Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Sign in to confirm you’re not a bot." error with YouTube videos #1588

Open
3 tasks done
MichailiK opened this issue Jun 7, 2024 · 69 comments · May be fixed by #1772
Open
3 tasks done

"Sign in to confirm you’re not a bot." error with YouTube videos #1588

MichailiK opened this issue Jun 7, 2024 · 69 comments · May be fixed by #1772

Comments

@MichailiK
Copy link
Collaborator

MichailiK commented Jun 7, 2024

Bug Description

Playing YouTube videos may fail with the error "Sign in to confirm you’re not a bot."

YouTube seems to have recently rolled out this measure. It's affecting not only third party players/clients, but also YouTube's official website & apps when logged out. Several communities have come across a few discoveries. Here's a summary of what I've seen:

  1. This is an IP block.
  2. Instead of just banning one IP, it looks YouTube is blocking whole ASNs/IP ranges. If you encounter this issue, it's likely a "neighboring" IP address was bombarding YouTube, causing them to block the ASN/IP range you're in.
  3. The cobalt.tools developers seem to have found a workaround using OAuth2. This currently has a PR in the lavaplayer youtube source manager, however it seems a bit risky.

We are in the process of implementing OAuth2 login for JMusicBot in #1670. Use this with an alternative/burner!!! Google account to play tracks again on blocked IPs.

Checklist

@PouletteMC
Copy link

Also having this issue, if anyone has a solution or a quick and dirty workaround, I'd be down

@TheBjoel2
Copy link

downloading youtube videos through tor might be a workaround for this problem. just tested this, it works

$ torsocks yt-dlp https://youtu.be/AL5vANu2gok                                                                                                                                                               
[youtube] Extracting URL: https://youtu.be/AL5vANu2gok
[youtube] AL5vANu2gok: Downloading webpage
[youtube] AL5vANu2gok: Downloading ios player API JSON
[youtube] AL5vANu2gok: Downloading player 4fc7f9fa
[youtube] AL5vANu2gok: Downloading m3u8 information
[info] AL5vANu2gok: Downloading 1 format(s): 302+251
[download] Destination: Black Holes Explained For Gen-Z [AL5vANu2gok].f302.webm
[download] 100% of   48.22MiB in 00:03:40 at 223.78KiB/s
[download] Destination: Black Holes Explained For Gen-Z [AL5vANu2gok].f251.webm
[download] 100% of   10.01MiB in 00:00:49 at 207.41KiB/s
[Merger] Merging formats into "Black Holes Explained For Gen-Z [AL5vANu2gok].webm"
Deleting original file Black Holes Explained For Gen-Z [AL5vANu2gok].f302.webm (pass -k to keep)
Deleting original file Black Holes Explained For Gen-Z [AL5vANu2gok].f251.webm (pass -k to keep)

@cmorley191
Copy link

cmorley191 commented Jun 15, 2024

This other repo fixed the issue by adding support for Oauth2, essentially allowing people to create dummy accounts for the bots to log in with: imputnet/cobalt#551

Is this something we'd have to request support for in lavaplayer? Or is MusicBot responsible for querying the youtube API?

@Ozak93
Copy link

Ozak93 commented Jun 17, 2024

I'm facing the same issue:

Jun 17 23:49:14 env[441177]: [23:49:14] [ERROR] [AudioHandler]: Track BJhF0L7pfo8 has failed to play Jun 17 23:49:14 env[441177]: com.sedmelluq.discord.lavaplayer.tools.FriendlyException: Sign in to confirm you’re not a bot Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.clients.skeleton.Client.getPlayabilityStatus(Client.java:72) Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.clients.skeleton.NonMusicClient.loadTrackInfoFromInnertube(NonMusicClient.java:98) Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.clients.skeleton.StreamingNonMusicClient.loadFormats(StreamingNonMusicClient.java:35) Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.track.YoutubeAudioTrack.loadBestFormatWithUrl(YoutubeAudioTrack.java:175)

@Moonchild6279
Copy link

I can confirm that with my VPS Server, it logs a "Sign in to confirm you’re not a bot." error everytime I want to play a youtube video on my server.

HOWEVER, just recently I found out my old instance of my bot in my local machine work perfectly with youtube.
Perhaps it's something to do with how the I.P of my local machine is tied to my youtube account perhaps? maybe youtube blocked requests from my server because of that.

@Derahex
Copy link

Derahex commented Jun 29, 2024

a bot called "Nero Bot" manages to still play YT videos- would be worth looking into how they manage past the whole thing with their "nodes".

@TheBjoel2
Copy link

a bot called "Nero Bot" manages to still play YT videos- would be worth looking into how they manage past the whole thing with their "nodes".

  1. Nero Bot is not open source
  2. Minerea is also able to play YT. Not open source
  3. Chances are they are paying for a YT API or idk

@samusaran

This comment was marked as resolved.

@MichailiK

This comment was marked as resolved.

@samusaran

This comment was marked as resolved.

@MichailiK

This comment was marked as resolved.

@samusaran

This comment was marked as off-topic.

@MichailiK
Copy link
Collaborator Author

MichailiK commented Jul 11, 2024

As this is an issue that affects every project using YouTube, several communities have come across a few discoveries. Here's a summary of what I've seen:

  1. This is an IP block.
  2. Instead of just banning one IP, it looks YouTube is blocking whole ASNs/IP ranges. If you encounter this issue, it's likely a "neighboring" IP address was bombarding YouTube, causing them to block the ASN/IP range you're in.
  3. The cobalt.tools developers seem to have found a workaround using OAuth2. This currently is not implemented in lavaplayer has a PR in the lavaplayer youtube source manager, however it seems a bit risky.
  4. IPv6 rotation might also work, which lavaplayer supports & encourages using. We haven't put much thought about supporting IPv6 rotation on JMusicBot yet though.

In my opinion, I see three main ways JMusicBot could move forward:

  1. Wait for OAuth2 support to be arrive in the lavaplayer youtube source manager & make use of that
  2. Allow configuring IPv6 rotation for users on VPS' as they are most commonly affected by these blocks.
  3. Implement support for an external tool (cobalt.tools) as a source, which have circumvented this block. I'm not sure if they would appreciate the additional traffic from JMusicBot users though.

Only my two cents though, no discussion around this has happened yet.

@T-h-o-r-p-e

This comment was marked as resolved.

@MichailiK

This comment was marked as resolved.

@Snaacky
Copy link

Snaacky commented Jul 18, 2024

This started affecting me on a Hetzner IP range yesterday. Not a solution per se, but managed to temporarily workaround it by routing my jmusicbot Docker container through my WireGuard Docker container running a config from a paid VPN service.

@T-h-o-r-p-e

This comment was marked as resolved.

@z80sui

This comment was marked as spam.

@mwessman
Copy link

So is there any solution or workaround for this yet?

@MichailiK
Copy link
Collaborator Author

The only workaround at the moment is to play music from a non-banned IP address. We're currently waiting for upstream to implement OAuth2 login & then consider adding it to JMusicBot.

@andy01745

This comment was marked as duplicate.

@Johannes11833
Copy link

Johannes11833 commented Aug 18, 2024

You could also route the requets through warp for now. Seems to work most of the time and does not require a paid vpn service.

services:
  jmusicbot:
    image: ghcr.io/yojoshb/jmusicbot-docker
    container_name: jmusicbot
    # environment:
    #   - BOT_VERSION=0.3.9 # You can omit the environment variable if you just want to run the latest version
    volumes:
      - ./config:/config
    restart: unless-stopped
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

@alanman87
Copy link

You could also route the requets through warp for now. Seems to work most of the time and does not require a paid vpn service.

services:
  jmusicbot:
    image: ghcr.io/yojoshb/jmusicbot-docker
    container_name: jmusicbot
    # environment:
    #   - BOT_VERSION=0.3.9 # You can omit the environment variable if you just want to run the latest version
    volumes:
      - ./config:/config
    restart: unless-stopped
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

How would we do this for pterodactyl? I am running the bot via the pterodactyl egg.

@judeabc20221
Copy link

judeabc20221 commented Aug 19, 2024

You could also route the requets through warp for now. Seems to work most of the time and does not require a paid vpn service.

services:
  jmusicbot:
    image: ghcr.io/yojoshb/jmusicbot-docker
    container_name: jmusicbot
    # environment:
    #   - BOT_VERSION=0.3.9 # You can omit the environment variable if you just want to run the latest version
    volumes:
      - ./config:/config
    restart: unless-stopped
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

Thanks, it's work!

@Harshraj9812
Copy link

Harshraj9812 commented Aug 23, 2024

Note

Wrap Workaround is only working on jmusicbot:0.4.3 Release version only.

Tested & Working docker-compose.yaml
Add your - BOT TOKEN

version: "3"
services:
  discord-bot:
    container_name: Hr-Music-bot-Discord
    restart: unless-stopped
    image: harshraj9812/hr-bot-jmusicbot:0.4.3
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    environment:
    # BOT TOKEN
      - TOKEN=
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    container_name: Wrap-Hr-Music-bot-Discord
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

@driftywinds
Copy link

driftywinds commented Aug 24, 2024

version: "3"
services:
  discord-bot:
    container_name: Hr-Music-bot-Discord
    restart: unless-stopped
    image: harshraj9812/hr-bot-jmusicbot:0.4.3
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    environment:
    # BOT TOKEN
      - TOKEN=
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    container_name: Wrap-Hr-Music-bot-Discord
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

Can you build an arm64 image, or teach me how to do it for myself? Thank you so much!
EDIT: - Nevermind, I ended up using this: - #1588 (comment), which has arm64 support and it worked!

@MichailiK
Copy link
Collaborator Author

The upstream project has recently implemented OAuth2 authentication. I've just gotten around to write an implementation for it in #1670. I expect for this to be part of JMusicBot 0.4.5, to be released soon.

It should be trivial to set up, but I'll comment with quick instructions once 0.4.5 releases.

@ghost

This comment was marked as abuse.

@zaughon
Copy link

zaughon commented Sep 1, 2024

The bot i'm running was recently hit by this issue. The thing is, the bot hadn't played any music for weeks, which made me wonder, is the bot constantly connecting to YT even when not playing music? If yes, what is the reasoning behind this?
Or is it lavalink doing that for unknown reasons?

@DaniDipp
Copy link

DaniDipp commented Sep 1, 2024

@zaughon
No, it's not connecting to YouTube when not searching for or playing videos. The reason is that YouTube is banning whole IP ranges of data centers. It's not personal.

@Abujaman4685454

This comment was marked as off-topic.

@Abujaman4685454

This comment was marked as off-topic.

@MichailiK

This comment was marked as off-topic.

@FOS92

This comment was marked as duplicate.

@RayPlays

This comment was marked as resolved.

@tag27

This comment was marked as resolved.

@redswgd
Copy link

redswgd commented Sep 30, 2024

i am facing the same issue.maybe open youtube in private window might solve the problem.

@MichailiK
Copy link
Collaborator Author

Thanks for all the thoughts & suggested workarounds everyone! We are now moving forward with implementing a way to login to an (alternative/burner!!!) Google account using OAuth2:

As plenty of workarounds have been suggested here & this issue's comments have somewhat derailed into chatter (which is probably cluttering the notifications of those subscribed to this issue), I'm going to lock it for now.

Once account login has been implemented & released, I'll comment again with quick instructions on authorizing JMusicBot with your Google account.

Repository owner locked and limited conversation to collaborators Sep 30, 2024
@MichailiK MichailiK modified the milestones: 0.4.5, 0.4.4 Oct 2, 2024
@MichailiK
Copy link
Collaborator Author

Unfortunately, YouTube has begun to crack down on the OAuth2 workaround, so it won't be viable. For people on VPS' (which are the most affected by this issue) might be able to use their (/64 or larger) IPv6 address space to workaround the IP bans. I'll see if I can get that implemented in JMusicBot, hopefully some time in the near future.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.