Jump to content
ChronicBot

Trouble with accounts getting locked. Any tips/advice?

Recommended Posts

I'm having an issue with my accounts getting locked after doing tutorial island. Is this caused by me creating the accounts with a different ip address than the proxy I'm using to bot on? If so how can I use my proxy to create the new accounts? Or is this issue caused by something else altogether? Do I need to link the accounts to actual emails so I can later unlock them? My plan is ultimately to sell these accounts, so I'm trying to learn the workaround for having an email set on account. Any help or advice will be greatly appreciated, thankyou in advance.

Link to post
Share on other sites

EDIT:

Yes I've been getting a lot of these lately, due to IP issues I'll try find a good workaround for these. Usually automatically logs me out and says go to the support centre to unlock accounts. Having a consistent IP as mentioned above ^ works best. There is no need to link emails, I don't think anybody does that these days, and selling accounts without an email is much easier ^^ :D

Edited by Czar
Link to post
Share on other sites
9 minutes ago, OSBOTRutger said:

The proxy that the account is played on should also be the proxy the account is created on. That should help alot for locked accounts

When I try to create an account while using my proxy it gives me "

Access Denied
Error 15
secure.runescape.com
2021-02-10 23:01:13 UTC

 

 

What happened?
This request was blocked by the security rules"
Link to post
Share on other sites
31 minutes ago, ChronicBot said:

When I try to create an account while using my proxy it gives me "

Access Denied
Error 15
secure.runescape.com
2021-02-10 23:01:13 UTC

 

 

What happened?
This request was blocked by the security rules"

This is a typical error message as a result of Incapsula (now known as Imperva); they're a third-party group hired by Jagex to help prevent mass account creations, DDOS, and other areas that were common targets on the website. You might be wondering, why not just cloudflare?

The answer goes much deeper; Imperva is able to provide a full on audit specific to a clients need and no one has really been able to decipher which traffic is flagged by them and which isn't, I believe Farmaton was close to cracking it but I never kept up. The best open source attempt I've seen at mitigation against Imperva's (current) security implemented on the OSRS website is this: https://github.com/ziplokk1/incapsula-cracker 5 years old, and outdated.

 

If anyone has better insights, do share!

Link to post
Share on other sites
6 minutes ago, BoostedMMO said:

This is a typical error message as a result of Incapsula (now known as Imperva); they're a third-party group hired by Jagex to help prevent mass account creations, DDOS, and other areas that were common targets on the website. You might be wondering, why not just cloudflare?

The answer goes much deeper; Imperva is able to provide a full on audit specific to a clients need and no one has really been able to decipher which traffic is flagged by them and which isn't, I believe Farmaton was close to cracking it but I never kept up. The best open source attempt I've seen at mitigation against Imperva's (current) security implemented on the OSRS website is this: https://github.com/ziplokk1/incapsula-cracker 5 years old, and outdated.

 

If anyone has better insights, do share!

Would making the accounts on my home ip then botting on them using the proxy get the same results? 

Link to post
Share on other sites
7 minutes ago, ChronicBot said:

Would making the accounts on my home ip then botting on them using the proxy get the same results? 

From what I have seen, the problematic portion is the account creation itself on the website. You need to be using a clean, residential proxy that won't randomly change after 5 minutes. Typically, if you stay within the same region with residential proxies and even datacenter proxies it should be fine.

Some have said that linking email helps to prevent these arbitrary lockings. I would also maybe try using bluestacks android emulator, download OSRS on the Google Play store, and link / create an account via a gmail. Something I haven't seen anyone try (I think). Maybe that could help with the locks! GL

  • Heart 1
Link to post
Share on other sites
1 hour ago, ChronicBot said:

I downloaded firefox and picked up the foxyproxy extension to use my proxy with.

With the new changes mentioned above with incapsula, you can't use Firefox to make accounts anymore as it seems it's forever stuck with the error 15 message no matter what you do.

Link to post
Share on other sites
25 minutes ago, Gunman said:

With the new changes mentioned above with incapsula, you can't use Firefox to make accounts anymore as it seems it's forever stuck with the error 15 message no matter what you do.

I'm currently making the accounts with Bluestacks emulator. I just created 30 new accounts and I'm running them through tut island now. Hopefully this workaround does the trick.

  • Heart 1
Link to post
Share on other sites
1 hour ago, ChronicBot said:

I'm currently making the accounts with Bluestacks emulator. I just created 30 new accounts and I'm running them through tut island now. Hopefully this workaround does the trick.

Keep us posted. 

Sometimes the default bluestacks might be hardcode flagged by Jagex so if that doesn't work, there is a way to alter the default settings to make the phone that is emulated completely different versus the 7 that are included with Bluestacks. (Example: Emulating as a Samsung Galaxy S21, which isn't in the BS profiles and therefore less likely to be a hardcoded flag).

I mention hardcode flag multiple times because after the notorious "Sir Pugger" video, only then did we realize Jagex had been profiling BS users extensively and mass banned nearly everyone that was online. It was rather odd, as if you had been botting 2 weeks straight before that, logged out 30 minutes before the massbanning occurred, you would be "safe". One of the more bizarre events I recall for sure. To anyone reading this, please do your own due diligence, I'm personally not a fan of such anecdotal evidence (yes, even my own). Take it for what it's worth.

It might also be important to reset your advertising ID (unique to your Google Play account), this is the main way they will flag multiple accounts of yours- by linking each to the same ID. There are a number of rather easy metrics that they can use for fingerprinting and it might be cumbersome to dodge them in the long run. I do not believe this ID updates upon simply switching Gmails, so another method has to be utilized.

But for now, good news. GL.

Edited by BoostedMMO
Link to post
Share on other sites
5 hours ago, BoostedMMO said:

Keep us posted. 

Sometimes the default bluestacks might be hardcode flagged by Jagex so if that doesn't work, there is a way to alter the default settings to make the phone that is emulated completely different versus the 7 that are included with Bluestacks. (Example: Emulating as a Samsung Galaxy S21, which isn't in the BS profiles and therefore less likely to be a hardcoded flag).

I mention hardcode flag multiple times because after the notorious "Sir Pugger" video, only then did we realize Jagex had been profiling BS users extensively and mass banned nearly everyone that was online. It was rather odd, as if you had been botting 2 weeks straight before that, logged out 30 minutes before the massbanning occurred, you would be "safe". One of the more bizarre events I recall for sure. To anyone reading this, please do your own due diligence, I'm personally not a fan of such anecdotal evidence (yes, even my own). Take it for what it's worth.

It might also be important to reset your advertising ID (unique to your Google Play account), this is the main way they will flag multiple accounts of yours- by linking each to the same ID. There are a number of rather easy metrics that they can use for fingerprinting and it might be cumbersome to dodge them in the long run. I do not believe this ID updates upon simply switching Gmails, so another method has to be utilized.

But for now, good news. GL.

Out of the 38 accounts I made by signing up with the help of BlueStacks only 3 ended up locked after tut island. :)

Link to post
Share on other sites
15 hours ago, BoostedMMO said:

Keep us posted. 

Sometimes the default bluestacks might be hardcode flagged by Jagex so if that doesn't work, there is a way to alter the default settings to make the phone that is emulated completely different versus the 7 that are included with Bluestacks. (Example: Emulating as a Samsung Galaxy S21, which isn't in the BS profiles and therefore less likely to be a hardcoded flag).

I mention hardcode flag multiple times because after the notorious "Sir Pugger" video, only then did we realize Jagex had been profiling BS users extensively and mass banned nearly everyone that was online. It was rather odd, as if you had been botting 2 weeks straight before that, logged out 30 minutes before the massbanning occurred, you would be "safe". One of the more bizarre events I recall for sure. To anyone reading this, please do your own due diligence, I'm personally not a fan of such anecdotal evidence (yes, even my own). Take it for what it's worth.

It might also be important to reset your advertising ID (unique to your Google Play account), this is the main way they will flag multiple accounts of yours- by linking each to the same ID. There are a number of rather easy metrics that they can use for fingerprinting and it might be cumbersome to dodge them in the long run. I do not believe this ID updates upon simply switching Gmails, so another method has to be utilized.

But for now, good news. GL.

Update, woke up this morning an all the accounts are locked. RIP.

 

I've seen people say that the only real way to make accounts now without it getting locked is to make it off your own home ip? Is that safe? Could I just reset my home IP make like 50 accounts, then use my proxy to bot them?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...