*Possible* methods of bot detection

My HB key isn't even three weeks old, I wasn't on for tripwire and I was suspended in two seperate instances on two seperate rigs, isps, bnet accnt/wow accnt within an hour of running CR's.

 

In before thread closure.

Apoc's take on the recent ban's

 

it's good to finally hear from someone on the inside. however:

plenty of people have were NOT online in any way shape or form during the tripwire episode are now 6 month banned, and:

there seems to be a damn high correlation to Enyo.

however, like he said none of us truly knows what's going on. I just don't believe that the entire issue is directly tied to that one moment HB went down with the tripwire, and that "the issue from that has already been dealt with, and future-proofed". it takes no effort to find numerous ban reports that were not involved in the tripwire. Lets hope all the various devs keep thinking about what to improve, it looks like heavy (or maybe any) lua usage may be part of it.

It's also pretty interesting how blizz decided to go after customers that have been playing for 10 years and just use enyo+leaves or whatever for 4 hours per week in their guild raid. who the fuck is that hurting? meanwhile my gatherbot is running around in a circle in talador since november 20 hours a day and is NOT banned. some priorities.

 

It is hard to gather what the person was actually using and doing just from the posts. Most people will use Enyo with honorbuddy so you cant really pinpoint and say that was the cause. The same person who posted saying they just use Enyo and Leaves was posting about using a garrison bot and relogger a week ago in their post history. Etc..I am not saying it isn't possible just that people aren't fully honest in what they do.

It is good to improve security regardless however..

It also could be that there was a warden feature that was switched on and off a day or few days before the tripwire that wasn't caught until the 19th due to its duration.

 

This. People definitely are not honest in what they do or use HB to do. "I only ever used Enyo+CR" could mean "I only ever used Enyo+CR this past week, but I've been botting 24/7 farming profiles the week before".

I've even been using print to chat with Enyo and Glad Suite, not banned. But after these discussions I've realized it is apparantly very unsafe? Even though I've been using it since mid MoP.. So I guess I'll have to stop using print-to-chat :'(

 

now that we have heard from the 60 people who were banned only using Enyo and a CR, i'd like to hear from the 19,940 people who didn't get banned.

 

I used enyo everyday. Wasnt online during tripwire. Used garrison buddy for like 3 days when it first came out in beta. Have chat output enabaled on enyo.

 

i use enyo atleast 2-3 hours daily, quest bot for another 1-2 hours, garrisonbuddy for atleast 3 and up to 11 chars daily, i logged out a half hour before the tripwire, havnt been banned yet.

 

I use enyo and yrb to raid about 12 hours a week. Other than that, I'm not even logged into the game. Tripwire kicked me off during the event, logged back in and played manually for a while. No ban here.

 

Except a majority of the people who claim to have "only used Enyo and a CR" have post histories showing they'd used other bots, including but not limited to Garrison botbases, plugins, BG Farmers, Ashran Farmers, Gatherbuddy, you name it. A very large number of these bans could have been any number of player reports due to the unsafe botting practices of these very same people. In short, there are barely any of these reports that are actually just Enyo + a CR. It's been noted across multiple threads, but feel free to look for yourself. The HB staff and many other people have speculated that the bans could a result of many different vriables (as are most), but the common denominators are more than likely 1 or more of the following:

1. Illegitimate HB usage (aka *****ed/bogus copy without the protection offered by a legit version
2. Garrison botbase/plugin usage (not too tough to get targeted if Blizzard did find patterns. They only had to check one instance across many toons)
3. LUA vulnerabilities in botbases/routines offered OUTSIDE of the Buddy Store, which many know have to be approved by the HB staff first. Much riskier botbases/routines basically

 

None of these are satisfactory answers.

I have seen people who were banned repeatedly accused of lying. There is no benefit for me to lie about when I was banned and how and my usage.

I have 4 legitimate keys of HB, no reason for me to use a non authorized version.

I did not use a Garrison bot or plugin, I did use a profile ( this profile ran with profession buddy, supplied with HB) but I have to also manual run my toon when using this profile. I interrupted and stopped it and finished manually every time the pattern many time when I used it. I also changed the pattern because I knew where it would be stuck and have trouble, in addition the mines don't spawn the same every day. The mines are set up in such a way that even manually running them would be more exactly duplicated than while i was using this profile.

And lately I haven't been using HB as much because the profile only slightly makes it easier. pretty much don't even use it for even an hour at a time and use is pretty random and always attended.

I only used the Hb supplied raid bot or combat bot ( I did not use enyo, nor any buddy shop cr.) for when I did raids or dungeons and I always manually moved my toons and was there 100% of the time, often again turning off HB when i knew it would not perform very well on certain bosses and areas. I also only ever used the singular CR honorbuddy supplies.

When i talked to the Blixx representative, She said that they were 100% certain with no doubts that I had HB running on my computer while i was on the Wow Client. How then? Did they scan my computer as they state they do, or was it the LUA we hear about? Others have also stated that Blizz claims they knew without a doubt that they were running Honorbuddy. Seems like an very easy fix would be to let us camouflage HB to look like something else. Make it so we each cause it to look like something we ourselves pick so they are all different. If its a LUA thing. I am not even sure what the LUA calls are. more Information might be helpful. Do the Lua calls state anything that says the profile , CR or HB specifically? Do these Lua calls happen with normal play?

I only hope my other two accounts do not get banned. since the second ban was days after the first, I expect more to come. And also I didn't even use the bot on my second account, but I did have HB open and used it on the first account while i multiboxed the second. Second was a healer i used to heal my first toon I didn't run a bot on her. I used them in old world dungeons for mog gear, which i can easily solo, just find it easier sometimes to have a healer along on follow. She still got banned. Since I have one more account on that bnet that is active I am waiting to see what happens.


Calling me a liar or insisting i have an illegitimate HB account is wrong. Why are you assuming this? To make yourself feel safe?

 

negative on all 3 for me and if in doubt you can check whether ive posted recently about any other issues yet i got the 6 month hammer as well

 

you are assuming everyone who uses HB uses these forums. I am the only one out of 6 botting friends who has posted here. I would guess a very small % of botters visit here regularly and even less post when they are banned.

 

Devs... Blizzard is doing this very strategically. They don't really want to kill 19,940 WoW subscriptions and lose money. But they do want to stop botting, and they do want the rest of the WoW community to know they are going after botters.

So instead of banning everyone and losing 20k subscribers, they are randomly banning in all different segments (BGs, dungeon framing, leveling, CRs, etc). This is to to cause fear in botters that no matter what they do they can be detected. This is to cause a large amount of posts, banned reports, and eventually the word getting out to the battle.net forums and rest of the playerbase that they are going after botters everywhere.

It's like the same gambling psychology as playing slot machines but in reverse. In slots you think the odds are that on the next spin you may win.. Here it's opposite - they want you to think the next time you bot odds are you may get banned, and this will cause some people to stop all together. But even if it doesn't, I believe their MAIN goal is to give the impression to the rest of the world that they are hitting bottings hard with bans.


I believe they have most definitely found a way to detect bots (either honorbuddy itself or CRs/profiles/plugins), and if they wanted to - yes they could ban all 19,940 people, but this is not their goal.


What I disagree with is the dev's not at least giving us some indication or assurance that they are concerned about this situation too and looking for ways to make botting less detectable. Instead, the Devs are simply saying that HB can't be detected and that is that.

It's not a valid point to say that because not everyone got banned that it means HB can't be detected. Based on the reports I strongly feel Bliz knows exactly who is botting and are either doing this in waves (to manage their own workload of incoming mass appeals) or that they are purposely banning batches of each type of botting.


At a minimum (and I've brought this idea up before) I'd like to see HonorBuddy randomize it's .exe name (such as what many anti-virus programs do) so that viruses/trojans can't simply look for the name of the anti-virus to disable it. The HB exectable should run as some random letter/number name each time it's invoked. I'm sure there are also other things HB can improve on to lesson detection but the problem is they are being stubborn in saying (or at least stating) that Blizzard can't detect HB. I don't mean that I want the dev's to publicly give out any information about exactly how they are making HB less detectable but it just feels right now that they are not even identifying this as a pretty big issue.

 

Blizzard cant go against the law and scan what programs we are running unless they really want to get another lawsuit. It may be the tripwire event dident get activated in time. or they have had many reports of the players that has been banned. Theres just so many ors to even start speculating what is the cause of this. I do agree with however that they are doing this to scare botters from not botting, and i agree with that if blizzard do ban all the botters that do indeed loose alot of revenue.

Its only speculation. You never know what triggered this. Im hoping that devs will be able to investigate further into this, maybe they've overlooked something?

 

please stop posting, you have NO idea what you are talking about

 

Hehe, I bet the Customer support have mentioned "third party program", "the program" or anything anonymous enough, but since you feel "guilty" for some weird reason, you assume they are talking for Honorbuddy! Seriously rowman598, how can some low-paid Customer support can trick you out? They cannot saw what you have used, or if you were used at all - they just see your behavior and probably some flags, collected recently.

This only confirm the situation, that they CANNOT detect your Honorbuddy attached to your Wow client.

If they could, they would never ban your account, which were never botted on!

 

There are many countries they can ban botters from who they know could never file a lawsuit. Even countries that can, it's a huge undertaking and I'm not entirely sure they would lose a lawsuit based on the EULA we all have to agree to.

The user above said HB was open, but bound to a different WoW client, that's still a red flag for me.

There have been quite a few reports where people have tried to appeal but Blizzard was adamant that they are 100% certain of botting.


I love HB and I'm not sure I'd continue to play WoW without it long term, as as it helps with many of the mundane tasks and my hand pain. I'm just hoping the dev's at least take all this more seriously rather than completely denying it's even possible that Blizz is detecting something or ever could.

 

By your own admission, you used a Garrison profile which, based on what I stated above, has been one of the common denominators across the ban threads. I also never accused you personally of having a *****ed version. It's just been noted that enough currently banned users did for the HB staff to mention it. I'm also not saying your use of the Garrison profile is the primary reason you got banned and I never said my list was the SOLE list of reasons, but they are denominators. Aka one of those three things is coming up somehow (via the report or through post histories of the users) and only adding grounds to one of those three being a likely cause.

Furthermore, and this is important, especially in your case, it took me all of 15 seconds to find you'd used BGBuddy, AH botbases, Kicks, etc in the past. All of those, and I mean all of those, have been known to be extremely risky. It doesn't matter when you used them. The PQR perma-bans last year had tons of player reports in which the banned users said "Blizzard said I used the bot 7 or 8 months ago to justify the perma-bans." You can find those for yourself all over Ownedcore. Now these might have been an old account, but from what I read, it looks like you got yourself a ban on this account previously based on those botting practices and then a reversal to 72 hours with the standard "This is your final warning."

Having said that, it seems like you either got extremely unlucky, or your account was already flagged for further scrutiny based on past actions and when you got careless somehow with the Garrison profile or something else, you got yourself noticed again and subsequently slapped with a 6 month. It's one of the two, but I'm leaning towards the latter. I'm really sorry to hear that you got stuck with this, but you gotta remember to consider all the possibilities, even the ones that might trace back months prior.

 

I didn't use a Garrison bot or plugin, As I said i used the garrison profile along with manually. The profile could only mine perhaps 4 of the nodes in the mines, Had to mine manually. There would be no routing pattern to detect. Lua maybe. And Yes 3 years ago,at the beginning of MOP, (I only gain pvp for a boost on new toons for raid gear, after the initial boost on gear I would not have any reason to go back to a bg) But in WOD I haven't. I have never botted Ashran, when it was new bots wouldn't run in ashran, and i used ashran for my pvp gear ( again for a fill in the gaps raid gear boost) at the start and never botted it. Haven't run BG buddy at all in WOD and gatherbuddy is a waste of time in WOD. I don't and haven't used AH bots. I tried using AH bots in MOP and it wasn't worth it, took too long to try and set them up and there wasn't enough support for the problems with it, so I didn't use an AH bot.

I am giving this information to try and help to figure out how bliz is detecting. Not to throw darts at people. You seem pretty defensive.

None of this detracts from Blizzard stating that HB was seen running on my computer.

The fix has to be easy, simply make us rename the exe that shows up on the computer when we turn it on.