STEAM GROUP
TF2 Outpost by Fanbyte
Membership by invitation only
STEAM GROUP
TF2 Outpost by Fanbyte
160,744
MEMBERS
4,021
IN-GAME
32,187
ONLINE
Founded
7 August, 2011
Language
English
Overview Announcements Discussions Events Members Comments Curator
This topic has been locked
NiceTraderJoe 23 Jul, 2014 @ 1:42pm
RE: Phishing Bots and How to Stop Them
Hey Norby89,

Thank you for your reply.

I understand that the previous bot operation was to spam the site directly. You guys have done a terrific job of squashing that mode.

Now there is a new mode of harvesting trader information directly from the site and using that to phish directly to traders. The message I am receiving concerning this new method is, "nothing can stop it completely once and for all so we're not even going to try; it's completely out of our hands."

Originally posted by Norby89:
Can you fully stop them? Sure, let's hide everyone's Steam IDs so that we have little site where we can view each other's trades without actually being able to trade anything since we cannot add anyone. Bottom line is you cannot do anything that would not render the site unusable for regular users, after all those who scrape the site for IDs are regular users as well.

Steam IDs should be treated as important protected information. They are currently out in the open for anonymous use. The message that I am receiving from the above statement is, "if we do any countermeasures, it is guaranteed to render the site useless." The message I am trying to convey is, "having free and open Steam IDs is bad and should be made more difficult for bots to access while having little impact on users." Yes, my statement implies that there will be an impact on users.

I am likely out of the loop as far as new site scraper countermeasures. What has been done recently to protect Steam ID information from scraper bots?

My current suggestions:

  • A captcha to reach site links containing Steam IDs (fights scraping)
  • Log user activity and analyze for potential bot accounts
  • Help Steam by collecting and reporting bots and hijacked accounts
  • NEW: Provide a wiki for articles about phishing, bots, proposed and current site countermeasures, etc. (not a sticky thread 200+ posts)
  • NEW: Trade through Steam Trade Offers rather than direct friending (can friend after offer)

The reason I bring all this up is because I love the site. It has worked great in the past. The site is currently infested with phishing bots. The site must do something or else my customers will stop using the site which will cause me to stop using the site (or vice versa). For me, old fashioned trading servers have been less annoying than Outpost recently. This is bad for both of us. :-(

What will cause more users dropping the site: phishing bots or phishing bot countermeasures?

For me, it’s the bots...

Thanks again for your help!

Joe.
< >
Showing 1-2 of 2 comments
HusKy 23 Jul, 2014 @ 2:19pm 
Regarding your points:

1. SteamID's are present almost on every single page. It's the only information that connects you and TF2OP. It's also the only piece of information provided by Steam's OpenID. You would literally have to include captcha on almost every page.
2. This would just lead to false positives.
3. These accounts are most likely created automatically. The more you report the more they make.
4. ---
5. If only everyone knew about this possibility. + Trade offers are still lacking basic features such as proper notification (not the tiny green envelope). + This doesn't stop the bots from adding people.
#1
Blue Screen of Death 23 Jul, 2014 @ 2:22pm 
Originally posted by NiceTraderJoe:
  • A captcha to reach site links containing Steam IDs (fights scraping)
  • Log user activity and analyze for potential bot accounts
  • Help Steam by collecting and reporting bots and hijacked accounts
  • NEW: Provide a wiki for articles about phishing, bots, proposed and current site countermeasures, etc. (not a sticky thread 200+ posts)
  • NEW: Trade through Steam Trade Offers rather than direct friending (can friend after offer)

No captchas will be added - most phishing accounts have humans behind them. Useless.

User activity does not indicate an account is a phishing bot or not. Having 0 trades or rarely using the site would match several thousand accounts, and some of the phishing accounts are active but hijacked accounts.

Steam doesn't care.

A wiki is a dedicated application/site and we have no interest in running one. Wikis are also not designed to discuss things, but to provide a collection of information about a certain subject. A problem should not be rewarded with a site to talk about it, it should be solved by the only party that can do something about it, in this case Steam. A new thread explaining the matter is expected to replace the current one.

Trade offers are already available on the site, people are welcome to add their URLs on the settings page and avoid direct adds. We can't force people to stop accepting friend requests - we do not own Steam.

None of your suggestions solve the problem. If people complain on Steam forums instead of doing it here all the time, maybe things will change.

#2
< >
Showing 1-2 of 2 comments
Per page: 1530 50

All Discussions > General Discussions > Topic Details
Date Posted: 23 Jul, 2014 @ 1:42pm
Posts: 2
Start a New Discussion

Discussions Rules and Guidelines