rewards instead of idling. There are many ways to do it. Like adding daily challenges that reward players with a weapon or case (maybe even let them pick the reward they want). 7 weapons, 1 cosmetic and 1 war paint case in 7 days is similar to the current drop rate of items.
- Change how cases drop. Giving F2P accounts cases doesn't make much sense. They are not able to trade them and most likely won't ever open them. For normal players who are not interested in spending money in TF2 they only clutter their already limited backpacks. However, bots can collect them, even on F2P accounts (also in the main menu), and if needed, $5 can be spent to let it move farmed cases to another account, flooding the market.
- Giftapults. This is the most serious issue. Giftapults have no restrictions on who can receive the package. It can even be a F2P account idling in the main menu. There is no easy way to deal with it. Either straight up disable this item, as Secret Saxton exists, and we know that a player playing on the same server will receive our present instead of some bot, or only allow Premium accounts to send and receive presents.
- Secret Saxtons. This is less of an issue than the others above, but Premium accounts are being used to farm Secret Saxtons given during Smissmas. The easiest way would be to make them untradable so only their owners can use them. (Not directly related to the issue, but Noise Maker - Winter Holiday has no 'Not Tradable or Marketable' attribute attached to it, like Noise Maker - TF Birthday, which every year generates only more and more items. Please make them untradable too.)
What if they just made it so in order to play casual, you need to finish the the tutorial? (Not including the class specific tutorials.) It'll teach new players some of the basics and add an extra hoop that bot hosts will need to jump through to annoy people.
What if they just made it so in order to play casual, you need to finish the the tutorial? (Not including the class specific tutorials.) It'll teach new players some of the basics and add an extra hoop that bot hosts will need to jump through to annoy people.
Just thought of this after posting, but it'll also give an excuse to revamp the tutorial.
With the bot accounts being more rampant, it's now possible that Valve has now lost all faith with its TF2 community, allowing the game to rot even further even with the 64-bit update. Now TF2 is a cesspool of security exploits in Valve's Casual, Competitive and VAC servers, meaning they can't do anything about, which means that TF2 is "The New IE 6".
Now for those that are wondering, what is the term "The New IE 6"? Well it's a common term on the internet since around the late-2000s to early-2010s where a software product's current state is compared to that of the infamous web browser by Microsoft, Internet Explorer 6 released in 2001 (the year of 9/11), which was a popular browser during the 2000s but was then criticized for its bugs and security exploits, and has now been hailed as one of the worst software products ever made, resulting in almost all websites dropping support for the outdated browser in the 2010s.
This means that bot accounts that are developed with software that violates Steam's guidelines have now taken over the actual userbase of TF2, resulting in only the community servers being a safe place for the playerbase.
