YouTube: Sign in to confirm you’re not a bot
robinfriedli opened this issue · 35 comments
Looks like YouTube have come up with something new, every track now fails with ;Sign in to confirm you’re not a bot.
Unfortunately I do not have a stack trace / more information yet. Lavaplayer reports it as common error and I do not log more information for common errors. The error only occurs in production, works fine locally, I assume YouTube flags your IP but I already am rotating a /48 subnet.
I assume you're using a versioned release (such as 1.3.0). Could you try the latest commit from the patch/drop-cookies branch, which prevents the storing of cookies set by YouTube, which should make it a little more difficult to identify IP addresses within a block as being used by the same client.
implementation("dev.lavalink.youtube:<MODULE>:b2c8c070cdc4caa1fa93d0d7ac3f9d468bfa27a8-SNAPSHOT")Yup, using b2c8c07-SNAPSHOT fixes it, thanks
Actually, I spoke to soon, broken again.
What clients are you using?
Btw, I'm using a /48 subnet for rotation. Not sure if YouTube would ban such a huge range or if it's some of the /64 subnets within that range that get banned.
What clients are you using?
Just default, so new Music(), new Web(), new Android(), new TvHtml5Embedded()
Can you try any of the other clients (ANDROID_TESTSUITE is the only other client that receives opus formats fwiw)?
Who is the provider of your /48? And what is your rotation strategy?
hurricane electric and RotatingNanoIpRoutePlanner
Probably unrelated, but is providing a username and password for age restricted videos not a thing anymore?
I've added the AndroidTestsuite client and it does not seem to have changed anything
Could be your IP block is flagged. Maybe the cookie thing is a solution but won't have any effect until your IPs are un-flagged
Probably unrelated, but is providing a username and password for age restricted videos not a thing anymore?
Correct. There were security concerns and a lot of code required to support that, and it was beginning to break so it was not kept.
Yeah it's probably that. My server that uses the hurricane electric tunnel seems fine actually, it's just my other server that has a /48 from galaxygate that has this problem
So from what I'm gathering after a bit of investigative work, YouTube is identifying large amounts of traffic from certain providers which is causing them to challenge requests originating from the ASNs of those providers. You could try rotate over a block larger than a /48 or switch to a provider who is not commonly used for music bots and the like but I can't guarantee how long this workaround would last.
The only other alternative is to reimplement account authentication but I'm not super enthusiastic about this given the amount of code required to support this, and there's no telling what YouTube will do in the future, whether they start banning accounts associated with bot traffic or restricting their ability to stream unchallenged. Additionally, there were security concerns with the old method of logging into accounts that would very much need to be addressed if this was to be reimplemented as a feature.
Would something like the grayjay app implementation of the youtube authentication help? Theirs is written in javascript but could be still useful
Well i also have the same issue on my Rasperry pi and my Debian server but not on my Win 10 pc on my pc it works fine
Btw, my server has not been unflagged yet, seems unlikely this one's temporary (until you sign in that is)
Certain ASNs are flagged. It's likely to remain flagged as long as there's suspicious traffic, or perhaps even forever if it's a popular server host (such as OVH).
I've disabled the server since it got flagged, just launched a test instance of my bot to check. The affected server has a galaxygate /48, not sure if they are popular enough for youtube to care. Ironically the other server using a /48 from tunnelbroker is fine, would expect youtube to me more suspicious about that one. It does seem like youtube just keeps you flagged until you sign in
I'm using the 1.4.0 latest version and now this issue is likely to happen once more
Load failed
com.sedmelluq.discord.lavaplayer.tools.FriendlyException: This video requires login.
at dev.lavalink.youtube.clients.skeleton.Client.getPlayabilityStatus(Client.java:91) ~[youtube-plugin-1.4.0.jar!/:na]
at dev.lavalink.youtube.clients.skeleton.NonMusicClient.loadTrackInfoFromInnertube(NonMusicClient.java:98) ~[youtube-plugin-1.4.0.jar!/:na]
at dev.lavalink.youtube.clients.skeleton.NonMusicClient.loadVideo(NonMusicClient.java:319) ~[youtube-plugin-1.4.0.jar!/:na]
at dev.lavalink.youtube.YoutubeAudioSourceManager.lambda$routeFromVideoId$6(YoutubeAudioSourceManager.java:309) ~[youtube-plugin-1.4.0.jar!/:na]
at dev.lavalink.youtube.YoutubeAudioSourceManager.loadItemOnce(YoutubeAudioSourceManager.java:185) ~[youtube-plugin-1.4.0.jar!/:na]
at dev.lavalink.youtube.YoutubeAudioSourceManager.loadItem(YoutubeAudioSourceManager.java:151) ~[youtube-plugin-1.4.0.jar!/:na]
at com.sedmelluq.discord.lavaplayer.player.DefaultAudioPlayerManager.checkSourcesForItemOnce(DefaultAudioPlayerManager.java:406) ~[lavaplayer-1.5.4.jar!/:na]
at com.sedmelluq.discord.lavaplayer.player.DefaultAudioPlayerManager.checkSourcesForItem(DefaultAudioPlayerManager.java:388) ~[lavaplayer-1.5.4.jar!/:na]
at com.sedmelluq.discord.lavaplayer.player.DefaultAudioPlayerManager.lambda$createItemLoader$0(DefaultAudioPlayerManager.java:183) ~[lavaplayer-1.5.4.jar!/:na]
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:840) ~[na:na]
Suppressed: com.sedmelluq.discord.lavaplayer.tools.exception.EnvironmentInformation:
I'm having a similar issue:
{'message': 'Sign in to confirm you’re not a bot', 'severity': 'common', 'cause': 'com.sedmelluq.discord.lavaplayer.tools.FriendlyException: Sign in to confirm you’re not a bot'}
Ipv6 rotation is enabled.
Hello any solution to this?
Don't clog up this issue with bumps about an update. One will be posted when there's something to share. A quick glance at the "Pull Requests" tab would've revealed to you #33
{'message': 'Sign in to confirm you’re not a bot', 'severity': 'common', 'cause': 'com.sedmelluq.discord.lavaplayer.tools.FriendlyException: Sign in to confirm you’re not a bot'}
On version plugin v1.5.0 with lavalink v4.0.7
Yes, I am aware this is an ongoing issue. There is a PR that aims to address this. #33
Sign in to confirm you're not a bot. it is also present in the plugin version v1.6.0 ... do you have any idea how to solve it??
Sign in to confirm you're not a bot. it is also present in the plugin version v1.6.0 ... do you have any idea how to solve it??
https://github.com/lavalink-devs/youtube-source/tree/feat/oauth-integration use this branch
Sign in to confirm you're not a bot. it is also present in the plugin version v1.6.0 ... do you have any idea how to solve it??
https://github.com/lavalink-devs/youtube-source/tree/feat/oauth-integration use this branch
Ok but do I get the authtoken from the youtube api token?
Read the README on that branch.
Read the README on that branch.
I can't figure out how to get the oauth Token refresh... can you tell me how to do...?
Read the README on that branch.
I can't figure out how to get the oauth Token refresh... can you tell me how to do...?
when you have done the oauth in the Lavalink console you should see the refresh token and you can add it to the application.yaml
Read the README on that branch.
I can't figure out how to get the oauth Token refresh... can you tell me how to do...?
when you have done the oauth in the Lavalink console you should see the refresh token and you can add it to the application.yaml
2024-08-17 12:56:13.322 INFO 1 --- [main] lavalink.server.Launcher : Starting Launcher using Java 21.0.3 on d35cfbbf-29e2-4765-960d-5e30760e1a35 with PID 1 (/home/container/server.jar started by ? in /home/container)
2024-08-17 12:56:13.328 INFO 1 --- [main] lavalink.server.Launcher : No active profile set, falling back to 1 default profile: "default"
2024-08-17 12:56:17.523 INFO 1 --- [main] lavalink.server.bootstrap.PluginManager : Found plugin 'youtube-plugin' version 1.6.0
2024-08-17 12:56:17.535 INFO 1 --- [main] lavalink.server.bootstrap.PluginManager : Loaded youtube-plugin-1.6.0.jar (11 classes)
2024-08-17 12:56:19.130 INFO 1 --- [main] lavalink.server.Launcher : Started Launcher in 8.206 seconds (JVM running for 10.764)
2024-08-17 12:56:19.132 INFO 1 --- [main] lavalink.server.Launcher : You can safely ignore the big red warning about illegal reflection. See lavalink-devs/Lavalink#295
2024-08-17 12:56:19.434 INFO 1 --- [main] lavalink.server.Launcher :
�[32m . �[31m _ _ _ _ �[32m__ _ _
�[32m /\ �[31m| | __ ___ ____ | ()_ __ | | __�[32m\ \ \
�[32m ( ( )�[31m| |/ \ \ / / _ | | | ' | |/ /�[32m \ \ \
�[32m \/ �[31m| | (| |\ V / (| | | | | | | < �[32m ) ) ) )
�[32m ' �[31m||_,| _/ _,|||| |||_\�[32m / / / /
�[0m =========================================�[32m///_/�[0m
Version: 3.7.12
Build time: 05.05.2024 20:58:03 UTC
Branch HEAD
Commit: 98115f4
Commit time: 05.05.2024 20:43:02 UTC
JVM: 21.0.3
Lavaplayer 1.5.4
2024-08-17 12:56:19.524 INFO 1 --- [main] lavalink.server.Launcher : No active profile set, falling back to 1 default profile: "default"
2024-08-17 12:56:22.936 WARN 1 --- [main] io.undertow.websockets.jsr : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used
2024-08-17 12:56:23.033 INFO 1 --- [main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext
2024-08-17 12:56:23.033 INFO 1 --- [main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 3505 ms
2024-08-17 12:56:26.330 INFO 1 --- [main] c.s.d.l.tools.GarbageCollectionMonitor : GC monitoring enabled, reporting results every 2 minutes.
2024-08-17 12:56:27.237 WARN 1 --- [main] dev.lavalink.youtube.clients.Android : ANDROID is broken with no known fix. It is no longer advised to use this client.
2024-08-17 12:56:27.330 INFO 1 --- [main] d.l.youtube.plugin.YoutubePluginLoader : YouTube source initialised with clients: WEB_REMIX, ANDROID, WEB, ANDROID_TESTSUITE, ANDROID_LITE, MEDIA_CONNECT_FRONTEND, IOS, TVHTML5_SIMPLY_EMBEDDED_PLAYER
2024-08-17 12:56:27.827 INFO 1 --- [main] lavalink.server.config.KoeConfiguration : OS: LINUX, Arch: X86_64
2024-08-17 12:56:27.827 INFO 1 --- [main] lavalink.server.config.KoeConfiguration : Enabling JDA-NAS
2024-08-17 12:56:27.830 INFO 1 --- [main] c.s.l.c.natives.NativeLibraryLoader : Native library udpqueue: loading with filter null
2024-08-17 12:56:27.833 INFO 1 --- [main] c.s.l.c.natives.NativeLibraryLoader : Native library udpqueue: successfully loaded.
2024-08-17 12:56:28.128 WARN 1 --- [main] l.server.config.SentryConfiguration : Turning off sentry
2024-08-17 12:56:29.330 INFO 1 --- [main] io.undertow : starting server: Undertow - 2.2.16.Final
2024-08-17 12:56:29.429 INFO 1 --- [main] org.xnio : XNIO version 3.8.6.Final
2024-08-17 12:56:29.435 INFO 1 --- [main] org.xnio.nio : XNIO NIO Implementation Version 3.8.6.Final
2024-08-17 12:56:29.932 INFO 1 --- [main] org.jboss.threads : JBoss Threads version 3.1.0.Final
2024-08-17 12:56:30.040 INFO 1 --- [main] o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 30944 (http)
2024-08-17 12:56:30.043 INFO 1 --- [main] lavalink.server.Launcher : Started Launcher in 10.908 seconds (JVM running for 21.678)
2024-08-17 12:56:30.044 INFO 1 --- [main] lavalink.server.Launcher : Lavalink is ready to accept connections.
I have this on logs start lavalink i don't see the refresh token ... :/
Read the README on that branch.
I can't figure out how to get the oauth Token refresh... can you tell me how to do...?
when you have done the oauth in the Lavalink console you should see the refresh token and you can add it to the application.yaml
2024-08-17 12:56:13.322 INFO 1 --- [main] lavalink.server.Launcher : Starting Launcher using Java 21.0.3 on d35cfbbf-29e2-4765-960d-5e30760e1a35 with PID 1 (/home/container/server.jar started by ? in /home/container) 2024-08-17 12:56:13.328 INFO 1 --- [main] lavalink.server.Launcher : No active profile set, falling back to 1 default profile: "default" 2024-08-17 12:56:17.523 INFO 1 --- [main] lavalink.server.bootstrap.PluginManager : Found plugin 'youtube-plugin' version 1.6.0 2024-08-17 12:56:17.535 INFO 1 --- [main] lavalink.server.bootstrap.PluginManager : Loaded youtube-plugin-1.6.0.jar (11 classes) 2024-08-17 12:56:19.130 INFO 1 --- [main] lavalink.server.Launcher : Started Launcher in 8.206 seconds (JVM running for 10.764) 2024-08-17 12:56:19.132 INFO 1 --- [main] lavalink.server.Launcher : You can safely ignore the big red warning about illegal reflection. See lavalink-devs/Lavalink#295 2024-08-17 12:56:19.434 INFO 1 --- [main] lavalink.server.Launcher :
�[32m . �[31m _ _ _ _ �[32m__ _ _ �[32m /\ �[31m| | __ ___ ____ | ()_ __ | | �[32m\ \ \ �[32m ( ( )�[31m| |/
\ \ / / _| | | ' | |/ /�[32m \ \ \ �[32m / �[31m| | (| |\ V / (| | | | | | | < �[32m ) ) ) ) �[32m ' �[31m|_|,| / __,|||| |||\�[32m / / / / �[0m =========================================�[32m////�[0mVersion: 3.7.12 Build time: 05.05.2024 20:58:03 UTC Branch HEAD Commit: 98115f4 Commit time: 05.05.2024 20:43:02 UTC JVM: 21.0.3 Lavaplayer 1.5.42024-08-17 12:56:19.524 INFO 1 --- [main] lavalink.server.Launcher : No active profile set, falling back to 1 default profile: "default" 2024-08-17 12:56:22.936 WARN 1 --- [main] io.undertow.websockets.jsr : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used 2024-08-17 12:56:23.033 INFO 1 --- [main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext 2024-08-17 12:56:23.033 INFO 1 --- [main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 3505 ms 2024-08-17 12:56:26.330 INFO 1 --- [main] c.s.d.l.tools.GarbageCollectionMonitor : GC monitoring enabled, reporting results every 2 minutes. 2024-08-17 12:56:27.237 WARN 1 --- [main] dev.lavalink.youtube.clients.Android : ANDROID is broken with no known fix. It is no longer advised to use this client. 2024-08-17 12:56:27.330 INFO 1 --- [main] d.l.youtube.plugin.YoutubePluginLoader : YouTube source initialised with clients: WEB_REMIX, ANDROID, WEB, ANDROID_TESTSUITE, ANDROID_LITE, MEDIA_CONNECT_FRONTEND, IOS, TVHTML5_SIMPLY_EMBEDDED_PLAYER 2024-08-17 12:56:27.827 INFO 1 --- [main] lavalink.server.config.KoeConfiguration : OS: LINUX, Arch: X86_64 2024-08-17 12:56:27.827 INFO 1 --- [main] lavalink.server.config.KoeConfiguration : Enabling JDA-NAS 2024-08-17 12:56:27.830 INFO 1 --- [main] c.s.l.c.natives.NativeLibraryLoader : Native library udpqueue: loading with filter null 2024-08-17 12:56:27.833 INFO 1 --- [main] c.s.l.c.natives.NativeLibraryLoader : Native library udpqueue: successfully loaded. 2024-08-17 12:56:28.128 WARN 1 --- [main] l.server.config.SentryConfiguration : Turning off sentry 2024-08-17 12:56:29.330 INFO 1 --- [main] io.undertow : starting server: Undertow - 2.2.16.Final 2024-08-17 12:56:29.429 INFO 1 --- [main] org.xnio : XNIO version 3.8.6.Final 2024-08-17 12:56:29.435 INFO 1 --- [main] org.xnio.nio : XNIO NIO Implementation Version 3.8.6.Final 2024-08-17 12:56:29.932 INFO 1 --- [main] org.jboss.threads : JBoss Threads version 3.1.0.Final 2024-08-17 12:56:30.040 INFO 1 --- [main] o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 30944 (http) 2024-08-17 12:56:30.043 INFO 1 --- [main] lavalink.server.Launcher : Started Launcher in 10.908 seconds (JVM running for 21.678) 2024-08-17 12:56:30.044 INFO 1 --- [main] lavalink.server.Launcher : Lavalink is ready to accept connections.
I have this on logs start lavalink i don't see the refresh token ... :/
show the config file
show the config file
Are you talking about application.yml?
show the config file
Are you talking about application.yml?
yes
show the config file
Are you talking about application.yml?
yes
server: # REST and WS server
port: 30944
address: 0.0.0.0
plugins:
youtube:
enabled: true
clients: ["MUSIC", "ANDROID", "WEB", "ANDROID_TESTSUITE", "ANDROID_LITE", "MEDIA_CONNECT", "IOS", "TVHTML5EMBEDDED"]
oauth:
# setting "enabled: true" is the bare minimum to get OAuth working.
enabled: true
# you may optionally set your refresh token if you have one, which skips the OAuth flow entirely.
# once you have completed the oauth flow at least once, you should see your refresh token within your
# lavalink logs, which can be used here.
refreshToken: "your refresh token, only supply this if you have one!"
# Set this if you don't want the OAuth flow to be triggered, if you intend to supply a refresh token
# later on via REST routes. Initialization is skipped automatically if a valid refresh token is supplied.
skipInitialization: true
lavalink:
plugins:
- dependency: "group:artifact:version"
repository: "repository"
server:
password: "dbsradio"
sources:
youtube: false
bandcamp: true
soundcloud: true
twitch: true
vimeo: true
http: true
local: false
filters: # All filters are enabled by default
volume: true
equalizer: true
karaoke: true
timescale: true
tremolo: true
vibrato: true
distortion: true
rotation: true
channelMix: true
lowPass: true
bufferDurationMs: 400 # The duration of the NAS buffer. Higher values fare better against longer GC pauses. Duration <= 0 to disable JDA-NAS. Minimum of 40ms, lower values may introduce pauses.
frameBufferDurationMs: 5000 # How many milliseconds of audio to keep buffered
opusEncodingQuality: 10 # Opus encoder quality. Valid values range from 0 to 10, where 10 is best quality but is the most expensive on the CPU.
resamplingQuality: LOW # Quality of resampling operations. Valid values are LOW, MEDIUM and HIGH, where HIGH uses the most CPU.
trackStuckThresholdMs: 10000 # The threshold for how long a track can be stuck. A track is stuck if does not return any audio data.
useSeekGhosting: true # Seek ghosting is the effect where whilst a seek is in progress, the audio buffer is read from until empty, or until seek is ready.
youtubePlaylistLoadLimit: 6 # Number of pages at 100 each
playerUpdateInterval: 5 # How frequently to send player updates to clients, in seconds
youtubeSearchEnabled: true
soundcloudSearchEnabled: true
gc-warnings: true
#ratelimit:
#ipBlocks: ["1.0.0.0/8", "..."] # list of ip blocks
#excludedIps: ["...", "..."] # ips which should be explicit excluded from usage by lavalink
#strategy: "RotateOnBan" # RotateOnBan | LoadBalance | NanoSwitch | RotatingNanoSwitch
#searchTriggersFail: true # Whether a search 429 should trigger marking the ip as failing
#retryLimit: -1 # -1 = use default lavaplayer value | 0 = infinity | >0 = retry will happen this numbers times
#youtubeConfig: # Required for avoiding all age restrictions by YouTube, some restricted videos still can be played without.
#email: "" # Email of Google account
#password: "" # Password of Google account
#httpConfig: # Useful for blocking bad-actors from ip-grabbing your music node and attacking it, this way only the http proxy will be attacked
#proxyHost: "localhost" # Hostname of the proxy, (ip or domain)
#proxyPort: 3128 # Proxy port, 3128 is the default for squidProxy
#proxyUser: "" # Optional user for basic authentication fields, leave blank if you don't use basic auth
#proxyPassword: "" # Password for basic authentication
metrics:
prometheus:
enabled: false
endpoint: /metrics
sentry:
dsn: ""
environment: ""
tags:
some_key: some_value
another_key: another_value
logging:
file:
path: ./logs/
level:
root: INFO
lavalink: INFO
request:
enabled: true
includeClientInfo: true
includeHeaders: false
includeQueryString: true
includePayload: true
maxPayloadLength: 10000
logback:
rollingpolicy:
max-file-size: 1GB
max-history: 30
Join the discord server for support with this. This is a tracker specifically for monitoring the issue and not for general support.
Locking this issue again. All relevant information on setting up oauth can be found in the README of the feat/oauth-integration branch in great detail.