"Sign in to confirm you’re not a bot." error with YouTube videos

[MichailiK]

Bug Description

Playing YouTube videos may fail with the error "Sign in to confirm you’re not a bot."

YouTube seems to have recently rolled out this measure. It's affecting not only third party players/clients, but also YouTube's official website & apps when logged out. Several communities have come across a few discoveries. Here's a summary of what I've seen:

1. This is an IP block.
2. Instead of just banning one IP, it looks YouTube is blocking whole ASNs/IP ranges. If you encounter this issue, it's likely a "neighboring" IP address was bombarding YouTube, causing them to block the ASN/IP range you're in.
3. The cobalt.tools developers seem to have found a workaround using OAuth2. This currently has a PR in the lavaplayer youtube source manager, however it seems a bit risky.

We are in the process of implementing OAuth2 login for JMusicBot in #1670. Use this with an alternative/burner!!! Google account to play tracks again on blocked IPs.

Checklist

• I have looked for information about this within the documentation
• I have searched for similar issues on the issues page
• I am running the latest version of the bot:

[PouletteMC]

Also having this issue, if anyone has a solution or a quick and dirty workaround, I'd be down

[TheBjoel2]

downloading youtube videos through tor might be a workaround for this problem. just tested this, it works

$ torsocks yt-dlp https://youtu.be/AL5vANu2gok                                                                                                                                                               
[youtube] Extracting URL: https://youtu.be/AL5vANu2gok
[youtube] AL5vANu2gok: Downloading webpage
[youtube] AL5vANu2gok: Downloading ios player API JSON
[youtube] AL5vANu2gok: Downloading player 4fc7f9fa
[youtube] AL5vANu2gok: Downloading m3u8 information
[info] AL5vANu2gok: Downloading 1 format(s): 302+251
[download] Destination: Black Holes Explained For Gen-Z [AL5vANu2gok].f302.webm
[download] 100% of   48.22MiB in 00:03:40 at 223.78KiB/s
[download] Destination: Black Holes Explained For Gen-Z [AL5vANu2gok].f251.webm
[download] 100% of   10.01MiB in 00:00:49 at 207.41KiB/s
[Merger] Merging formats into "Black Holes Explained For Gen-Z [AL5vANu2gok].webm"
Deleting original file Black Holes Explained For Gen-Z [AL5vANu2gok].f302.webm (pass -k to keep)
Deleting original file Black Holes Explained For Gen-Z [AL5vANu2gok].f251.webm (pass -k to keep)

[cmorley191]

This other repo fixed the issue by adding support for Oauth2, essentially allowing people to create dummy accounts for the bots to log in with: imputnet/cobalt#551

Is this something we'd have to request support for in lavaplayer? Or is MusicBot responsible for querying the youtube API?

[Ozak93]

I'm facing the same issue:

Jun 17 23:49:14 env[441177]: [23:49:14] [ERROR] [AudioHandler]: Track BJhF0L7pfo8 has failed to play Jun 17 23:49:14 env[441177]: com.sedmelluq.discord.lavaplayer.tools.FriendlyException: Sign in to confirm you’re not a bot Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.clients.skeleton.Client.getPlayabilityStatus(Client.java:72) Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.clients.skeleton.NonMusicClient.loadTrackInfoFromInnertube(NonMusicClient.java:98) Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.clients.skeleton.StreamingNonMusicClient.loadFormats(StreamingNonMusicClient.java:35) Jun 17 23:49:14 env[441177]: at dev.lavalink.youtube.track.YoutubeAudioTrack.loadBestFormatWithUrl(YoutubeAudioTrack.java:175)

[Moonchild6279]

I can confirm that with my VPS Server, it logs a "Sign in to confirm you’re not a bot." error everytime I want to play a youtube video on my server.

HOWEVER, just recently I found out my old instance of my bot in my local machine work perfectly with youtube.
Perhaps it's something to do with how the I.P of my local machine is tied to my youtube account perhaps? maybe youtube blocked requests from my server because of that.

[Derahex]

a bot called "Nero Bot" manages to still play YT videos- would be worth looking into how they manage past the whole thing with their "nodes".

[TheBjoel2]

a bot called "Nero Bot" manages to still play YT videos- would be worth looking into how they manage past the whole thing with their "nodes".

1. Nero Bot is not open source
2. Minerea is also able to play YT. Not open source
3. Chances are they are paying for a YT API or idk

[MichailiK]

As this is an issue that affects every project using YouTube, several communities have come across a few discoveries. Here's a summary of what I've seen:

1. This is an IP block.
2. Instead of just banning one IP, it looks YouTube is blocking whole ASNs/IP ranges. If you encounter this issue, it's likely a "neighboring" IP address was bombarding YouTube, causing them to block the ASN/IP range you're in.
3. The cobalt.tools developers seem to have found a workaround using OAuth2. This currently is not implemented in lavaplayer has a PR in the lavaplayer youtube source manager, however it seems a bit risky.
4. IPv6 rotation might also work, which lavaplayer supports & encourages using. We haven't put much thought about supporting IPv6 rotation on JMusicBot yet though.

In my opinion, I see three main ways JMusicBot could move forward:

1. Wait for OAuth2 support to be arrive in the lavaplayer youtube source manager & make use of that
2. Allow configuring IPv6 rotation for users on VPS' as they are most commonly affected by these blocks.
3. Implement support for an external tool (cobalt.tools) as a source, which have circumvented this block. I'm not sure if they would appreciate the additional traffic from JMusicBot users though.

Only my two cents though, no discussion around this has happened yet.

[Snaacky]

This started affecting me on a Hetzner IP range yesterday. Not a solution per se, but managed to temporarily workaround it by routing my jmusicbot Docker container through my WireGuard Docker container running a config from a paid VPN service.

[mwessman]

So is there any solution or workaround for this yet?

[MichailiK]

The only workaround at the moment is to play music from a non-banned IP address. We're currently waiting for upstream to implement OAuth2 login & then consider adding it to JMusicBot.

[Johannes11833]

You could also route the requets through warp for now. Seems to work most of the time and does not require a paid vpn service.

services:
  jmusicbot:
    image: ghcr.io/yojoshb/jmusicbot-docker
    container_name: jmusicbot
    # environment:
    #   - BOT_VERSION=0.3.9 # You can omit the environment variable if you just want to run the latest version
    volumes:
      - ./config:/config
    restart: unless-stopped
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

[alanman87]

You could also route the requets through warp for now. Seems to work most of the time and does not require a paid vpn service.

services:
  jmusicbot:
    image: ghcr.io/yojoshb/jmusicbot-docker
    container_name: jmusicbot
    # environment:
    #   - BOT_VERSION=0.3.9 # You can omit the environment variable if you just want to run the latest version
    volumes:
      - ./config:/config
    restart: unless-stopped
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

How would we do this for pterodactyl? I am running the bot via the pterodactyl egg.

[judeabc20221]

You could also route the requets through warp for now. Seems to work most of the time and does not require a paid vpn service.

services:
  jmusicbot:
    image: ghcr.io/yojoshb/jmusicbot-docker
    container_name: jmusicbot
    # environment:
    #   - BOT_VERSION=0.3.9 # You can omit the environment variable if you just want to run the latest version
    volumes:
      - ./config:/config
    restart: unless-stopped
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

Thanks, it's work!

[Harshraj9812]

Note

Wrap Workaround is only working on jmusicbot:0.4.3 Release version only.

Tested & Working docker-compose.yaml
Add your - BOT TOKEN

version: "3"
services:
  discord-bot:
    container_name: Hr-Music-bot-Discord
    restart: unless-stopped
    image: harshraj9812/hr-bot-jmusicbot:0.4.3
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    environment:
    # BOT TOKEN
      - TOKEN=
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    container_name: Wrap-Hr-Music-bot-Discord
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

[driftywinds]

version: "3"
services:
  discord-bot:
    container_name: Hr-Music-bot-Discord
    restart: unless-stopped
    image: harshraj9812/hr-bot-jmusicbot:0.4.3
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    environment:
    # BOT TOKEN
      - TOKEN=
    network_mode: "service:warp"
    depends_on:
      - warp
  warp:
    container_name: Wrap-Hr-Music-bot-Discord
    image: caomingjun/warp
    restart: unless-stopped
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      # - WARP_LICENSE_KEY= # optional
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./data:/var/lib/cloudflare-warp

Can you build an arm64 image, or teach me how to do it for myself? Thank you so much!
EDIT: - Nevermind, I ended up using this: - #1588 (comment), which has arm64 support and it worked!

[MichailiK]

The upstream project has recently implemented OAuth2 authentication. I've just gotten around to write an implementation for it in #1670. I expect for this to be part of JMusicBot 0.4.5, to be released soon.

It should be trivial to set up, but I'll comment with quick instructions once 0.4.5 releases.

[zaughon]

The bot i'm running was recently hit by this issue. The thing is, the bot hadn't played any music for weeks, which made me wonder, is the bot constantly connecting to YT even when not playing music? If yes, what is the reasoning behind this?
Or is it lavalink doing that for unknown reasons?

[DaniDipp]

@zaughon
No, it's not connecting to YouTube when not searching for or playing videos. The reason is that YouTube is banning whole IP ranges of data centers. It's not personal.

[redswgd]

i am facing the same issue.maybe open youtube in private window might solve the problem.

[MichailiK]

Thanks for all the thoughts & suggested workarounds everyone! We are now moving forward with implementing a way to login to an (alternative/burner!!!) Google account using OAuth2:

• Implement YouTube OAuth2 login #1670

As plenty of workarounds have been suggested here & this issue's comments have somewhat derailed into chatter (which is probably cluttering the notifications of those subscribed to this issue), I'm going to lock it for now.

Once account login has been implemented & released, I'll comment again with quick instructions on authorizing JMusicBot with your Google account.

[MichailiK]

Unfortunately, YouTube has begun to crack down on the OAuth2 workaround, so it won't be viable. For people on VPS' (which are the most affected by this issue) might be able to use their (/64 or larger) IPv6 address space to workaround the IP bans. I'll see if I can get that implemented in JMusicBot, hopefully some time in the near future.