5 Account banned - on the same second. Help me find out what triggered that ban.

[randomstraw]

I'm trying to find out why those accounts were banned. If you have any idea, please go ahead and post. Thank you!
Do you see any pattern?


Facts:
Those 5 were running in it's each dedicated VM.
Those 5 had all been setup within different private VP_N all across my Country. (Fritz!VP_N, each bot had a different box counterpart)
Those 5 were currently doing different stuff, 3 were questing and 2 were farming Imperial Gardens.
1 of them was Ambush, 4 of them were Invasion.
3 accounts were registered on one @domain, 2 on another @domain
The accountnames were randomly chosen but made sense, like Karl, Chris, Jason etc - no GGHjh3tjklgh or the like.
2 were marauders, 3 were dullilists.
All of those accounts were involved in minor RMT - droptrades, guildstashes, face2face, all trades vs. crap items/low currency (example: bringer or rain for a stack transmutes or whetstones)

Do you think they got me at RMT? I doubt it. But I am not sure. Absolutely not. Opinions?

It is (in my eyes) impossible to link those accounts in any other manner than RMT, though. Different MACs, Different IPs, mostly different domains, different habits of botting (some 4 hours a day after 13 oclock, some in the evening, some in the morning, almost none in the night when peeps are sleeping)

I'm about to create new VMs and new Accounts right now. LMK if there is anything i have not thought of, if its something GGG could use, please do so via PM - or if that raises the risk for you, just give me a hint and keep it for yourself.

Neverneding Story. And I like it!





On the other Hand: another 5 Bots are still going strong right now. Same conditions (hardware) as the above ones.

And on a sidenote, they linked the accounts somehow. I have no idea how.

Your accounts are permanently closed due to us detecting the use of a third-party program on one or more of your accounts, which is against the Path of Exile Terms of Use.

and another edit: some "older" accounts i didn't use since ~2 weeks (which were totally untouched since then) are also banned now. I did not use any "old" bot version (that one that caused perma-flags) on any of the accounts. It seems they are still detecting something. *Banwave incoming* feed some trolls. *giggles*

 

[thunder]

This is what GGG been doing these days, especially on new accounts. All my new accounts have been banned or flagged before they can reach lvl50, some of them were totally by hand leveling.

 

[randomstraw]

This is what GGG been doing these days, especially on new accounts. All my new accounts have been banned or flagged before they can reach lvl50, some of them were totally by hand leveling.

those accounts are not created within the last 2 weeks
almost all account inhabits at least one char past level70

:/

 

[Vamp2613]

Sorry to hear. There is definitely a battle going on. I'm done botting for awhile. Had to take a break.

 

[isrv]

just got banned 4/4 this morning, hard to say what are they looking inside..

 

[babosasa]

wow, seriously?

 

[madarauchiha]

Maybe it's something to do with the game files. Perhaps the client stores a list of all accounts that have logged in through it. If you simply copied over the PoE files over to each VM, then each of them would be connected to each other that way, making it easier for GGG to track you down.

 

[randomstraw]

Maybe it's something to do with the game files. Perhaps the client stores a list of all accounts that have logged in through it. If you simply copied over the PoE files over to each VM, then each of them would be connected to each other that way, making it easier for GGG to track you down.

i created a clean vm where i copied my "natural" poe copy into. The one i also use with my "legit" accounts. None of those is affected.
I duplicated that VM and changed mac adresses, so all of them have the same "base". And i think i can say, no, they're not linked via this.

 

[Vamp2613]

I have a question about your legit accounts. Do you transfer currency or anything to them? Or between the botting accounts?

 

[randomstraw]

I have a question about your legit accounts. Do you transfer currency or anything to them? Or between the botting accounts?

Never. This would flag them and they would be done when a bot gets caught.

Also, i never exchanged anything ingame between those accounts. Might add that.

 

[Vamp2613]

Well I hope I don't get a ban then my legit account would be done

 

[darkbluefirefly]

yea you can spoof it can't you. and as far as I know I don't think they send hwid upon logon.

 

[babosasa]

even invasion league get banned, sorry about it

 

[Giwin]

there's only 1 spoofing software out there and can spoof your HWID (properly), but it's expensive like £100~

 

[pushedx]

I've not seen any client code that checks HWID. It's highly unlikely they request that info from the client during running as well. I've done quite a bit of packet capturing and never came across a random packet that looked to be of that nature.

Their code for login looks like this:

	ULONG outBufLen = 0;
	if(GetAdaptersInfo(NULL, &outBufLen) == ERROR_BUFFER_OVERFLOW)
	{
		IP_ADAPTER_INFO * buffer = (IP_ADAPTER_INFO *)malloc(outBufLen);
		if(GetAdaptersInfo(buffer, &outBufLen) == ERROR_SUCCESS)
		{
			std::vector<byte> macs;
			IP_ADAPTER_INFO * current = buffer;
			while(current != nullptr)
			{
				macs.insert(macs.end(), current->Address, current->Address + current->AddressLength);
				current = current->Next;
			}
			free(buffer);
			//Hash(macs.data(), macs.size());
		}
		else
		{
			free(buffer);
			// No mac hash data sent (all 0s)
		}
	}
	else
	{
		// No hash
		// No mac hash data sent (all 0s)
	}

That's all they are doing, but as I wrote about in another post, they've been doing it since early 2013 with the account security updates.

 

[babosasa]

the ban comes more often after this year ambush released

 

[Vamp2613]

Someone should try making an account in each league. One in hard-core, standard, ambush, and invasion. Maybe if the new leagues get banned faster than the normal leagues then we might be on to something. Has anyone been banned in standard or hardcore recently?

 

[pushedx]

Someone should try making an account in each league. One in hard-core, standard, ambush, and invasion. Maybe if the new leagues get banned faster than the normal leagues then we might be on to something. Has anyone been banned in standard or hardcore recently?

From what I've heard from people testing various things, they are still banning in Standard. Botting in normal Hardcore is pretty useless due to low population (botting is a lot more obvious). I don't know the current league numbers, but at any time, there can't be more than a few 1000 people playing regular HC.

New leagues obviously get the most attention though, since they are "fresh markets", and attract a lot of new RMT. I don't think it's a secret though, you would think GGG is working harder to keep the new leagues as clean as possible whereas a league like Standard, which is a dumping league, will always be lower priority unless leagues are over. That's not to say they aren't trying to keep it clean, but going after people in new leagues who are trying to profit is a lot more rewarding than people casually doing it in Standard (not saying only casual people do it in standard, but you get the point).

When people lose numerous accounts all at once, it's pretty much a give away GGG has tied all those accounts together somehow. Whether it's the trades you were doing, perhaps ip leakage from not making sure traffic leaves your real host, or something really specific they are checking, it's hard to say. If it were something specific to the bot, generally speaking, you'd think almost everyone would be affected at once, so I still feel they are just solving the problem in a way that is really hard to overcome unless you know exactly what they are doing. The fact some people still have accounts that survive just goes to show they are tying accounts together, but their methods aren't perfect (although they don't have to be really).

 

[darkbluefirefly]

I agree wih Pushedx. I've lost ovr 300~ accs and gone through shittons of ip, various theories, etc. And have generally nailed it down to what i was doing wrong. I'm at 25 acs atm running, and going back to 100~. I bot challenge league hardcore only.
Like Pushedx says, if they detected something, you would see people running 1 bot posting about their ban, seems like they are targeting multi botters and they might have flagged us back some time ago and have now started banning due to it being more efficient to ban latter after accounts are tied together in some way.

 

[Vamp2613]

I agree wih Pushedx. I've lost ovr 300~ accs and gone through shittons of ip, various theories, etc. And have generally nailed it down to what i was doing wrong. I'm at 25 acs atm running, and going back to 100~. I bot challenge league hardcore only.
Like Pushedx says, if they detected something, you would see people running 1 bot posting about their ban, seems like they are targeting multi botters and they might have flagged us back some time ago and have now started banning due to it being more efficient to ban latter after accounts are tied together in some way.

This could be very true. I've only botted one account at a time and all I've ever seen is currency flags. Which seem to happen a little more often in the latest patches