STEAM GROUP
TF2 Outpost by Fanbyte
Membership by invitation only
STEAM GROUP
TF2 Outpost by Fanbyte
160,707
MEMBERS
3,487
IN-GAME
26,689
ONLINE
Founded
7 August, 2011
Language
English
Overview Announcements Discussions Events Members Comments Curator
This topic has been locked
NiceTraderJoe 23 Jul, 2014 @ 6:52am
Phishing Bots and How to Stop Them
Hey,

I am a long-time user of TF2Outpost and I have noticed a severe increase in phishing bot activity stemming from this site. It is so bad now that 70% of the friend requests I have received from this site in the last week have been phishing bots (18 out of 26 friend requests). I have reported every one of the bots to Steam.

If this trend of bots vs. legitimate traders continues (or even holds steady), I will be forced to leave this site and find somewhere else to post trades. Leaving is something that I do not want to do since I have traditionally had good trading here, but I am now spending way too much time with noise rather than signal. I am likely not alone in this realization and determination.

Here is my quick analysis of the phishing bot problem:

Phishing bot types

  1. New account as bot (pure bot)
  2. Hijacked phishing victim account as bot (victim bot)

Phishing bot activities

  1. Monitor tf2outpost.com front page
  2. When new trade offer/bump appears, scrape Steam user ID, friend user and send phishing links
  3. Profit

How to stop phishing bots

  1. Require site login to view trade user details (steam ID)
  2. Set up an obvious “phishing bot report" page
    1. Must be logged into site to report
    2. Submit Steam ID / link to Steam page
    3. Submit Phishing message received
    4. Record user submitting report
  3. Immediately block reported bots from viewing trade details (steam ID)
    1. User can still manage their own trades as normal, meaning you can still sell but not see new incoming trade offers
    2. User is auto-blocked for 24 hours
    3. Admin reviews reports from bot page can either confirm as bot or not
      1. If in doubt, admin should err on “account is not a bot”
      2. Multiple reports of user as bot increases possible confirmation as “bot”
      3. Optional admin activities
        1. Admin determines bot type (pure bot vs. victim bot vs. undetermined)
        2. Admin reports bots to Steam with bot type
          1. This will help more quickly ban pure bots and help victims regain their phished accounts
      4. If reporting user submits too many unconformable bot reports, block user from reporting phishing bots
  4. Require simple chat conversation with admin for human users to be unblocked
    1. Text chat (simple fast conversation for human responses)
      1. What color is the sky?
      2. Do you know someone who is allergic to oranges?
      3. Tell me a quick story involving Justin Bieber and firefighters
    2. New forum thread with more than 3 responses from user
  5. Profit

Optional additional countermeasures:

  1. Log all site logins (required from above) and scan users Steam accounts for possible bot-like activity (combined score can increase bot account detection; use score with admin review page)
    1. IP address of user
      1. Is IP address from a proxy server?
      2. Approximate geographic origin of user
      3. Other users using same IP address
      4. Changes in IP address for user
    2. Backpack is private
    3. Newer user creation date
    4. Low number of hours played
    5. Low number of purchased vs. free games
    6. Low number of completed transactions
    7. Response to automated unsolicited friend request (bot counter-phishing)
  2. Require additional bot-detection measures
    1. Captcha for site account creation in addition to Steam login
    2. Require re-login (re-captcha) periodically (once per week)

Bot countermeasures will never be 100% successful, but if you can reduce bot activity by 80%, human user experience will greatly improve.

Thank you and have a great day! ^_^

Joe.
Last edited by NiceTraderJoe; 23 Jul, 2014 @ 7:28am
< >
Showing 1-7 of 7 comments
norby89 23 Jul, 2014 @ 8:24am 
Most if not all of this has been discussed before and the conclusion is that there's not much that can be done against them other than waiting for Valve to implement some measures that slows them down or stops them.

Originally posted by NiceTraderJoe:
Hey,

  1. Require site login to view trade user details (steam ID)
    - not an issue for a phisher
  2. Set up an obvious “phishing bot report" page
    - most bots don't use the site, it's pointless to report them
  3. Immediately block reported bots from viewing trade details (steam ID)
    - bots that do use the site are actively banned, there's no need for a complicated system like that
  4. Require simple chat conversation with admin for human users to be unblocked
    - see above

Optional additional countermeasures:

  1. Log all site logins (required from above) and scan users Steam accounts for possible bot-like activity (combined score can increase bot account detection; use score with admin review page)
    - once again the bots on the site are not a problem, it's the ones that scrape the site for IDs and then use that info to add users on Steam, it's impossible to tell who is doing that since they could be someone posting as a legit user and even if they were banned they could just use a new account
  2. Require additional bot-detection measures
    1. Captcha for site account creation in addition to Steam login
    2. Require re-login (re-captcha) periodically (once per week)
    - anything that ruins the user experience is just bad, if it won't fully stop phishers and will only annoy regular users then it's useless

TF2Outpost isn't the only website that's experiencing this problem. Anywhere there are possible victims there will be phishers and sadly there's nothing there can be done about it.
Last edited by norby89; 23 Jul, 2014 @ 8:30am
#1
lukey pooky 23 Jul, 2014 @ 8:50am 
Yeah, it's getting pretty ridiculous. Yesterday I bumped a couple of my trades and I got added by 3 phisher bots at the same exact time. I have a routine down now, report, block, unfriend. I checked yesterday and I have over 50 phisher bots on steam blocked. I've noticed a new breed of phisher bots. These ones are programmed to have simple conversations with you. The first bot I got added was pretty convincing, but of course the steam link was clearly fake. These new bots are set to give you a message every 10 seconds or so. The first one is, "Hey mate." And it goes on from there. VALVE PLZ FIX
#2
Pieguy 23 Jul, 2014 @ 9:46am 
is a phishing bot where they send you some random crap about their freind and give you a link to an account? cause thats happened to me like a hundred times if so.
Last edited by Pieguy; 23 Jul, 2014 @ 9:48am
#3
Meticcio 23 Jul, 2014 @ 10:24am 
By now I'm used to block and point out, there is nothing else to do..
#4
NiceTraderJoe 23 Jul, 2014 @ 11:10am 
@ Men without hats: You are correct.

@ Lukey Pooky: I hate to say it but I'm glad I'm not the only one. :-(

@ Norby89: Regular users are annoyed. It would be greatly appreciated if the site would at least attempt to produce some kinds of countermeasures. Any reduction in phishing bot effectiveness is a reduction in phishing bot effectiveness. "Uuugh, why is there a captcha now?" "It reduces phishing bots by 25%" "Ohh, those bots are annoying a crap! Thanks for trying to do something about it!" However, the current message seems to be, "We can't fully solve the issue, therefore we will do nothing at all to try to solve the issue." How is this better?
#5
Pieguy 23 Jul, 2014 @ 11:56am 
thanks nice trader joe
#6
norby89 23 Jul, 2014 @ 12:17pm 
Originally posted by NiceTraderJoe:
@ Norby89: Regular users are annoyed. It would be greatly appreciated if the site would at least attempt to produce some kinds of countermeasures. Any reduction in phishing bot effectiveness is a reduction in phishing bot effectiveness. "Uuugh, why is there a captcha now?" "It reduces phishing bots by 25%" "Ohh, those bots are annoying a crap! Thanks for trying to do something about it!" However, the current message seems to be, "We can't fully solve the issue, therefore we will do nothing at all to try to solve the issue." How is this better?
Absolutely not. The current message is "We can't fully solve the issue, however we have done everything possible within our powers to try and stop or at least slow them down". There's only so much we can do and you cannot ask us to do the impossible. We're open for new suggestions however these ideas have been discussed dozens of times and we always reached the same conclusion.

Can you fully stop them? Sure, let's hide everyone's Steam IDs so that we have little site where we can view each other's trades without actually being able to trade anything since we cannot add anyone. Bottom line is you cannot do anything that would not render the site unusable for regular users, after all those who scrape the site for IDs are regular users as well.

I am not sure if you've been using the site about a year ago or if you remember how phishers spammed every trade with tons of posts every day. Thanks to various tools and warnings that have been implemented you rarely see phishers on the site any more. What did phishers do? They moved on and starting adding people on Steam and that is simply out of our reach now.

Saying that nothing has been done about it is completely false, we're all tired of the countless adds each day and everyone complaining is doing no help. It's simple to point the finger and say "do something" but nobody ever came up with a solution that would put an end to this once and for all.
#7
< >
Showing 1-7 of 7 comments
Per page: 1530 50

All Discussions > General Discussions > Topic Details
Date Posted: 23 Jul, 2014 @ 6:52am
Posts: 7
Start a New Discussion

Discussions Rules and Guidelines