Hey guys, Tensta here. Back from 2 days of hard work trying to solve my issues regarding botting and I had yet still not solved my issue, i'd like to recap and share you guys what I've experienced and what I've done so far. I'd like to hear a discussion and your feedback about this, I've been enjoying reading the last 2 pages of this thread, you guys have some serious valuable feedback! I am getting tired of reading from people that hasn't experienced anything and keeps spamming the obvious common solutions that I have done over and over again as you will read further below. Back to me and my experiences:
Since february-ban wave: 6 accounts have been banned. They have been running one-by-one. The way these bans are characterised is that I get PERMANENTLY CLOSED and I receive NO mail on the WoW account mail of any explanation or reason - just banned.(I don't think I am flagged, I am in a far worse position - Blizzard knows who I am 100%.) From the february-ban wave till now I have done the following(in no specific prioritised order):
Reinstall WoW everytime I received the ban-hammer.
Reinstalled Windows on my PC and my laptop
Resetted my router between botting sessions
Changed my MAC
Changed my HWID
Changed my VolumeID
Used a VPN (I can't change my public IP-address, tried that as well)
Removed my WoW and Bnet registry keys on my PC
Created a new mail every time I created a new bot
Added human behaviour and general preventive-ban botting behaviour while botting
Reduced the amount of time I've botted
Used different botting profiles.
None of the following attempts to avoid getting banned has helped. I always get banned in the morning around 9 AM, logically where Blizzard employees work. I agree with pimpampum and defnottabot that 1) Blizzard have changed their way to handle botting and how they ban. 2) Their theories of how they might flag players. 3) New WoW accounts from battle-net chests that bots instantly gets banned/flagged faster.
I'd like to add my latest new attempt to prevent getting banned. I have always logged in with my main account, and I have never botted with it since 2012, so it has only been used as the gold receiver. My theory is that Blizzard knows that this account is ME, and they know that I am NOT botting on it but I am using it to trade mats and so on with. Instead of banning me they keep my main acc flagged and everywhere I login makes the PC flagged. I realised that at all times I have always logged in with my main battle.net acc when I wanted to download WoW again and I often logged in to my WoW acc as well just to play the game which added the acc to the WTF folders. I have now tried to do most of the stuff as listed above again, but this time I completly not log in with my main battle.net acc but only with a new one.(I am using my public IP-address again. No VPN, in my experience changing your IP-address with a VPN does not have ANY effect or solution to the problem of botting.) I'll tell you guys how it goes, and I'll join this debate seems like it has been very constructive the recent pages. Keep it up guys, thanks for everything so far.
Added note: If this bot gets banned, I am convinced that the following theory of: 3) New WoW accounts from battle-net chests that bots instantly gets banned/flagged faster is something that is becoming a reality. That would be my next move I guess.
Tensta
Thanks for contributing, man. We gotta at least let our lost money in accounts go to something, right?
Just a couple of thoughts/comments:
The perma ban, in my experience and searching forums, means someone manually reported you via nastygram to
[email protected]. Do you happen to be playing on the same server every time? Can I get your start up strategy? Do you change your start up strategy?
Mine is one of two paths:
100 char boost
98 DH - 110 via Auto-Loader
StarlightRose -> 200k for gear/bloods/oblit -> 10/10 oblit gear
Millz BG Farmer -> Prestige 8+ / 2 legendaries
Combat Routine
OR
100 char boost
98 DH - 110 via Auto-Loader
Millz BG Farmer -> Prestige 8+/ 2 legendaries
Combat Routine
I have done the same thing every time I've started back up. Knowing more about your activity and patterns would help a lot. Let me know if you'd like me to trade with your gold farmer to see if it flags me on a fresh botting account. I find it hard to believe that they have a leaf node set up for known gold storage accounts, that seems like it'd be way more trouble than it's worth. One thing I can think of is that there is a filter on this report to exclude older accounts from getting flagged. Which, would make sense if you think about it. Newer users shouldn't be hardcore, but a 5+ year old account with many acheivs, feats of strength, etc could definitely be hardcore and play 24/7.
Now, I know playtime can't be the only thing they're looking at. I encourage all those affected to share your routines, activities, specifically surrounding these fast-ban accounts that are happening. We might be able to do something with the data. I know it's very tinfoil hat, but if we can back it up with controlled tests, it may not be gospel, but it could help people.
If I'm not banned tomorrow, I'd say it's safe to say the following:
Blizz is selecting accounts where DaysSinceCreation < 3 and playtime > X. I'll explain more on why I think this after I see what happens. If I'm right, all you have to do is not play new accounts for 3 days and then open the flood gates. There are likely other specific selects for obvious botting that they generate automated investigation tickets for their "GMs." I would be willing to bet money that this is part of the initiative to ***** down on botters. If you think about it, it's a serious concern, as a buddy of mine just bought HB for $25 to get enough gold for Overwatch and now he's done and doesn't even play WoW anymore. Imagine how many other people are doing that same thing right now. It would make sense for the budget to be approved to start flagging accounts based on activity.
I do not believe Blizzard uses IP/MAC address for flags. Again, further testing should prove/disprove this. The reason I say IP is that your IP will change during the DHCP handshake between your router and your ISP when your DHCP lease is renewed (default is 24 hours). Your HWId is also not PROOF that you're botting. It's not useful to pinpoint specific accounts that you've attached a bot to. This means that a query that looks like this would have more "noise" or false positives. More false positives = more time wasted investigating accounts that you could better identify through criteria I mentioned above. Also, I've used different PHYSICAL servers for botting every time I've been banned, so I know the HWID is changing
I think they've got a new slew of queries that are targeting obvious botting behavior and I think this is the fist time they've done something like this or at least actioned it in real time instead of saving them up for a wave. Another example would be geolocation to ***** down on people using VPNs or "account sharing," flagging it for an investigation. Doing a select for different IP wouldn't be too terribly helpful, BUT if you looked for : select Accounts where count(distinct SUBSTRING(IP,0,5)) > 2, meaning the first 5 characters in the IP are different, indicating a different geolocation (dumbed down example). Another flag could be related to people who have bought wow tokens.
Another idea is that these flags may be triggering an on-demand scan. I've heard a lot about the "green circle of death" and I've seen the same damn circle. I've seen it several times since February and NEVER saw it before. No, I'm not changing the client, no the client wasn't repairing, no I've never seen that damn circle before. I've also noticed right before a ban I start getting performance problems within HonorBuddy, similar to what I'd expect if a virus suite hit it with a memory scan. Those of your reading and wanting to contribute, tell me if you've seen a correlation between a green circle in the upper middle of your wow client and getting banned shortly thereafter or if you noticed some unexplainable "lag" within HonorBuddy/Wow client before you got banned. An explanation for this could be that the type of scan they're running causes client contention and they only want to scan those that are flagged for potential botting. Other companies do detection this same way.
If I'm right, I'm sure this is just the beginning. They probably are running ~5 reports to action (for some reason people like the number 5 in rollouts like these). With more information, we might be able to figure out what kind of activity they are targeting, but I bet you money they'll add more reports after the slideshow they show to management conveys the results they're looking for.
Credentials:
Sr Solutions Architect
Lead Data Architect in Security
Service Delivery Manager - Global Support Operations
10+ years as a Software Engineer
Thank you,
defnottabot
