[L4D2/Any] Intentional Steam Group ID leeching and harassment #7271
Comments
|
[Suggested Solutions] 1. Verification required: Add a button in the "Officer Tools" in edit group profile page that allows us to verify the server against the group, this works by changing the command "hostname" in the server.cfg for the server to "SteamGroupClaimServer", once we click on Verify Server button, Steam checks the server name and if it matches "SteamGroupClaimServer", it associates this server with this steam group, admin can later change the server name in the server.cfg file back to it's original name, this idea is similar to GameTracker's concept of taking ownership of a server. Concept Image: https://ibb.co/ycbsBGfL GameTracker's concept: https://ibb.co/7JWkqh6h 2. Hide the Steam Group ID from the Steam Group's page, or change the method of verification altogether: Currently there's 3 known methods to obtain the steam group ID using inspect element method on the steam group's page, there are other ways to also obtain the ID from the group's SteamID64. This process is very exploitable because there's no verification for the servers being attached to the steam group, having the steam group ID as public information exposes communities and server owners to be leeched on by other communities or users who malicious intent (creating fake servers with NSFW images/threats/harassment). |
Uh oh!
There was an error while loading. Please reload this page.
[Explanation]
The server cvar "sv_steamgroup" is used to assign source dedicated servers to a steam group, so when players join the server, they can see "Join this server's steam group" option in the message of the day and they can join the group so they can later find the servers at the right corner of their game, as shown here:
https://ibb.co/99RLG7q7
Server owners use their own Steam Group ID that they obtain from their admin page on the group and place it in "sv_steamgroup" so that their servers show up for everyone in their own group.
[Issue]
Anyone can obtain a steam group's ID by using certain "exploits" or ways that exposes a group's ID without having admin access, there's currently at least 3 ways you can do this from the group's steam page.
Certain notorious server owners have targeted certain groups and obtained their IDs and created multiple fake servers and attached them to the original steam group, they've used fake names to harass other server owners, and also renamed those servers to match the exact names of the original group servers, so that players cannot tell which are the original servers and which are the leech, as shown here:
https://streamable.com/zdpwv8
Only 7 of those servers are original, the rest are leech, this has been happening for years and years, the only reason it didn't get attention before is it was used to leech a server to another community's server to gain attraction from the number of players they have, free marketing basically, but now it is also being used to harass other server owners and try to sabotage them and do as much damage as possible, I've already reported this before on Steam Discussions here: https://steamcommunity.com/app/550/discussions/0/4338735599617471438/
[Solution]
Block the group ID from being exposed on the steam group page, add an additional verification process to confirm that this server belongs to this group (like on GameTracker), or scrap the whole feature altogether and find another way, that doesn't rely on a feature that is very easy to exploit and be used to harass other server owners.
The text was updated successfully, but these errors were encountered: