Originally posted by Lordere:

Is there a way to filter web access to these programms browsing every single trader or trade on the site and sending them Friend requests?

Phishers are actively banned from the site, they don't last long after they first log in.

Originally posted by Lordere:

Is Valve & Outpost aware of this issue , and have yet tryed to do something efficient against it?

Yes and so far all they did is annoy users.

Originally posted by Lordere:

Can a trade be hidden for People having a steamaccount level below 10?

Even if you don't use Outpost at all you will be added by phishers, that would just be discriminatory.

Originally posted by Lordere:

Introduce Captchas algorithms on Outpost when accessing or requesting offers or to see steamid & steamlink of a trader.

This will never happen. Besides there are safety measures implemented already, try to quickly view/add a few Steam profiles and see what happens.

Originally posted by Lordere:

Making Login necessary for being able to see offers.

It would ruin the site's SEO.

Originally posted by Lordere:

Veryfing Account authenticity as used method to acces the webserver.

As I mentioned above phishers are actively banned, there's no need for that as it would only alienate a portion of the userbase.

i had about 15 "friend" request TO DAY. all of them were [PRIVATE],all had the same picture ,sometimes the same name and all level 0.

so annoying.

For the first one you presume only logged in users are banned with their IP address as the account aswell, but take the case that someone without an account (the script used for the bots) just needs to trackdown the offers owner steamaccount and add him directly on steam by just checking every trade and the Trader and adding them into a Database which will be used as a source for adding the user saved in it.Basically it saves the SteamID first and then the Id is reinjected for adding the user without using the browser or the Add function of the Add Button.

For the second I cant really express myself on this , I just find it ridiculous not securing the way the services are used in general.

For the third one I would reiter my proposition by letting the choice to the trader to show the trades to people below lvl10 (or any lvl given) and anon users.IMO Yes it would be discriminatory , but if a Trader has the choice to chose whom he wishes to trade with and filter people he doesnt wants to trade with it would be a proper feature and actually be the choice of the trader and not the website itself.I can relate that it would force lot of people to lvl up their accounts , but so do the people who own many fake accounts that have a lvl ranged between
0-7.It would be for mysellf more a security feature .

For the Fourth one I just think these security measures ain't efficient enough to filter out those people who manage to scam people by using simple scripts to acquire Data on their Target/s.
Because as I see it the default user has to use the webbrowser and use function/button on the website. The "hacker" more like "skiddy" just takes a path without involving using the browser and is "scanning" the website on the available elements which includes the link of the Traders Steam ID.The path for acquiring the user /user/xxxx/resolve/community seems more that the script is requesting the Link which returns the steam ID link which doesnt seems to have any checks inbetween for veryfing the users authenticity/acces method and gives a path for saving in mass users trading/registered on the website in a Database.
I might be ignorant on some points maybe but this seems the most logical case imo.

Fifth one If it ruins the Sites's SEO by just showing public offers i might resuggest by giving the option to privatise the profiles on the site itself which means they will show a custom name on the site for the steam user and adding or see the steamprofile is hidden. Altough it will still be possible to post messages in trades or the profile itself. This option could aplly with Public,registered users only , Friends only , Private. [A bit like FB]

Sixth one It might be true the phisher are actively banned , but as soon as a phisher account is banned , a new one is created by the owner of the old one. It's for that matter if the website or Information is requested on the site that it cannot be requested by software or programms not conventionnaly used for this (which excludes browsers unconventionnaly and conventionnaly used and includes unwanted scripts/programms downloading entire webpages for the purpose of scanning & reuse them).

So globally I'd suggest to giving the option to limit how much you want to share on the website with other users but still giving the ease to make trades as they are now.

If I said some nonesense just enlighten me please ;)
Tonculte

Originally posted by ARC-TEMPALR:

i had about 15 "friend" request TO DAY. all of them were [PRIVATE],all had the same picture ,sometimes the same name and all level 0.

so annoying. :sr4paul:

I feel for you :/ ; Im already at Quota of 1-3 adds per day from Bots only , just keeping pressing the block & report button over and over .
Seems as It wont stop and never will till some changes happen.
Therefore it might involve Valve investing more in securing their service than into Games and other things . I'm not sayng that nothing was made but still there are a lot of holes that need to be closed.
Tonculte

Originally posted by Lordere:

For the first one you presume only logged in users are banned with their IP address as the account aswell, but take the case that someone without an account (the script used for the bots) just needs to trackdown the offers owner steamaccount and add him directly on steam by just checking every trade and the Trader and adding them into a Database which will be used as a source for adding the user saved in it.Basically it saves the SteamID first and then the Id is reinjected for adding the user without using the browser or the Add function of the Add Button.

There are dozens of trading sites, they don't need Outpost to do this. They don't even need to see a trade. The Web API is public, anybody in the world can farm Steam IDs from an unlimited amount of sources (steam forums, steam groups, steam-related sites, trading sites, reddit, etc).

Originally posted by Lordere:

For the third one I would reiter my proposition by letting the choice to the trader to show the trades to people below lvl10 (or any lvl given) and anon users.IMO Yes it would be discriminatory , but if a Trader has the choice to chose whom he wishes to trade with and filter people he doesnt wants to trade with it would be a proper feature and actually be the choice of the trader and not the website itself.I can relate that it would force lot of people to lvl up their accounts , but so do the people who own many fake accounts that have a lvl ranged between
0-7.It would be for mysellf more a security feature .

There are thousands of legitimate users with low levels. It's their choice if they want to spend money on levels or not, we will not implement features that will make harder for innocent people to trade, or force them into spending money to properly use the site.

Originally posted by Lordere:

For the Fourth one I just think these security measures ain't efficient enough to filter out those people who manage to scam people by using simple scripts to acquire Data on their Target/s.
Because as I see it the default user has to use the webbrowser and use function/button on the website. The "hacker" more like "skiddy" just takes a path without involving using the browser and is "scanning" the website on the available elements which includes the link of the Traders Steam ID.The path for acquiring the user /user/xxxx/resolve/community seems more that the script is requesting the Link which returns the steam ID link which doesnt seems to have any checks inbetween for veryfing the users authenticity/acces method and gives a path for saving in mass users trading/registered on the website in a Database.
I might be ignorant on some points maybe but this seems the most logical case imo.

The site does not allow one to requests too many Steam IDs at a time. And like I already said, they don't need Outpost to do this - even if we blocked IDs entirely they would still add people from their already compiled ID database.

Originally posted by Lordere:

Fifth one If it ruins the Sites's SEO by just showing public offers i might resuggest by giving the option to privatise the profiles on the site itself which means they will show a custom name on the site for the steam user and adding or see the steamprofile is hidden. Altough it will still be possible to post messages in trades or the profile itself. This option could aplly with Public,registered users only , Friends only , Private. [A bit like FB]

(a) this would still ruin SEO and (b) no trading site will ever allow people to keep private profiles/inventories - that's one of the ways we catch scammers.

Originally posted by Lordere:

Sixth one It might be true the phisher are actively banned , but as soon as a phisher account is banned , a new one is created by the owner of the old one. It's for that matter if the website or Information is requested on the site that it cannot be requested by software or programms not conventionnaly used for this (which excludes browsers unconventionnaly and conventionnaly used and includes unwanted scripts/programms downloading entire webpages for the purpose of scanning & reuse them).

It is Steam fault for allowing people to create thousands of accounts, not ours. We don't have the tools to control who owns an account or how many accounts one may have.

Conclusion: It's up to Steam to fix this problem at this point, and they don't care enough to do it.

You are implying a lot of things without actually knowing how phishers operate, blaming Outpost as their main source. In fact I haven't had an open trade in months and yet I still get added by a dozen phishers daily. How can you explain that?

Well I dont know much about how steam operate their system , neither how the Outpost uses the steam API ,sure I'm implyng lot of things and there are a Lot of other things I don't know about but it seems to me that the Issue of Scambots should be pointed out and handled.

As for why a bot can add you even after you haven't made a trade since 1 year I might just suggest this because lot of different things , either because you're from Outpost staff (which makes you a priority target) ,or a friend of yours has been phished by a bot and acquired you from his friendsllist , or because you've got added because you're an user from outpost, and I pass many other examples.
(I understand the point that outpost isn't the main place where phishers get their accounts from, but by making it harder for them to use outpost as such , it would imo be an improvement overall towards making outpost safer( less scamadds in general because of a trade for someone who's using outpost))

Altough I know there have surely been lots of security features added to outpost (as the one you've mentionned for queryng too much steam ID's at a time) :
-Have there been some real securing improvement towards scambots from steam or Outpost in the past years?
(not like : yes, but all what those features did was just accomplish to annoy users even more)

Also what would you suggest then to improve Outpost(or steam) overall against Scambots and which other features should be implemented for being able to accomplish that?

Tonculte

My point was that even if you got rid of every single phisher using Outpost, it wouldn't fix the problem as a whole. So what's the point of implementing features that will only be detrimental to the user experience. This issue isn't new and all the improvements you suggested have been discussed in the past and the ones that made sense have been implemented. There's only so much you can do though, it's impossible to solve the problem and the most you can do is slow them down. That's until Steam comes up with safety measures that are actually useful and not just features that annoy users even more.

I see,
So basically Outpost's dependent from steam and can't make any further safety improvement until they decided to do something.
I might be guessing that Outpost certainly asked multiple times steam about how they could resolve the matter , and got in response 'We're tryng our best out here , so just wait please'.
But is steam yet actually really planing something in the near future (if it will) to fix the issue of Scambots ? Or is it just that nothing will be done till this escalates to a no return point?

Suggestion:
Well might just finally suggest (if it hasn't already been suggested or is seen as detrimential to the user experience) raise awareness to Outpost's Users about Scambots (and Scammers in General and not just warning about it mostly in the forums) since lot of people seem to fall in those traps nowadays .
(don't know how , maybe like having a Sidebar with common tipps/Warnings which shows this type of information/ or like replacing a small add div with the warning every x time y is made)

Tonculte