Northdale Warden scanning for hardware?

[LukeJudd 6]

Wrobot isnt detected, and they definitely arent scanning hardware. Again, I had no problems until I made a mistake and revealed several accounts on my native IP. Suddenly they could track down my accounts instantly, despite all precautions being taken exactly the same. I'm going to try just running 2-4 at a time / spoofing mac address and see if that makes a difference - will update here.

Edit: c'mon guys, no need for personal attacks. We are all on the same side here. Just because people are having slightly different experiences doesn't mean they are lying.

Edited July 16, 2018 by LukeJudd

[Matenia 620]

Just fyi, I've personally seen proof that Ordush is botting 10 at a time, so he is not making this up. I understand his reasons for now wanting to show off what he does. So you'll have to take our word for it - and like he said, focus on finding out what you have in common.

Do you start all bots at the same time? Do all of them run the same profile (or large overlap), do you create them all around the same time? Any pattern(s) in your email address names? 
Use a browser in a VM in incognito mode with a VPN to create accounts. Proxies have headers that will sometimes leak your real IP. Probably not true for socks5, definitely true for HTTP proxies. 

[Bambo 148]

Can confirm that Ordush is botting mass bot amounts like 10+ and is not getting hit by wavebans at all.

 

Still no solution. Only thing that works for me is keep overall bot count low. 

[maylu 14]

It's 95% reports, 5% anti-hack GM flying around, and checking on people (including float hackers aoe in dungeons, etc)

[itsalex 1]

Most of the people use proxifier I guess, anyone know if it's using some kind of kill feature to the real IP? That can be the cause why it's leaking real IP at some point.

I remember using OpenVPN for some other game project I had and we had a built in kill feature so there was no way the real IP couldn't get leaked. Doesn't seem proxifier has this feature

[Bambo 148]

I use proxycap. Still got mass banned many times.

Also it is not 95% reports. All accounts gone in the same Minute and Multibot ban as reason. That is not because of reports.

[tonycali 24]

proxycap as well 

[Bambo 148]

1 hour ago, tonycali said:

proxycap as well 

you say that proxycap is leaking the ip? and if so, whats your advice?

[Ordush 184]

I don't think you understand what he means by "leaking your ip".
He means that you risk that the program crashes or loses connection to the ip you are using.
And thereby leaking your IP. HOWEVER that is not the case with wow, because if you lose your interne connection while on a wow server, you will get disconnected from the server.
However if you use a relogger, and your program crashes then it will log on with your own IP. (Leak of your IP). However i am yet to see proxycap crash. and if the connection to the IP you provided in proxycap is lost, then you won't even be able to connect to the server.

[Ivkan1997 1]

Im following this thread from beginning, and would like to mention to stop attack eachother, we are all in same sh*t..

Proxycap can crush sometimes but it doesnt let you log into game then. So personally I think there is no IP leak...

Try to avoid logging on mutliple accounts at once...

Im usually botting 20 accounts on warmane and experienced around 6-7 banwaves, some accounts had 120 DAYS (24/7) without ban!!

Take care of your played and dont go straight too many hours, dont log all of your 20 accounts at same time, get some plugis to see whispers from players etc...

And yeah seems like this realm from original post have some serious GMs who are not lazy, and watching all by their eyes. How much time it takes for you to see someone is boting? Answer is like 3-5 secs...

Keep it up and talk about your results and oponions. ?

[Bambo 148]

23 minutes ago, Ivkan1997 said:

Im following this thread from beginning, and would like to mention to stop attack eachother, we are all in same sh*t..

Proxycap can crush sometimes but it doesnt let you log into game then. So personally I think there is no IP leak...

Try to avoid logging on mutliple accounts at once...

Im usually botting 20 accounts on warmane and experienced around 6-7 banwaves, some accounts had 120 DAYS (24/7) without ban!!

Take care of your played and dont go straight too many hours, dont log all of your 20 accounts at same time, get some plugis to see whispers from players etc...

And yeah seems like this realm from original post have some serious GMs who are not lazy, and watching all by their eyes. How much time it takes for you to see someone is boting? Answer is like 3-5 secs...

Keep it up and talk about your results and oponions. ?

They dont ban each bot individually. I watched it happen. Loading screen in all of my chars. Basically at the same time. Say Hello to GM Box.

[Ivkan1997 1]

1 hour ago, Bambo said:

They dont ban each bot individually. I watched it happen. Loading screen in all of my chars. Basically at the same time. Say Hello to GM Box.

They can flag your account, and ban them all at once in "banwave" so you can think they have somekind of system for instant ban.

Have anyone tried to bot multiple accounts on 2 seperate pc with different IP and proxies ( I belive some of you have more than 1 router at home )?

Try to put few character only to stand still in game for hours and see if they track wrobot somehow.

If that pass, try to put them only walk a bit every minute around some area without doing anything, if that pass do something more and see when you will be caught...

I cant do it by myself because I still dont have downloaded that wow client...

[LukeJudd 6]

People are still missing the issue here. They 100% have some way to connect the botting accounts together. I accidentally logged an account in from my native IP while 6 other bots were running properly through proxies. 10 min later the revealed account and all bots that had been running at the time were DCD and banned at the same time. 

[milkme 0]

"Have anyone tried to bot multiple accounts on 2 seperate pc with different IP and proxies ( I belive some of you have more than 1 router at home )?"

Yes, I had multiple machines running on different routers, different proxies.

On my main machine I had 6 bots running, they got wavebanned 3 times each time different proxies, however 1 character survived the very first wave because I stopped botting with it shortly before the wave, so it wasn't flagged.

The other machine had 8 bots running and they all survived.

I believe one banwave was caused by proxycap actually crashing and me not noticing as at some point I think it wasn't on, maybe I even fucked something up myself, but that was before the banwaves so my memory on that isn't so clear. As long as proxycap is running the proxies can go down no problem, it won't let you log in because the proxycap rule still tries to send you through the proxy, but if proxycap itself is down then there are no rules active unless you somehow block the respective wow.exe's through other means.

If it was anything other than this extremely weird pattern, multiple of my batches created through different IPs, different browsers, different e-mail providers, different name/password patterns being banned exactly at the same time every time, even if one was lvl 6 and the other lvl 14, if it really would be anything else, I would just blame reports and GMs manually catching me.

The only other theory I have right now is that my first waveban was me fucking up somehow or proxycap crashing and at the same time GMs decided to go hard on starting/early areas, maybe checking obvious points that maybe I shouldn't mention here and then flagging accounts but waiting deliberately to teleport and ban all at the same time then taunting us to make us think that they have a way to connect the accounts, but what really happens is just that they catch all our bots manually because as we remake them they just have to look at the starting areas and re-flag them. The bots on my other machines however wouldn't have been touched by me fucking up/proxycap crashing and they wouldn't be in the areas that the GMs are focusing on, creating the illusion that they got my machine fingerprinted. Then they stopped that at some point and now that we only run 2 and are fine we think it has something to do with them having a way to connect the accounts. So overall just bad timing.

That theory however would not explain people being banned for multiboxing rather than botting(unless the GMs do that deliberately aswell)or people still being wavebanned right now even when people like Ordush never got hit by a wave.

[Ordush 184]

4 minutes ago, milkme said:

"Have anyone tried to bot multiple accounts on 2 seperate pc with different IP and proxies ( I belive some of you have more than 1 router at home )?"

Yes, I had multiple machines running on different routers, different proxies.

On my main machine I had 6 bots running, they got wavebanned 3 times each time different proxies, however 1 character survived the very first wave because I stopped botting with it shortly before the wave, so it wasn't flagged.

The other machine had 8 bots running and they all survived.

I believe one banwave was caused by proxycap actually crashing and me not noticing as at some point I think it wasn't on, maybe I even fucked something up myself, but that was before the banwaves so my memory on that isn't so clear. As long as proxycap is running the proxies can go down no problem, it won't let you log in because the proxycap rule still tries to send you through the proxy, but if proxycap itself is down then there are no rules active unless you somehow block the respective wow.exe's through other means.

If it was anything other than this extremely weird pattern, multiple of my batches created through different IPs, different browsers, different e-mail providers, different name/password patterns being banned exactly at the same time every time, even if one was lvl 6 and the other lvl 14, if it really would be anything else, I would just blame reports and GMs manually catching me.

The only other theory I have right now is that my first waveban was me fucking up somehow or proxycap crashing and at the same time GMs decided to go hard on starting/early areas, maybe checking obvious points like quest mobs that bots would be waiting at, the tram etc. etc. etc. and then flagging accounts but waiting deliberately to teleport and ban all at the same time then taunting us to make us think that they have a way to connect the accounts, but what really happens is just that they catch all our bots manually because as we remake them they just have to look at the starting areas re-flag them. The bots on my other machines however wouldn't have been touched by me fucking up/proxycap crashing and they wouldn't be in the areas that the GMs are focusing on, creating the illusion that they got my machine fingerprinted. Then they stopped that at some point and now that we only run 2 and are fine we think it has something to do with them having a way to connect the accounts. So overall just bad timing.

That theory however would not explain people being banned for multiboxing rather than botting(unless the GMs do that deliberately aswell)or people still being wavebanned right now even when people like Ordush never got hit by a wave.

I believe in your second theory. I also think that the GM's just write "Mutlibotting" on almost every account they ban. ?

[mutolisk 0]

Got ban right now at 23 lvl. Have only one bot account. Want use it for playing by myself at 60.

I think i got it because of player reports. I think all GM stuff have all charachters statistics. 

For example if i have at least 2 reports GM just check my finishing quests and killed mobs and then give me a ban without porting to GM room. 

Or maybe they just watch another table that show all players online and there mobs killed or online time, randomly check it and if it confirmed they give a ban.

 

 

[Ordush 184]

9 minutes ago, mutolisk said:

Got ban right now at 23 lvl. Have only one bot account. Want use it for playing by myself at 60.

I think i got it because of player reports. I think all GM stuff have all charachters statistics. 

For example if i have at least 2 reports GM just check my finishing quests and killed mobs and then give me a ban without porting to GM room. 

Or maybe they just watch another table that show all players online and there mobs killed or online time, randomly check it and if it confirmed they give a ban.

 

 

I think that you are way overthinking this.
You probably got reported, they checked you out, banned you..

[pakux 0]

just for you guys to clearify a bit

i am botting with around 10 accounts (a private bot programmed by myself)

all accounts suddenly were teleported to GM Island (and i saw alot more people there)
With one char i talked to the GM and he just insta banned me.
Then i tried to log them out instantly ==> 6 out of 8 accounts were banned by hand (one by one)
With the other two i logged in and instantly hearthed away ==> no ban yet, but GM whispered me how i got to GM Island
==> i told him i dont know, something crashed and boom i was there, ==> he said it is weird because he has no "notes" on that account so i can continue playing
heres a screenshot of that conversiation:
https://imgur.com/a/3dDWOvt

how did they detect me? i am botting on the same IP

[itsalex 1]

9 minutes ago, pakux said:

just for you guys to clearify a bit

i am botting with around 10 accounts (a private bot programmed by myself)

 all accounts suddenly were teleported to GM Island (and i saw alot more people there)
 With one char i talked to the GM and he just insta banned me.
 Then i tried to log them out instantly ==> 6 out of 8 accounts were banned by hand (one by one)
With the other two i logged in and instantly hearthed away ==> no ban yet, but GM whispered me how i got to GM Island
==> i told him i dont know, something crashed and boom i was there, ==> he said it is weird because he has no "notes" on that account so i can continue playing
heres a screenshot of that conversiation:
https://imgur.com/a/3dDWOvt

how did they detect me? i am botting on the same IP

??

They detected you cause you play with 10 accounts from the same IP, then the GM who banned you might've lost track of the last connected characters and you ended getting away.

[maylu 14]

21 hours ago, LukeJudd said:

People are still missing the issue here. They 100% have some way to connect the botting accounts together. I accidentally logged an account in from my native IP while 6 other bots were running properly through proxies. 10 min later the revealed account and all bots that had been running at the time were DCD and banned at the same time. 

Are the accounts being created on separate IPs as well? IP is logged into their database when the account is created. Depending on their GM policies any IP that account is attached to will be banned.

 

On 7/16/2018 at 2:21 AM, Bambo said:

I use proxycap. Still got mass banned many times.

Also it is not 95% reports. All accounts gone in the same Minute and Multibot ban as reason. That is not because of reports.

Hopefully you're tunneling with puTTy and proxycap, and that the program will only accept a connection from an assigned IP through proxycap, which I'm going to assume you have done. If not, I would look into doing this. 

Depending on the investigation and procedures of the private server, they may log all bans at once. You see this happen on servers such as Paymane (Warmane). The reason behind this is to prevent botters and hackers from trying to save the account or log out and change the IP the account connects with. I can tell you without a doubt that almost all bot bans are caused by player reports or flags generated by their anti-cheat (or manual server queries for previously banned IPs) that require manual review from previously banned IPs.

 

7 hours ago, milkme said:

I believe one banwave was caused by proxycap actually crashing and me not noticing as at some point I think it wasn't on, maybe I even fucked something up myself, but that was before the banwaves so my memory on that isn't so clear. As long as proxycap is running the proxies can go down no problem, it won't let you log in because the proxycap rule still tries to send you through the proxy, but if proxycap itself is down then there are no rules active unless you somehow block the respective wow.exe's through other means.

There are many ways to block your wow.exe from connecting with your IP using puTTy/proxycap. Some quick Google searches will answer this.

[Ordush 184]

1 hour ago, maylu said:

Are the accounts being created on separate IPs as well? IP is logged into their database when the account is created. Depending on their GM policies any IP that account is attached to will be banned.

 

Hopefully you're tunneling with puTTy and proxycap, and that the program will only accept a connection from an assigned IP through proxycap, which I'm going to assume you have done. If not, I would look into doing this. 

Depending on the investigation and procedures of the private server, they may log all bans at once. You see this happen on servers such as Paymane (Warmane). The reason behind this is to prevent botters and hackers from trying to save the account or log out and change the IP the account connects with. I can tell you without a doubt that almost all bot bans are caused by player reports or flags generated by their anti-cheat (or manual server queries for previously banned IPs) that require manual review from previously banned IPs.

 

There are many ways to block your wow.exe from connecting with your IP using puTTy/proxycap. Some quick Google searches will answer this.

This about sums up what I've been saying. ?

[LukeJudd 6]

2 hours ago, maylu said:

Are the accounts being created on separate IPs as well? IP is logged into their database when the account is created. Depending on their GM policies any IP that account is attached to will be banned.

 

Hopefully you're tunneling with puTTy and proxycap, and that the program will only accept a connection from an assigned IP through proxycap, which I'm going to assume you have done. If not, I would look into doing this. 

Yes all accounts are being created through a VPN with a different IP per account.

 

I am not familiar with puTTy, is it necessary to use along with proxycap?

[inselmann 28]

Guys if you run through vpn and want to avoid any ip leaks at all,
you should use permanent route tables in windows.
You dont expose your real ip, not even a millisecond...

This is an example:

We use different metric, 0.0.0.0 goes to nirvana when the connection is lost
if your connection to the vpn is active, in my case: 111.111.111.111
you will talk to the internet and you can bot. If the connections drops
no data is communicated with the outside world.

route -p add 111.111.111.111 mask 255.255.255.255 192.168.0.1 metric 2
route -p add 8.8.8.8 mask 255.255.255.255 192.168.0.1 metric 1
route -p add 8.8.4.4 mask 255.255.255.255 192.168.0.1 metric 1
route -p add 192.168.0.0 mask 255.255.255.0 192.168.0.1 metric 1
route -p delete 0.0.0.0
route -p add 0.0.0.0 mask 0.0.0.0 192.168.0.244 metric 5

111.111.111.111 = VPNIP

Please dont play around with route tables if you dont understand my example.
Just my 2 cents to permanently avoid any ip leaks
Kind Regards

[inselmann 28]

Just to give you some more ideas about fingerprints:

SID:
****

How to get this value?
cmd
wmic useraccount where name='Admin' get sid

How to change?
Website
http://www.stratesave.com/html/sidchg.html
SIDCHG64 /F /R

UUID:
*****

And my other thoughts, HWID is one thing...that value changes after reinstall,
i am not sure what info they can gather, but other games i bot can gather UUID.

UUID does not change when reinstall windows, its a value from the BIOS.

You can test it:

cmd as admin
and enter
wmic CsProduct Get UUID

Generate:
https://www.uuidgenerator.net/version-nil
Boot from usb dos:
amidmi.exe /U "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
(Dont play around with it, it must be flashed to bios.)

But i guess it is enough to change HWID and MAC Spoof and avoid ip leaks through vpn.
Best regards

[LukeJudd 6]

21 minutes ago, inselmann said:

Just to give you some more ideas about fingerprints:

SID:
****

How to get this value?
cmd
wmic useraccount where name='Admin' get sid

How to change?
Website
http://www.stratesave.com/html/sidchg.html
SIDCHG64 /F /R

UUID:
*****

And my other thoughts, HWID is one thing...that value changes after reinstall,
i am not sure what info they can gather, but other games i bot can gather UUID.

UUID does not change when reinstall windows, its a value from the BIOS.

You can test it:

cmd as admin
and enter
wmic CsProduct Get UUID

Generate:
https://www.uuidgenerator.net/version-nil
Boot from usb dos:
amidmi.exe /U "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
(Dont play around with it, it must be flashed to bios.)

But i guess it is enough to change HWID and MAC Spoof and avoid ip leaks through vpn.
Best regards

I wish I understood just 10% your acronyms ?

Thanks for the info though man, most likely very helpful.