asdttt
-
Posts
152 -
Joined
-
Last visited
-
Days Won
3 -
Feedback
100%
Posts posted by asdttt
-
-
9 hours ago, z10n said:
I belive the reason you got detected is the activity, real players, will randomly do new things, such as rotate the screen , examine items, have random AFKs, talk to people, open quest guides in-game, open world map, walk places and talk to people.
Whereas the bot is singularily focused on its one objective, in this case mining tin.
I personally don't believe that is a metric.
If Jagex is using heuristics/ML to monitor accounts, they're going to be using it on more constant variables. Mouse movement, button delay, task ticks, etc. Not what someone does during the task like talking to friends and such.
It's also not one big check. They have multiple different checks, all which can and will lead to a ban. Some faster then others.
It's important to tackle this whole botting thing with: How would I stop botting. Once you start fighting to detect your own bot, obvious flaws start to show.
-
44 minutes ago, Valkyr said:
Could you not at least partially solve this using gaussians?
I believe so, and OSBot already uses them. But their logic is flawed (Unless this is their intended behavior?)
This is OSBot's current clicking.
Reason it looks like this is because they turn negative random guassians into positive, which defeats the purpose of using them unless you are purposely trying to create this downward graph? Obviously this is EXTREMELY easy to detect still, as they're hitting the minimum far too often
This is their current "flawed" code for generating randoms for the mouse events. Might be used all over, I only verified that they use it for clicking.
public static int gRandom(int iIiiiiiIIiIi, double d) throws IllegalArgumentException { double d1 = Math.abs(random.nextGaussian()) * d + iIiiiiiIIiIi; d = iIiiiiiIIiIi + d * 3.0D; if (d1 > d) d1 = d; return (int)Math.max(0L, Math.round(d1)); }
Instead of that, they could do something like this
public static int gRandom2(int iIiiiiiIIiIi, double d) throws IllegalArgumentException { double mod; double result; do { double guassian = random.nextGaussian(); if (guassian < 0) iIiiiiiIIiIi += d; mod = d * guassian; } while ((result = (iIiiiiiIIiIi + mod)) < 35); return (int) result; }
This code is not perfect, it's just more of an example of a direction they could try.
That code produces this
-
2
-
1
-
2
-
-
14 minutes ago, evaker said:
this sounds kinda troll. went for ten hours each day doing nothing but mining and the ban bothers you? hmmmmmm.
if you seriously want to avoid bans it's simple, do not appear like a bot in any way at surface level look of your account. See you've gained 10b exp in mining, doesn't matter what your clicks look like I'd expect an auto ban
It's not about avoiding bans, it's about figuring out what Jagex is looking for. 10 hours may sound like a lot to you, but it's pretty normal once you get passed the first couple layers: Client detection, non-HID (Or possibly just hardware mouse position checks), mouse movement patterns. There are guys who bot over 10 hours daily with zero issues. Even some who have AFK botted nightmare zone for an ENTIRE WEEK straight with OSBot lol. The less input a task requires, the longer you can bot it.
Every time I adjust my client/scripts, I get a longer and longer botting time. It's only a matter of time.
-
1
-
1
-
-
Here's some more data on these mouse events. This is only 300 clicks because I'm lazy
My mouse, manually:
https://i.imgur.com/3xqGR6X.png
An autoclicker
https://i.imgur.com/tBSKIOX.png
Right off the bat you'll notice two things. One, the randomization, or so we thought, is more evenly spread out. Contains a visually predictable median. Secondly, you'll see that in my manual clicks, there's an obvious hot spot where clicks are more likely to land between. Not only that, but my min/max clicks are very very minor.
It wouldn't take a rocket scientist to create an algorithm to detect the autoclicker. Now imagine this data with thousands of clicks. Millions possibly. That autoclicker graph would practically flat-line, even among the min/max which logically should be the most difficult to hit.
-
This is part two of my findings, although this time I created an entire 3D imaging software to bot with. Previously I was banned using a randomized alching macro script, paired with a HID device completely indistinguishable from a normal mouse in terms of appearance to native programs - although it took around two weeks of near constant alching.
The software...
Similar to how colorbots work, but based on imaging physical objects due to all the free libraries all over, computational speeds, and the simplicity of 3D objects in-game. I created a new software to control my HID device using a COM's port (Which it then translated to natural HID input). My mouse mover was a very advanced algorithm I worked on when I used to use OSBot, including a trained neural network portion which aided in speed/translations/overshoots/deviation/whatever. Multiple hours trained using my movements in-game to insure Jagex wouldn't be able to establish a difference between my movement, and the bots movement.
The HID device was then seeded by https://www.random.org/ as generated a seed on a device is incredibly difficult due to the simplicity of the OS and overall hardware obviously.
The bot, although somewhat slow at times, was very similar to my own movements. It's job was to simply mine for around 10 hours a day, then turn off. Then turn on the next day. Surprisingly this bot managed to net 3 million GP mining tin, in the course of about 1-2 weeks, with some days off. That compared to MirrorMode on OSBot is a MASSIVE increase in botting time. Sadly, it was just banned for Macro Major..
Ban cause speculation
This ban bothers me. The software, undetected, the physical "mouse", undetected, the mouse movement, exactly as my own.. I'm really thinking, what pattern could possibly be this blatantly obvious that they would ban my poor bot permanently? No way it's the mouse movement? The pattern in mining, doubt it as it was based on my own (once more), and is simply too basic to detect a pattern. The timings? Should of been very random, with unbounded lengths (Meaning a random integer between 1-100 could result in 20,000 randomly), but still not ruling this out.
Then lastly, the ban time frame.. It matches the alch bot near-perfect. A bot that did nothing but click a mouse, which didn't rely on software on the computer at all..
Is it possible that... Mouse down -> Mouse UP timing (A record I've already shown they logged), is responsible for these bans? Is it possible they're brute-forcing our seeds or using some type of algorithm which eventually learns our random patterns and can predict the next random number in the sequence (Given our randomizers use pseudorandom chains).
Since we all use a static range of numbers between Mouse Down/Up, they will eventually detect regions of time of where our click events contain a constant, say 50-200MS between bound. Theoretically, given enough time, most numbers between these given bounds will result in the near-same number of uses. Writing an algorithm to detect a randomness pattern between the up/down (Or in other words, time it takes to click) would not be difficult, it would just require a lot of data. Furthermore, the ban rates tend to reflect mouse clicks. Agility for instance, requires clicking every 2 seconds.
Essentially my conclusion: Randomization is a double edged sword. May appear random, but given enough time, creates a perfectly symmetrical shape. Instead of a horizontal random number picker, perhaps we need to look into more "human-like" randomization.
Plans going forward...
What I plan to do now, for anyone who cares, is to graph some of this data to visualize the data Jagex is being sent just to see how "random" looks. My next plan is to once more bot the living FUCK out of some rudimentary task, but this time with mouse delays based on my own timings. If I'm still banned, I'm just going to assume Jagex carelessly bans anyone who is doing a task for too long and this whole thing is a waste of time lmao
The reason I focused on the mouse click delay in this thread is because it's the easiest input to track. No matter what bot, script, or macro you use, they all have randomized clicking. This is also the easiest pattern as it's consistent throughout all botting tasks
-
8
-
1
-
-
They instantly detect when you use a non-approved client for sure. Tested this numerous times. Second you use injection on your account, you permanently flag it and you WILL get banned for overbotting even when not using OSBot. In other words, once your account is flagged, you will be banned much faster then a non-flagged account. Even for basic things like autoclickers
They also state that they can scan your memory, so I'm sure Mirror mode is detected at some point, but 100% not as quickly as injection. Jagex has code in their Java client which can/will at ANY TIME load WHATEVER files their server decides to send to your computer,
Running in sandbox mode is smart if you're trying to prevent fingerprinting. Fingerprinting being Jagex using some file/ID/etc to tie multiple accounts regardless of IP together. So you might as well take the extra step and run on a virtual sandbox if your PC can handle it.
Just use custom/private scripts, take tons of breaks, be very careful with skills such as agility/mining, use mirror mode 100% of the time on accounts you care about.. Etc. I'm not sure if the hardware mouse thing makes a difference, but others claim it does so..
-
2
-
-
3 hours ago, ItPoke said:
People that play legit also gets banned, soooo.
I've seen that before on reddit, but never believe them. Have you personally experienced a false detection? I've never seen a day ban before, so it's possibly the detection wasn't absolute
-
On 2/6/2022 at 1:36 PM, jujusock said:
just curious how would I know if a proxy is flagged or not?
Majority of proxies are flagged. For all we know, they flag all datacenter/known-proxy/vpn addresses.
I recommend buying residential proxies. Never got prematurely banned on a residential proxy before
-
Decided to come back to OSRS botting after getting bored. Wanted to see if I could bypass the anti-bot by going to the maximum. So I did a simple task, alching, for a whole week straight 20/h with only like 1 hour breaks lmao. Difference this time is I wanted to make it IMPOSSIBLE to detect me outside of pattern detection
Managed to make it 1-2 WEEKS, going nearly 20 hours a day, and getting all the way to 98 magic before getting 1 day banned for "Bot busting". Strangely enough I was banned for "Illegal 3rd party software" which leads me to believe I was flagged from weeks ago when I first used OSBot on the account.
Edit: Didn't say 24/h a day due to having to buy from the grand exchange, and occasionally getting auto-logged out and not instantly re-logging
Couples of important notes
- Macros, fake mouse, sendInput - all easily detected by modern anti-cheats. Therefor I used a custom HID device that I programmed the script directly into and hid the driver to appear as a Logitech mouse.
- Obviously used delays between mouse click/release on the HID device to mimic a normal user
- Random delays, although not too long so the aching was still very efficient
- Random small breaks (Just like 1-10 seconds without logging in) every 10-20 minutes
- Random seeding, at random intervals. Seeds were taken from the digital analog signal on the HID/COM device i used, best way to get a random integer given the limited OS. This was to prevent seed bruteforcing
- Was actually using RUNELITE because the vanilla client is garbage. Might of contributed to the ban?
- Was logically similar/same to my own pattern timings, based on raw data (Not assumption)
- The account, weeks ago, had used my own private combat scripts to train strength/defense/attack
- I have never been banned using my custom scripts + breaks/questing after 3 hours (Unless intentionally trying to get banned to test)
- NO BOT software was installed on this computer. Fresh installation of Windows 10
- Was not banned for macros, but rather "Bot bust" - which is commonly applied to AUTOCLICKER related bans
Why?
I was interested to see whether it was possible to fully bypass at STUPID large time-spans that are physically impossible for a human to do. I assumed that MAYBE Jagex deploys further anti-cheat after reaching a certain gameplay time (Based on pattern recognition thresholds) which would seek to verify whether the suspected botter is using a real mouse (Whether input comes from a physical HID device rather then API), or whether they're using an illegal client such as OSBot. Since I was both using an approved client, and a physical HID device, my theory was the anti-bot would not ban my account due to insufficient proof.
What does this mean to botting?
It further questions the popular theory of whether Jagex is actually doing these HID/Client checks at all. Is it possible that they DO still do these checks, but only to increase the ban rate or ban offense? IMO, from testing, that's most likely the case..
Secondly, it further emphasizes the importance of taking BREAKS! Time appears to be one of the LARGEST factors when botting. Even when completely bypassing all possible pattern detection, or low level detection, I STILL managed to get banned based on my improbable play time - and obviously the succession of my alching may of lead to this. Although I myself, and many others in the past have used beats-per-minute timings to get perfect alching. Human improbability is what I imagine this detection tier is based on
Lastly, and possibly the most important, it is possible that my previous botting (IE using OSBot, an illegal client), left a flag on my account and Jagex was only waiting for me to overplay on the account to ban it.
Now my plan is to train another account with only vanilla and my HID device scripts. That will prove whether my account was previously flagged for the small amount of botting, or if Jagex banned me based solely on the fact I botted for far too many hours to be deemed as "natural". Hope this information was useful for some people, or at least prevents you from doing this same thing lol
TL;DR: Temp banned even though I used a physical HID device and a Jagex approved client (Runelite) with zero software
-
1 hour ago, iamjayx said:
It is illegal as hell to Spy on someones operating system without their permission. Client-side anti cheat is part of a games TOS. Huge difference between backdooring your users as "anti cheat" vs having a overall system to detect patterns, which they do as already stated. Too bad you can't read basic English that's right in front of you but would rather twist it in a sad attempt to sound smart, too bad you're an idiot. Keep your tinfoil hat tight buddy, you're a special snowflake and Jagex is making a personal agenda to watch every move you make. Careful what you fap to, it might get you banned.
Again, get real dawg.Checking the source of input is not illegal....... Please quote some laws and provide sources before you make such insane claims..
-
On 8/2/2019 at 11:51 AM, iamjayx said:
They definitely can't and don't do this. It's intrusive and illegal in most countries. Bot detection is based off patterns, length, and whether or not you do randoms/other human interaction like trades or responding to people. Jagex isn't going to break the law or risk being caught breaking the law as a multimillion dollar company just to spy on 15 year olds botting their game that already has, and has had since the beginning - systems and teams built for that exact purpose. Get real dawg.
Wasn't aware there were lawyers on this website. Too bad you're an idiot.
It's not illegal to have client side anti-cheat... If it is, shutdown Fortnite, Rust, and Battlefield this instant! It's even funnier you said that because of jaclib (Runescape anti-cheat library) being exposed back in the day which contained basically exactly what I stated above.
-
5 hours ago, beezdul said:
Idea: Run some bots and as soon as they get banned create a memory dump.
I wish it was that easy.
-
This would further backup the theory that after X hours of botting, you're put in a tier of anti-bot that loads native level detection - such as detecting whether a mouse click is coming from hardware, windows API, or being created directly inside the JVM it's self. Different OS's would require different methods and API. Many client side anti-cheats such as EAC utilize the same detection methods for detecting aimbot or macroing.
-
Keyboard focus is spoofed
-
44 minutes ago, caketeaparty said:
Now that you mention it, it does make a lot of sense that they would have different thresholds/tiers based on the factors they can or cannot detect. It seems to me that when botting on Mirror, botwatch doesn't scrutinize accounts as heavily presumably because they see the official client being used like you said. It could explain why it's much easier to get away with randomized autoclickers and mouse recorders on the official client, too, and Mirror just plays off of that weakness in their algo. On the other hand, if they detect you're using a proxy + 3rd party client, you're a much higher threat and on the radar at all times, right?
Do you have any data on how injection fares on Linux vs. Mac and Windows? I use Windows vps mostly for Mirror of course, that could also be a major factor. Is there a chance they can't get certain data out of a certain OS that would effect the ban rate?
The method's (such as GC/class checker) are both within the JVM, so the OS doesn't really matter for those checks. If they load native anti-cheat code (Hasn't been detected on OSRS), then they could detect whether the bots keyboard/mouse is coming from hardware, or software - although there's zero evidence to support they do this and it'd still be bypassable with some effort annd it'd need to be different methods per OS since it'd be different API and kernels.
As for unofficial clients, I doubt it puts you on the radar 100% of the time. Runelight at this point is probably the most widely used client out of all of them and differs from each installation due to the plugins installed. Sure seems to put you on the radar FASTER according to the banrates on here (I myself have never used mirror mode, so this is 100% speculation).
Your windows VPS may also have it's IP flagged as a proxy/vpn/dangerous IP. Although it's pretty obvious to find out because they'll lock your account shortly after beginning to bot lol.
-
1
-
-
1 hour ago, caketeaparty said:
Yeah, automatic flagging could be the main culprit in how quickly I'm getting banned. In a previous thread, I did note I got much better results botting on a residential IP on injection, but even then, all accounts were eventually banned. It still doesn't explain the huge discrepancy between bans on Injection and Reflection for me if they are essentially the same. The only conclusion I can come to is that they are not quite the same.
Idk the anti-bot is simply too big to pinpoint exactly what's causing the bans. Residential IP's 100% result in a lower banrate as opposed to VPN/proxy IP's that are flagged as such however.
All the users on here generally claim that either mirror mode makes no difference in their banrates, or a slight difference. I think it just boils down to what I said though - essentially that non-official clients will flag faster due to being a an unofficial client (Mirror mode would flag as official in theory from the checks I mentioned). Almost certain Jagex's anti-bot measures are tiered anyways. It's possible client detection is the X tier that feeds into their bot % chance. It's even possible that one of their higher tiers loads a .dll which would detect things like non-hardware mouse movement/clicks from an OS level (Such as windows/Linux/Mac API). One thing that seems to be for certain is bot/play time 100% is used in their anti-bot detection. Whether it's for teiring their anti-cheat measures, or simply for feeding into a pool of checks that produces a bot certainly output on the selected players idk.
-
25 minutes ago, caketeaparty said:
I'm not sure that assertion is completely true (Reflection == Stealth Injection). I mean, I have a 100% ban rate on Injection (ban comes within 1 to 10 days), whereas I get a ~3% ban rate botting on reflection, and this isn't unique to me. Others have reported similar results. There's something they're catching on Injection that's flying under the radar on Mirror. You're right that they don't ban simply for using a bot client, I've tested that too. It's only when I run a script on injection that a ban comes. Even running a script on injection accidentally for 1 minute resulted in a ban the next day for me before.
Injection uses reflection. Reflection is just API that allows you modify the behavior of methods, classes, ect at runtime. And idk what you're doing to get banned that fast. I bot 6 hours a day on my main training various stats, even mining, and I've yet to be banned.
The client check most likely is a result of already being flagged as a bot, or assumed as a bot. It might add to the % a user is a bot. I'd go as far as saying if they detect you're using the official client (mirror mode), the ban requirements are slightly raised.
-
12 hours ago, caketeaparty said:
It's pretty obvious that scripts are easily detected when they run on injection. A lot of the same scripts that get me banned in injection work for months on reflection, this is uniform across all botting clients not just OSBot. That said, there is no guarantee. I've been banned using Mirror while Thieving and Mining. I will say OSBot has some of the best training scripts that are worth using regardless of method.
Frankly, we could use something better to revitalize botting, maybe some clever mix of both could work well, combining the protection of Reflection with the precision of Injection. I'm no programmer, but I remember recalling a quote from a famous bot developer a while back. Basically Jagex would be out of their depth if bot developers really tried. Reflection is a step in the right direction, but there has to be something better.
Reflection == Stealth Injection. There's two "debug" checks inside OSRS's jar I've located. One, a classchecker that Jagex's server can request to check any class at anytime. The other, a garbage collector timings collector that jagex can once again request at any time. Wouldn't be difficult to differentiate OSBot from an official client using just basic garbage collection timings due to the increase in permGen, shortLived memory, and overall collection timings from the bot client + scripts. I personally don't think there's any difference between using mirror mode and stealth injection in terms of detecting based on the client it's self. Using stealth injection may lead to a faster ban due to them being able to, in theory, tell you are not using an official client from debug results, but you wouldn't be banned based on using the client it's self.
-
IP's flagged for VPN/proxy/ect. Use a proxy that isn't flagged
-
10 minutes ago, Search12 said:
My own belief is that while things like third-party clients probably do contribute; detection is massively based on whether your account has similarities to other accounts (including banned accounts) - basic machine learning. Similarities including but not limited to delays and timings, account progression and so on. Reports probably trigger the server side AC system. Maybe large disparity trades do too.
Is common information at SRL and has been for years. There was never a dll called jaclib.dll in oldschool runescape. That one only exists in RS3 so they couldn't remove it from oldschool since it never existed there to begin with. NXT actually has hard detection. jaclib.dll still exists in rs3 java client last i checked.Ah that explains why I couldn't find it. Haven't played RS3 in ages.
And I agree completely that they use machine learning, or at least pattern matching. Which is why I produced this thread showing how their current logging capabilities could EASILY pickup on OSBot. Every bot client I tried actually has flawed mouse movement patterns (Only tried 2 others).
It split off into another direction primary because Alek basically said "If it's detectable by x, then why bother fixing y".
Edit: And there's other basic stuff like NEVER loosing keyboard focus, even when the virtual mouse is "moved off the screen" that probably adds to the probability of a user being a bot.
-
1
-
-
1 hour ago, Search12 said:
Are you keeping up with the flow of the conversation? I was stating why Alek's point is bad because they don't do that specific type of detection (hooks through SetWindowsHookEx) and Naked asked me for proof. It has nothing to do with other types of detection or other types of input. All types of input are detectable but not being detected (Integrity isn't being tested anywhere). Logitech's driver software isn't a MouClass.sys replacement. It's what you would call a filter driver. Lives at a higher level than MouClass.sys but it is still under Win32K.sys so it is in kernel space. All these methods are easily detectable unless your AC is running in userland. I will state it again; This type of detection doesn't exist anywhere in the game client. They don't test the integrity of mouse/key events anywhere in the oldschool runescape client.
You can check for yourself but i can tell you that there's nothing nefarious in any native code in oldschool runescape.I was just pointing out that they could achieve nearly the same level of detection based on raw input, so you wouldn't be able to detect that using the method you described.
And yeah I couldn't find anything interesting either, but as I described above, the detection appears to be tiered. Quoting myself:
3 hours ago, asdttt said:And from what it appears during my testing, they've done nothing with windows API. They do have code to download jars and load .dll files, but I haven't been able to detect anything while botting. Maybe they load it after 6-10 hours of straight botting for a bit, then unload it? I've got no idea. I got 75 magic about 2 days ago by autoclicking alch for like 9 hours straight and got no ban either. It's been theorized by most botters that their system is tiered, so this would certainly back that claim up. Maybe detecting clicks is the very top tier of detection, their last ditch effort. That would also mean that fixing other flaws such as the mouse movement would further delay bans, therefor, in theory, allowing for a much longer botting period.
So in other words, I don't believe they use this level of detection. If they do, then they're very very sneaky with it and it's injected only after botting a certain amount of time, and only for a certain length of time. Like a "last ditch effort" as I described above.
Edit: Also I forgot to mention, there actually was a .dll file called "jaclib.dll" or whatever that contained code to catch the API input flag "LLMHF_INJECTED" (From sendInput) - although there was never a callback implemented. Weird... Very weird.. Especially since they bothered to ship it... Maybe because they realized that programmers could easily remove that flag through a hook + trampoline function, or by just unregistering it lmao (Through WH_DEBUG). They appear to have removed it though.
-
22 hours ago, Search12 said:
You want me to provide proof of something that isn't there? Here, i'll just teach you how to do you yourself.
Write a SetWindowsHookEx hook/detour and place it in a DLL which installs our hook in DLLMain. You can copy and paste any basic 32bit trampoline function. WinAPI functions all come with a standard useless 2 byte hotpatch point (mov edi, edi). This includes SetWindowsHookEx. The hook will notify us if any process (which has our DLL loaded into it's address space) invokes SetWindowsHookEx.
Start oldschool runescape in a suspended state. Inject your DLL. Resume oldschool runescape so it is no longer in a suspended state. If the process calls SetWindowsHookEx then it has tried to create a hook. That's how you would detect windows hooks.
Extra: You can grab the params which have been passed to SetWindowsHookEx. Including a function pointer and manually navigate to the code in memory (can use any decompiler) if you happen to find that hooks have been installed.Would still be detectable as it's not coming off the HWID stack, but that's if they even have the anti-cheat measures to check that. Still wouldn't be impossible to bypass. Hell, you could make an autoclicker in Logitech's driver software and it'd come clean off the HWID stack.
IMO, I think Jagex understands that botting is simply a part of the game at this point. They're getting little to no new players, RS3 is pretty much dead, and OSRS is full of autoclickers. It makes zero sense why I can bot on the most blatant script ever made for 4 hours straight and get no ban. ZERO sense. To me, it feels like they actually just allow micro-botting as long as it wont harm the economy. This game is so repetitive, if you actually took the time to train your strength or what not to 99 MANUALLY then you should probably get a job lol.
And from what it appears during my testing, they've done nothing with windows API. They do have code to download jars and load .dll files, but I haven't been able to detect anything while botting. Maybe they load it after 6-10 hours of straight botting for a bit, then unload it? I've got no idea. I got 75 magic about 2 days ago by autoclicking alch for like 9 hours straight and got no ban either. It's been theorized by most botters that their system is tiered, so this would certainly back that claim up. Maybe detecting clicks is the very top tier of detection, their last ditch effort. That would also mean that fixing other flaws such as the mouse movement would further delay bans, therefor, in theory, allowing for a much longer botting period.
-
Depends on what you plan on hosting on the server. I assume you're using OVH, or a reseller like SoYouStart for a price that good.
-
First off, stop using port 8080 because that's already an established port for HTML.
Second off, you only call it once...
You need to do a loop on serverMuleRequest if you want it to keep writting. Like while (true) { method } - but you don't want to keep establishing a new socket, so you'll need to assign that somewhere else before the loop
Got banned within 1 day of botting
in Botting & Bans
Posted
If you wanna reduce ban rates, just mix up your botting. Bot mining, then maybe go bot combat. Combat IMO is the best to bot because it has a high level of randomness just due to the fact entities move around dynamically and the RND nature of combat on RS.
Fishing, woodcutting, agility, runecrafting, and mining all have really fast ban rates.