Logicfury Posted August 22, 2018 Share Posted August 22, 2018 (edited) Hi all, Hope all is well. In the last two months I've been botting OSRS pretty extensively as I've been in-between jobs (left old role for a new role set to start in September) and found myself with a lot of free time. I consider myself to be analytical and I always make a conscious effort to keep my biases in check. In these last few months, I've gathered quite a few insights regarding how Jagex's anti-cheat team operates, which I believe to be accurate and would like to share them with all of you today. To be clear, I have no direct line of contact to anyone working on the anti-cheat team so these are just conclusions I've drawn based on my personal experiences & those of fellow botters. My analysis will only pertain to bans issued manually to accounts that have purchased a membership and are highly diversified (NOT goldfarming) as I have no experience running F2P/P2P botfarms. Those are almost certainly handled by a different stream (RE: Botwatch). *** "Manual Ban" does not refer to a mod teleporting next to you and banning you in-game, but rather someone on the anti-cheat team screening your account (from a log of hundreds - thousands) and making a judgement call as to whether you've broken any rules *** 1) All bans issued on diversified/rested accounts with membership (questing, different skills etc) and don't goldfarm are due to manual reviews by someone on the anti-cheat team 2) The only way for a botted account (that satisfies the conditions above ) to survive is to avoid a manual review at all costs 3) The single most important factor in regards to triggering a manual review is total time online (I've found this figure to be ~12 hours) Total time online INCLUDES the time you spend playing legitimately on the account. ie: if you bot for 10 hours and play legitimately for 4 hours you WILL VERY LIKELY trigger a manual review Once your account gets reviewed, the entire history of your account is available to the anti-cheat team thus any kind of botting that you've done (no matter how long ago) is liable to lead to a ban An account that survives a manual review is not a reflection of the botters knowledge/prowess but the incompetence of the anti-cheat specialist reviewing your account False positives are 100% real as are false negatives (bots that fly under the radar). For evidence on false positives (incorrectly banned accounts) you can do a quick search on google and find mod tweets directly contradicting each other regarding whether the ban was accurate or not I've successfully appealed botted accounts that were played on only 1 IP address that were permanently banned for macroing major. Their response was something along the lines of "we identified unauthorized access to your account" (100% false / impossible). This confirms that bans are at the discretion of a judgement call that the anti-cheat specialist reviewing your account makes. The accounts that were appealed were highly diversified in tasks (quests, combat, skilling, clue scrolls, favour, mini games etc), and botted specific skills up to 4 hours consecutively (20 minute breaks per hour botted) 4) Avoiding hotspots for manual reviews is 100% key to not getting banned. Example of hotspots that are guaranteed to cause a manual review: runecrafting 1h+, Zulrah etc. Even if you do Zulrah or runecrafting legitimately for extended periods of time, your account will be manually reviewed. To reiterate point 3), any kind of botting history will be available to the anti-cheat specialist reviewing your account 5) The primary mandate of the anti-cheat team is to eliminate gold farming & real world trading. These are the primary forms of botting that directly impact Jagex's bottomline and as a [Chinese] financial sponsor owned company, you can be damn sure that is their #1 priority It is my belief that accounts with large amounts of wealth on them (100M+) are subject to more frequent manual reviews when flagged. This is because banning the account becomes a double whammy for Jagex 6) "Anti-Cheat specialists" are NOT data scientists, but regular customer support staff that are trained in that respect. Thus, it is my belief that in their training they are given relatively specific guidelines to follow to identify whether an account is botting or not. It is reasonable to assume that these guidelines are set in accordance to the most popular botting scripts & botted skills This explains why accounts that exploit an unpopular gold farming mechanic through private scripts have very low ban-rates. I personally have botted several accounts using such a script that has crashed very obviously (clicking the same spot for hours due to lack of failsafe) and ALL of them have survived. It is not unreasonable to assume that because of the sheer quantity of data collected on each account, the data scientists will only send a SELECTION of logs to the anti-cheat specialist to review (ie: hey John, please review the following woodcutting/agility logs on account X for the past week) It is my belief that the anti-cheat team is occasionally given unique mandates to follow through on (the recent NMZ banwave is a clear example in my opinion). This falls in line with them pursuing their primary mandate of keeping goldfarmers in check as Zulrah is one of the most efficient gold-farming mechanics in the game and accounts are being farmed EN MASSE to exploit it 7) Many people have reported a substantial improvement in ban rates when using mirror-mode instead of injection. This is a highly controversial topic because Osbot claims injection to be indistinguishable from other third party clients. Personally, I believe this to be unlikely because there have been many reports of tutorial accounts getting instantly locked when logging in from the injection client whereas the normal client logs in fine. Additionally, OSBuddy is confirmed to return a signature to Jagex that identifies it specifically as OSBuddy. It is not unlikely to think Runelite has done the same (I haven't found official evidence of this however) because it would be in the best interest of the owners of these clients to just play ball with Jagex. This, in turn, would make it very easy for the anti-cheat team to flag unidentified third-party clients for high priority review. It is important to stress that although mirror-mode appears to be the safer alternative, it is only one of the many factors Jagex uses to identify bots. If you don't bot responsibly, your account will get flagged all the same due to the aforementioned reasons in points 1 through 6. Concluding thoughts: Although avoiding bans will likely never be an exact science, I think we can make some progress by simply sharing bans we've recently experienced. In my short time here, I've noticed a famine mentality as relates to protocols & best practices to avoid bans. Although I understand why someone who relies on OSRS botting to put food on the table would want to keep to themselves, this attitude is clearly counter-productive to the advancement of botting as a whole. I will be starting my new role in less than 2 weeks and will not be doing much botting anymore, so I wanted to leave you guys with what I learned in hopes to start a collaborative discussion moving forward. Ban Report Example: Client: Mirror Time online the day leading to a ban: 12 hours Activit(es) botted leading to a ban: NMZ/ gold farming technique/ Woodcutting etc. Age of account: days, weeks, months, years etc. Alek's response to this thread: Best, Logicfury P.S. I will try my best to update the thread with any & all well thought-out insights (contradictory or supporting) and give credit where it is due Edited September 27, 2018 by Logicfury 11 Quote Link to comment Share on other sites More sharing options...
Juggles Posted August 22, 2018 Share Posted August 22, 2018 I'm sorry but there's no way they manually review every account. I've had farms of 100+ p2p bots all get wiped at the same time at 8am on Monday when Jagex comes into the office. I really doubt they looked through each and everyone of my accounts. Now think about how many other people have massive farms compared to Jagex's small bot busting team. 4 Quote Link to comment Share on other sites More sharing options...
Logicfury Posted August 22, 2018 Author Share Posted August 22, 2018 (edited) 7 minutes ago, Juggles said: I'm sorry but there's no way they manually review every account. I've had farms of 100+ p2p bots all get wiped at the same time at 8am on Monday when Jagex comes into the office. I really doubt they looked through each and everyone of my accounts. Now think about how many other people have massive farms compared to Jagex's small bot busting team. I believe botwatch has a way to target farms and those are handled differently than accounts botted by casual players such as myself that diversify their tasks heavily. As mentioned, I have no experience with botfarms. Additionally, a manual review can vary in how extensive it is and I believe it does. IE: data scientist sends customer support a batch of 1000 accounts -> follow protocol A (99% certain these are bots, just do a final check off) vs 100 diversified accounts-> follow protocol B (do a more extensive review). Lastly, accounts that goldfarm for extended periods of time are obviously handled in a different stream. This thread is mostly geared towards the casual player that bots different skills but gets hit with the ban hammer anyway. Appreciate your input. Edited August 22, 2018 by Logicfury Quote Link to comment Share on other sites More sharing options...
Flashbacks420 Posted August 22, 2018 Share Posted August 22, 2018 very interesting thread Quote Link to comment Share on other sites More sharing options...
Beezmans Posted August 22, 2018 Share Posted August 22, 2018 (edited) 13 minutes ago, Logicfury said: I believe botwatch has a way to target farms and those are handled differently than accounts botted by casual players such as myself that diversify their tasks heavily. As mentioned, I have no experience with botfarms. Additionally, a manual review can very in how extensive it is and I believe it does. IE: data scientist sends customer support a batch of 1000 accounts -> follow protocol A (99% certain these are bots, just do a final check off) vs 100 diversified accounts-> follow protocol B (do a more extensive review). Appreciate your input. I believe what he states is reasonable a legit player brings in far more $ then a botted character you could easily pay someone to check off accounts that are banned for botting [i.e my friend who botted on a ironman zulrah 300 hours got a pet finally got the 2 day ban] they two day ban incase there incorrect theres no backlash its a 2000 lvl total iron man and put you in another bracket of higher risk. Vs a account with 80% bot chance with 99 attack/str/def only at nmz 400 out of past 401 hours logged in Edited August 22, 2018 by Beezmans Quote Link to comment Share on other sites More sharing options...
irwtonrs1 Posted August 22, 2018 Share Posted August 22, 2018 Pretty much all wrong 1 Quote Link to comment Share on other sites More sharing options...
Logicfury Posted August 22, 2018 Author Share Posted August 22, 2018 23 minutes ago, irwtonrs1 said: Pretty much all wrong All of it is wrong? It would be helpful if you elaborated 1 Quote Link to comment Share on other sites More sharing options...
packthebowlll Posted August 22, 2018 Share Posted August 22, 2018 Quote Link to comment Share on other sites More sharing options...
iMaHaTMai Posted August 22, 2018 Share Posted August 22, 2018 its 50/50 your either banned or your not 1 1 Quote Link to comment Share on other sites More sharing options...
IDontEB Posted August 22, 2018 Share Posted August 22, 2018 12 minutes ago, iMaHaTMai said: its 50/50 your either banned or your not i think it's 25/25/50, 25% chance to live if weath got his pecker wet the night before, 25% chance to get a 2 day if not and 50% chance to be banned any given time. 1 Quote Link to comment Share on other sites More sharing options...
Charlotte Posted August 22, 2018 Share Posted August 22, 2018 Good attempt to share your thoughts however there is more than just manual reviews. 1 Quote Link to comment Share on other sites More sharing options...
Logicfury Posted August 22, 2018 Author Share Posted August 22, 2018 12 minutes ago, Charlotte said: Good attempt to share your thoughts however there is more than just manual reviews. Do you think Jagex has machine learning algos in place to flag accounts that: 1) Don't exceed unreasonable total time online 2) Don't bot with broken scripts 3) Diversified accounts (quested, manually played etc) that are aged (1 yr +) 4) Don't bot from flagged computers The reason why I don't believe they have machine learning capabilities that flag accounts based on movement/clicks but rather have data scientists manually flagging accounts based on much more rudimentary metrics such as time online / exp efficiency / gold farming is I've had countless accounts click the same spot for hours on end (scripts that crash) and survive. Surely if they were using machine learning algorithms those accounts would never fly under the radar don't you think? Quote Link to comment Share on other sites More sharing options...
Knuckolls Posted August 22, 2018 Share Posted August 22, 2018 (edited) I'm sure that there is some merit to this thread and what you have stated. However... Do you have proof, like lets say you ran 200 bots using 4 different private scripts. Now on the account details tab when you see a manual ban you should be seeing this: therefore my question, with the amount of accounts that you tested your hypothesis with do you have any actual proof for this other than speculation? Edited September 14, 2018 by Knuckolls Quote Link to comment Share on other sites More sharing options...
Logicfury Posted August 22, 2018 Author Share Posted August 22, 2018 Just now, Knuckolls said: I'm sure that there is some merit to this thread and what you have stated. However... Do you have proof, like lets say you ran 200 bots using 4 different private scripts. Now on the account details tab when you see a manual ban you should be seeing this: therefore my question, with the amount of accounts that you tested your hypothesis with do you have any actual proof for this other than speculation? I think we have different definitions for what a manual ban consists in. I'm not talking about a mod teleporting next to you and banning you, but someone on the anti-cheat team reviewing your game data (one out of a batch) and concluding you are botting based on a judgement call. Quote Link to comment Share on other sites More sharing options...
Knuckolls Posted August 22, 2018 Share Posted August 22, 2018 (edited) On 8/22/2018 at 4:17 PM, Logicfury said: I think we have different definitions for what a manual ban consists in. I'm not talking about a mod teleporting next to you and banning you, but someone on the anti-cheat team reviewing your game data (one out of a batch) and concluding you are botting based on a judgement call. Therefore here's the type of message center you would receive for one of those judgement call bans as you have just stated: Edited September 14, 2018 by Knuckolls 1 Quote Link to comment Share on other sites More sharing options...