vindisel

The account is banned only if you use the qr login with the mobile app, because it is physically impossible to log in to the mobile app using the qr, and Steam detects this

No, there are no restrictions, only if these accounts are not used anywhere else except your server

4 hours have passed since logging in, and the account has not been blocked. If something changes, I will update the information, but at the moment, it seems that Valve authenticates the login to the mobile application using the QR code. Most likely, in order to avoid a ban, you need to transfer completely identical data from the device from which the QR code is scanned and on which device the login is made, but I have no desire to check this. But most likely this happens because you can’t log in to the mobile application using a QR code, because it is simply not available there. I think this is the reason for the ban. This should definitely be indicated in the documentation.

Thanks, I decided to leave the bots in the worker_thread, this will isolate them from each other and will not pull everyone else down with it if there is any problem.

So, through a lot of banned accounts, I found out that MobileApp is absolutely not suitable for logging in via a QR code, I think steam does not give any opportunity to use MobileApp, but how it defines me is a mystery. I will use MobileApp to log in via 2FA code and browser to log in via QR. I think this is the solution to the problem. I think that others who have encountered this have come to the same decision. However, NONE of those who solved this problem shared any information. They come for help, but they always refuse to help others. That's what scammers usually do. I have now logged in to my last account using a QR code, but using EAuthTokenPlatformType.WebBrowser. The ban comes about 3 hours after logging in. I hope everything goes well this time.

Well, I'll try to log in with this data, I don't know what will come of it. { websiteId: 'Mobile', headers: { 'user-agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Mobile/15E148 Safari/604.1', cookie: 'mobileClient=ios; mobileClientVersion=3.10.0' }, deviceDetails: { device_friendly_name: 'iPhone 13 mini', platform_type: 3, os_type: -600, gaming_device_type: 528 } }

Yes, I think Valve bans accounts if the MobileApp login differs from this MobileDeviceProperties data. It may be necessary to update the code every time and set up-to-date phone data so that there are no bans. I don't know how this is possible at all, even if my IP address is the same as on all devices where I have ever logged into my account. It looks like complete idiocy. interface ConstructorOptions { // ... mobileDeviceProperties?: MobileDeviceProperties } interface MobileDeviceProperties { mobileUserAgent?: string, // default 'okhttp/3.12.12' mobileClientVersion?: string, // default '777777 3.0.0' deviceFriendlyName?: string, // default 'Galaxy S22' osType?: number, // default EOSType.AndroidUnknown gamingDeviceType?: number, // default 528 (unknown significance) }

I also get an account ban after logging in using a QR code, but I don't even use tokens after receiving them, neither in node-steamcommunity nor in node-steam-user. Have you found a solution to the problem?

I have seen in other topics that someone gets such bans for monitoring exchanges on phishing accounts. This I DO NOT USE THIS ACCOUNT ANYWHERE, NEITHER IN node-steamcommunity, nor in node-steam-user, THIS IS MY PERSONAL ACCOUNT, I ONLY RECEIVE TOKENS, NOTHING ELSE. I use this example to authorize my account using a QR code and after a couple of hours I get banned with a notification that someone else is using my account, while I don't use any proxy in the code or VPN on my computer. This is not a coincidence, because this has already happened 3 times. In the notification, steam sends me that a suspicious login was made from MY IP address where I have the authenticator linked.🤣🤣 But in the devices I get the Galaxy S22, maybe that's the problem? I'm scanning the code from the iPhone, maybe Steam finds it suspicious? Maybe I should stop using QR input, I don't know.… But anyway, I think it's worth writing some kind of warning in the documentation about a possible account ban at the QR login. main(); async function main() { // Create our LoginSession and start a QR login session. let session = new LoginSession(EAuthTokenPlatformType.MobileApp); session.loginTimeout = 120000; // timeout after 2 minutes let startResult = await session.startWithQR(); let qrUrl = 'https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=' + encodeURIComponent(startResult.qrChallengeUrl); console.log(`Open QR code: ${qrUrl}`); session.on('remoteInteraction', () => { console.log('Looks like you\'ve scanned the code! Now just approve the login.'); }); // No need to handle steamGuardMachineToken since it's only applicable to accounts using email Steam Guard, // and such accounts can't be authed using a QR code. session.on('authenticated', async () => { console.log('\nAuthenticated successfully! Printing your tokens now...'); console.log(`SteamID: ${session.steamID}`); console.log(`Account name: ${session.accountName}`); console.log(`Access token: ${session.accessToken}`); console.log(`Refresh token: ${session.refreshToken}`); // We can also get web cookies now that we've negotiated a session let webCookies = await session.getWebCookies(); console.log('Web session cookies:'); console.log(webCookies); }); session.on('timeout', () => { console.log('This login attempt has timed out.'); }); session.on('error', (err) => { // This should ordinarily not happen. This only happens in case there's some kind of unexpected error while // polling, e.g. the network connection goes down or Steam chokes on something. console.log(`ERROR: This login attempt has failed! ${err.message}`); }); }

Yes, I use node-steamcommunity. Requests will be frequent on all bots. Thanks, so I need to provide a proxy server for each account. What about the cluster? Will it be redundant? The problem is that I don't understand what kind of power I need. I've had a couple of bots for a long time now, and everything was fine on a cheap vps, but now I want to make more bots, but I'm afraid to run into the limitations of single-threaded of node.js

I'm writing a farm and I have about 50 steam accounts. At the moment, it looks like this: I made a store where I put each logged-in account, then I use the steamid to access the desired one and perform an action. const BotInstance = new Bot('login', 'password', 'shared_secret', 'identity_secret', 'steamid'); const newBot = await accountsStore.add('steamId', BotInstance); newBot.login(); const getBot = await accountsStore.get('steamId'); getBot.addFriend('friendSteamId'); How would it be more efficient to leave it as it is or implement it all through a cluster? what kind of power is needed to support such a large number of accounts? and won't I have a problem if they're all on the same ip?

Thank you. And how long do cookies live? And will sessionExpired be triggered when they die?

How do I log in now? I am using steam-session to generate jwt tokens, but when I try to pass the token to setMobileAppAccessToken(accessToken) , I get the following error: Error: Log in to steamcommunity before installing the access token to the mobile application. In this case, why not add a login using only refreshToken? Similar to oAuthLogin or logOn in node-steam-user.

Hello, receivedOfferChanged isn't triggered when offer is accepted and expects confirmation in mobile app. It works only if offer declined or canceled receivedOfferChanged. If I accept trade and then decline, the status will change from 2 to 7, but should from 9 to 7 if i right. this.TradeOfferManager.on('newOffer', (offer) => { console.log(`New offer: ${offer.state}`) }) this.TradeOfferManager.on('receivedOfferChanged', (offer) => { console.log(`Offer changed state: ${offer.state}`) // it works if offer.state !== 9 }) "steam-tradeoffer-manager": "^2.10.3" this.TradeOfferManager = new TradeOfferManager({ community: community, pollInterval: 5000, })