Bambo 148 Posted July 12, 2018 Share Posted July 12, 2018 My theory with the account creation is broken because 3 Accounts that were created on real world with real different IPs were banned. All at the same time. I think they detect the botting in the logs Maybe. Also. Same for me i have an account that seems invisible to them. Not created by me. Botted on socks5. Survived 4 mass bans. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45499 Share on other sites More sharing options...
milkme 0 Posted July 12, 2018 Share Posted July 12, 2018 @Itsalex I was talking about maybe the browser being able to see it but I mean that's not even the same layer, doesn't mean they can't identify your browser fingerprint but Matenia already talked about that. And yeh the client as discussed is just any old wow client not their specific one. Throws me back to square one. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45500 Share on other sites More sharing options...
CocoChanel 63 Posted July 12, 2018 Author Share Posted July 12, 2018 Check original post. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45503 Share on other sites More sharing options...
Zandarus 0 Posted July 12, 2018 Share Posted July 12, 2018 Am I relatively safe by botting with ONLY questing profiles? (and using the best ones?) I just bought this product and I'm starting to wonder if it was worth it if all you guys are getting banned... Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45504 Share on other sites More sharing options...
itsalex 1 Posted July 12, 2018 Share Posted July 12, 2018 1 hour ago, CocoChanel said: Check original post. "After speaking with some people who have experience with the Lightshope system and know how it works, I can confirm that they are using a fingerprint system, but I am still unsure if it is in the website or in the Warden, but I assume its in the warden." Pretty decent information, I'd figure they'd use something like this, first step is to create accounts with unique fingerprints I guess, if we still end up getting shit on it's time to start looking on virtualization Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45506 Share on other sites More sharing options...
Bambo 148 Posted July 13, 2018 Share Posted July 13, 2018 How do we keep those fingerprints unique? Did you try? Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45509 Share on other sites More sharing options...
tonycali 24 Posted July 13, 2018 Share Posted July 13, 2018 whisper me the email provider u used at chara creation i think this is one of the problems if not thee. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45510 Share on other sites More sharing options...
CocoChanel 63 Posted July 13, 2018 Author Share Posted July 13, 2018 Update 2, check original post Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45511 Share on other sites More sharing options...
Matenia 628 Posted July 13, 2018 Share Posted July 13, 2018 Warden seriously can't scan for anything that could create a fingerprint. At most, they can check which addons (by name) are active, I think. MAYBE they can check for a list of drivers or something? I'm unsure of the exact capabilities of vanilla warden. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45512 Share on other sites More sharing options...
CocoChanel 63 Posted July 13, 2018 Author Share Posted July 13, 2018 I'm very sure that they can scan your LAN. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45513 Share on other sites More sharing options...
Matenia 628 Posted July 13, 2018 Share Posted July 13, 2018 Just now, CocoChanel said: I'm very sure that they can scan your LAN. I'm 99% sure they cannot. Even if they could, it doesn't tell them anything. Or are you implying they could scan for the MAC address of your network adapter? That can "easily" be spoofed.https://en.wikipedia.org/wiki/MAC_spoofing Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45514 Share on other sites More sharing options...
itsalex 1 Posted July 13, 2018 Share Posted July 13, 2018 It's also possible they might see what port you're using, so if you're using a SOCKS5 proxy with default port 1080 it's pretty obvious you're using a proxy to bot on Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45515 Share on other sites More sharing options...
CocoChanel 63 Posted July 13, 2018 Author Share Posted July 13, 2018 Maybe that will work, idk, all I know is that I have talked with staff from the server and they told me that this is how they catch botters, but there might be more to it. Yesterday I tried botting 3 accounts on 3 different proxies and the internet I was using was from my iPhone, after 1 hour all my characters got ported to GM island and banned. Now I am using my own network from home, and it seems to go fine Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45516 Share on other sites More sharing options...
CocoChanel 63 Posted July 13, 2018 Author Share Posted July 13, 2018 1 minute ago, itsalex said: It's also possible they might see what port you're using, so if you're using a SOCKS5 proxy with default port 1080 it's pretty obvious you're using a proxy to bot on Maybe, but people are getting banned in waves Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45517 Share on other sites More sharing options...
Bambo 148 Posted July 13, 2018 Share Posted July 13, 2018 Used many 1080 socks5. All dead. But my one survivor is on 1080 too and survived multiple waves. Also I doubt they ban by Mac or hwid. That would mean my survivor should be gone long Time ago. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45518 Share on other sites More sharing options...
LukeJudd 6 Posted July 13, 2018 Share Posted July 13, 2018 11 hours ago, Zandarus said: Am I relatively safe by botting with ONLY questing profiles? (and using the best ones?) I just bought this product and I'm starting to wonder if it was worth it if all you guys are getting banned... Its got nothing to do with that. They are detecting a connection between multiple bots and the individual's hardware/software used to bot them. If you haven't been hit with a ban before, you should be fine. At the moment, I am unable to get out of valley of trials without getting every bot banned, and that is all quests. Used many 1080 socks5. All dead. But my one survivor is on 1080 too and survived multiple waves. Also I doubt they ban by Mac or hwid. That would mean my survivor should be gone long Time ago. I too have had random survivors of ban waves, with nothing obvious differentiating them from the accounts that got banned. Perhaps they leave a survivor to maintain the link between you and future bots you create? Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45522 Share on other sites More sharing options...
Bambo 148 Posted July 13, 2018 Share Posted July 13, 2018 Not a Bad theory. So many speculations. We need to start finding answers. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45523 Share on other sites More sharing options...
milkme 0 Posted July 13, 2018 Share Posted July 13, 2018 Well they didn't leave me any survivor. Blizzards Warden used to scan window/process names and hash them then compare the hashes, but that was on what?Windows XP?I don't know if those old methods still work. As I understand it if they wanted to run their own custom made warden module they'd have to give you a custom client too? Anything can be a fingerprint if it's hashed, as long as the input data is variable enough for there to be no false positives, but I don't know what else the old warden can scan if they can even use that. Maybe they are just manually catching all the accounts, then wave-ban them and taunt us to make us think they have a link between accounts(in the GM room there is an NPC called "We see more than you think" and the GM says stuff like "Oh you are running a lot of bots"). Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45524 Share on other sites More sharing options...
Bambo 148 Posted July 13, 2018 Share Posted July 13, 2018 They have links between the accounts . They are not bluffing. They know for sure Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45525 Share on other sites More sharing options...
shadydealer 3 Posted July 13, 2018 Share Posted July 13, 2018 I found myself to be completely fine with up to 3 clients from the same pc. If I go over that treshold, bans come flying in even in starting zones. Method accounts were created didn't matter, under VPN, normal IP, proxy no difference. They basically must have a way to find out how many clients from the same PC are connected. Plus my theory about the proxies being flagged still stands, as I didn't receive any mass bans while under a VPN. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45526 Share on other sites More sharing options...
Nostradamus 2 Posted July 13, 2018 Share Posted July 13, 2018 2 hours ago, milkme said: Well they didn't leave me any survivor. Blizzards Warden used to scan window/process names and hash them then compare the hashes, but that was on what?Windows XP?I don't know if those old methods still work. As I understand it if they wanted to run their own custom made warden module they'd have to give you a custom client too? They won't be able to run a custom warden module without a modified client. The warden module contains a signature which is being checked by the client, this signature was signed with the private key on Blizzard's side. Unless they have cracked the Key, which is highly unlikely, they won't be able to write their own warden modules. You are correct about them being able to check which processes are running, I assume that Wrobot is circumventing this scan of course, otherwise it would have been detected ages ago. Looking at all the evidence it is quite clear that they have a way to establish a link between all accounts. I don't believe that they are using a modified warden module to fingerprint the computer the client is running on, in fact this is quite easily verifiable by hashing their warden module and comparing it to known modules (as far as I know there are only 2 known modules for the 1.12.1 patch - could be wrong though) As an educated guess I would say that they do one of the following things to fingerprint users (some of which have been mentioned by others as well): Monitor accounts with certain mail providers Browser canvas fingerprinting (highly likely) IP address lookup's to verify that the IP is not from a blacklisted proxy provider (this is one of the most likely methods as well) They've further reverse engineered the client or warden and found a way to fingerprint an individual computer (scariest possibility as there wouldn't be any quick bypass) Wrobot hasn't bypassed all warden scans and warden is still able to scan for processes running (verifiable on the user side) Could be either one of those or all together, who knows. So far I haven't been banned on any of my accounts (I'm running more than 4), therefor it's hard for me to look further into it. Almost wishing I'd get banned so I could tinkle around (hope I didn't jinx myself here) Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45528 Share on other sites More sharing options...
Bambo 148 Posted July 13, 2018 Share Posted July 13, 2018 Once the bans start on you they seem to have you logged. So you better take that Wish back haha. Once it is started it can Not be stopped. Also; Theory 1: been talking to many botters . All using different emails. Same Problem everywhere though. Hotmail. Yahoo. They cant just flag all email Providers. Especially the big ones. Way too many false positives. Theory2; i had 3 Accounts created from Friends all over the World. All of them seemed fine till lvl 10. Then I decided to start one of my own characters created in incognito and with vpn. 10mins later i had a ban Party. Never tried it again without adding my self created accounts. I should though. Theory 3; could be. But i have a guy surviving multiple ban waves with same port and pretty identical range to these that got banned. Also they seem to get me even when used different providers. All at the same time in GM box. Still could be possible though. Theory 4: Sounds like mission possible but not probable. You never know though. Theory 5: i Doubt that. We would have gotten such problems way earlier. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45530 Share on other sites More sharing options...
Nostradamus 2 Posted July 13, 2018 Share Posted July 13, 2018 50 minutes ago, Bambo said: Theory2; i had 3 Accounts created from Friends all over the World. All of them seemed fine till lvl 10. Then I decided to start one of my own characters created in incognito and with vpn. 10mins later i had a ban Party. Never tried it again without adding my self created accounts. I should though. Incognito mode doesn't protect you from a website fingerprinting your browsers canvas. Your canvas is unique to your browser, so if you open any website, a tracker could track you through incognito as well as normal modes. I suggest you to try "Multiloginapp" which is going to make it virtually impossible to fingerprint your computer through your browser. Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45531 Share on other sites More sharing options...
Bambo 148 Posted July 13, 2018 Share Posted July 13, 2018 Well even if. The 3 accounts created from my worldwide Friends. Were banned immediately after i started my incognito bot. All the 3 accounts had nothing in common. Different Browsers. Different socks5. Maybe the Browser theory is Invalid. Whatever it is. It catches the bots before they leave starting area Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45534 Share on other sites More sharing options...
Ordush 185 Posted July 13, 2018 Share Posted July 13, 2018 I am yet to be banned. 100% that it's reports Link to comment https://wrobot.eu/forums/topic/9755-northdale-warden-scanning-for-hardware/?page=2#findComment-45535 Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now