Botting in Runescape

[Mh1456]

Anyone notice that for quite a few hours after an RS system update, the number of players online hovers around half of what it normally is? (90k right about now.) Probably bots that don't log back in because their owners aren't around to do it, right? >_>

[Bxpprod]

A nice little soultion might be a random that requires you to solve a captcha device, sort of like on forums but on a more frequent base, like every hour or so. Depending on the ammount of time taken to solve it, the frequency would decrease over time and would not deter actual legitimate players and could give a nice reqard such as a xp book or something of a more valueable sort. implement it secretly so that it would not be on the front page, and if the time taken exceeds, lets say 30 minutes, instant temp ban post investigation of the account for futher "botlike" review. And for this it should have thousands of possibilites for required input, so that it could not be scripted in any way. Like an actual RANDOM puzzle

 

CAPTCHA is circumventable. I'm more inclined to say bring back the old 'aggressive' randoms - river troll, tree ent, drunk dwarf etc.

[NukeMarine]

A nice little soultion might be a random that requires you to solve a captcha device, sort of like on forums but on a more frequent base, like every hour or so. Depending on the ammount of time taken to solve it, the frequency would decrease over time and would not deter actual legitimate players and could give a nice reqard such as a xp book or something of a more valueable sort. implement it secretly so that it would not be on the front page, and if the time taken exceeds, lets say 30 minutes, instant temp ban post investigation of the account for futher "botlike" review. And for this it should have thousands of possibilites for required input, so that it could not be scripted in any way. Like an actual RANDOM puzzle

 

CAPTCHA is circumventable. I'm more inclined to say bring back the old 'aggressive' randoms - river troll, tree ent, drunk dwarf etc.

Really? So no bot has a "IF damage occuring THEN teleport home" coded anywhere in it? Sorry, aggressive randoms affected normal players much to often to be beneficial.

 

As for CAPTCHA, I think RS can improve on them as they have a 3d option. Basically, have five to eight 3d shapes that are randomly placed, rotating and slightly moving. On the skin of the shapes are the individual CAPTCHA letters. After that, an interface like the Bank Pin pops up where you have to tap in the letters in order (maybe eight buttons).

 

Even better, they could just use 3d models of dragons, man, furniture, cat, boats, trees, etc in random posing and shading with letters mapped on the skin of various body parts then converted to a 2d image (removing model id's). It then ask for specific letters (back of the human, left wing of the eagle, branch of the tree,, shield of the demon) . Now, I'm not up on anti-CAPTCHA, but that sounds beyond the abilities of any program to solve but fairly simple to implement.

 

Yes, CAPTCHAS can be overcome if you never change the patterns. However, Jagex should easily to be able to call upon it's enormous model library and the fact everyone is in a 3d interface to design a nigh impossible bot anti-bot tool. Then, like others say, you implement this device so that accounts stop being tested slowly over time. It can even alleviate annoyances to new accounts by older players by letting older accounts sponsor newer accounts (tested less often though obviously all connected accounts will then be at risk if any attempt to bot).

[hatebringer]

A nice little soultion might be a random that requires you to solve a captcha device, sort of like on forums but on a more frequent base, like every hour or so. Depending on the ammount of time taken to solve it, the frequency would decrease over time and would not deter actual legitimate players and could give a nice reqard such as a xp book or something of a more valueable sort. implement it secretly so that it would not be on the front page, and if the time taken exceeds, lets say 30 minutes, instant temp ban post investigation of the account for futher "botlike" review. And for this it should have thousands of possibilites for required input, so that it could not be scripted in any way. Like an actual RANDOM puzzle

 

CAPTCHA is circumventable. I'm more inclined to say bring back the old 'aggressive' randoms - river troll, tree ent, drunk dwarf etc.

Really? So no bot has a "IF damage occuring THEN teleport home" coded anywhere in it? Sorry, aggressive randoms affected normal players much to often to be beneficial.

 

As for CAPTCHA, I think RS can improve on them as they have a 3d option. Basically, have five to eight 3d shapes that are randomly placed, rotating and slightly moving. On the skin of the shapes are the individual CAPTCHA letters. After that, an interface like the Bank Pin pops up where you have to tap in the letters in order (maybe eight buttons).

 

Even better, they could just use 3d models of dragons, man, furniture, cat, boats, trees, etc in random posing and shading with letters mapped on the skin of various body parts then converted to a 2d image (removing model id's). It then ask for specific letters (back of the human, left wing of the eagle, branch of the tree,, shield of the demon) . Now, I'm not up on anti-CAPTCHA, but that sounds beyond the abilities of any program to solve but fairly simple to implement.

 

Yes, CAPTCHAS can be overcome if you never change the patterns. However, Jagex should easily to be able to call upon it's enormous model library and the fact everyone is in a 3d interface to design a nigh impossible bot anti-bot tool. Then, like others say, you implement this device so that accounts stop being tested slowly over time. It can even alleviate annoyances to new accounts by older players by letting older accounts sponsor newer accounts (tested less often though obviously all connected accounts will then be at risk if any attempt to bot).

 

What if what they did was, as you say, use every model in the game, and give the player options that would be totally random each time so maybe it would slow the bots somehow? I really don't know much else. The bot problem is just beyond crazy atm.

[jasignhagj]

A nice little soultion might be a random that requires you to solve a captcha device, sort of like on forums but on a more frequent base, like every hour or so. Depending on the ammount of time taken to solve it, the frequency would decrease over time and would not deter actual legitimate players and could give a nice reqard such as a xp book or something of a more valueable sort. implement it secretly so that it would not be on the front page, and if the time taken exceeds, lets say 30 minutes, instant temp ban post investigation of the account for futher "botlike" review. And for this it should have thousands of possibilites for required input, so that it could not be scripted in any way. Like an actual RANDOM puzzle

 

CAPTCHA is circumventable. I'm more inclined to say bring back the old 'aggressive' randoms - river troll, tree ent, drunk dwarf etc.

Really? So no bot has a "IF damage occuring THEN teleport home" coded anywhere in it? Sorry, aggressive randoms affected normal players much to often to be beneficial.

 

As for CAPTCHA, I think RS can improve on them as they have a 3d option. Basically, have five to eight 3d shapes that are randomly placed, rotating and slightly moving. On the skin of the shapes are the individual CAPTCHA letters. After that, an interface like the Bank Pin pops up where you have to tap in the letters in order (maybe eight buttons).

 

Even better, they could just use 3d models of dragons, man, furniture, cat, boats, trees, etc in random posing and shading with letters mapped on the skin of various body parts then converted to a 2d image (removing model id's). It then ask for specific letters (back of the human, left wing of the eagle, branch of the tree,, shield of the demon) . Now, I'm not up on anti-CAPTCHA, but that sounds beyond the abilities of any program to solve but fairly simple to implement.

 

Yes, CAPTCHAS can be overcome if you never change the patterns. However, Jagex should easily to be able to call upon it's enormous model library and the fact everyone is in a 3d interface to design a nigh impossible bot anti-bot tool. Then, like others say, you implement this device so that accounts stop being tested slowly over time. It can even alleviate annoyances to new accounts by older players by letting older accounts sponsor newer accounts (tested less often though obviously all connected accounts will then be at risk if any attempt to bot).

 

For the last time, capatchas are useless not because bots can solve them, but because there is a service that will solve massive numbers of capatchas for you for a very small cost. All the bot client would need to do is take a screen of the 3D capatcha, send it through the service, and it would be solved for them.

[Bxpprod]

Spork hit it perfectly.

[NukeMarine]

For the last time, capatchas are useless not because bots can solve them, but because there is a service that will solve massive numbers of capatchas for you for a very small cost. All the bot client would need to do is take a screen of the 3D capatcha, send it through the service, and it would be solved for them.

Really? What use will it be to take a screen shot when the 3d models with the letters are rotating in and out of view in addition to having to individually enter letters on a pad similar to the bank pin set up? Of course a human can solve it, and many OCR programs can decode standard CAPTCHAS now. But tell me a program that can reasonably get that info I describe to the real world captcha solvers?

 

Think about it, you see a rotating Dragon, Human and Dog. Dragon with letters (Q's on the head, D's on the wing, X's on the legs, P's on the body, M's on the tail). Human with similar letters (including shield and sword and cape). Even the dog has letters. The letters come in and out of view as the figures are rotating. A bank pin interface comes up and ask for the letter on the dog's leg. Next, the letters on the models change (or even the models themselves) and it ask for the letter on the human's cape. Finally another skin or model change up and it asks for the letter on the Human's head. Nothing is asked about the dragon.

 

Jagex would have dozens of models to call up. It only needs to be able to randomly map letters onto the skin, and randomly apply it to distinct body parts of the models. Since these models can be animated such as doing emotes in case of humans, that makes it even more difficult to CAPTCHA solve as the question could be "What's the letter on the cape of the waving human" or "What's the letter on the leg of the clapping human". Sorry, but NO ANTI-CAPTCHA program can figure such things out. Even sending screen shots do nothing as first off rotating figures means letters may or may not be in view, plus animated emotes will not be obvious unless you record at least 4 seconds of screen time. Oh, and since you get three inputs based on responses to 3 or 4 models, Jagex can further tell if one model has been corrupted by anti-captcha programs cause you get lots positive responses to one model vice incorrect guesses on the other two or three means it can automatically retire that model.

 

Now, none of this stops sweat shop labor directly playing the game. My guess is a "worker" is alerted to a stopped bot and he'll offer his human brain to solve the issue. However, even that must have a definite time lag that could be an idicator someone is botting. With a smart algorythm that determines that real players solve such captchas fast eventually getting tested every 10 hours of gameplay while botted with human back-up accountssolve slower can start lagging down botted accounts with captchas every 10 minutes.

[Stev]

For the last time, capatchas are useless not because bots can solve them, but because there is a service that will solve massive numbers of capatchas for you for a very small cost. All the bot client would need to do is take a screen of the 3D capatcha, send it through the service, and it would be solved for them.

Really? What use will it be to take a screen shot when the 3d models with the letters are rotating in and out of view in addition to having to individually enter letters on a pad similar to the bank pin set up? Of course a human can solve it, and many OCR programs can decode standard CAPTCHAS now. But tell me a program that can reasonably get that info I describe to the real world captcha solvers?

Bot clients can retrieve any and all data from RuneScape. They could retrieve the 3d model, the texture used on it, and the question. There's no software for it yet (because it doesn't exist obviously), but all it'd take is a few bot developers to get a few randoms and there'd be a anti-random for that in a heart-beat. :).

 

Dozens of models wouldn't help much either. You can download and view every model used on RuneScape, without getting the random, through various readily available softwares.

[hatebringer]

Got a freaky Forester random about 3 hours ago and there was a multitude of bots all just sitting by the exit portal... WIN reported em all ;) like I said idc if it doesn't do anything in the long run, it just makes me feel all fuzzy inside knowing I maybe slowed so ungrateful 15 y/o's goldfarming progress.

[NukeMarine]

For the last time, capatchas are useless not because bots can solve them, but because there is a service that will solve massive numbers of capatchas for you for a very small cost. All the bot client would need to do is take a screen of the 3D capatcha, send it through the service, and it would be solved for them.

Really? What use will it be to take a screen shot when the 3d models with the letters are rotating in and out of view in addition to having to individually enter letters on a pad similar to the bank pin set up? Of course a human can solve it, and many OCR programs can decode standard CAPTCHAS now. But tell me a program that can reasonably get that info I describe to the real world captcha solvers?

Bot clients can retrieve any and all data from RuneScape. They could retrieve the 3d model, the texture used on it, and the question. There's no software for it yet (because it doesn't exist obviously), but all it'd take is a few bot developers to get a few randoms and there'd be a anti-random for that in a heart-beat. :).

 

Dozens of models wouldn't help much either. You can download and view every model used on RuneScape, without getting the random, through various readily available softwares.

Again, there are two methods. First is a 2d image that's generated from a random 3d design. That's the type that can't be defeated by a program as you cannot tell me some program can recognize every possible angle of rotation on a human that can be in the middle of performing any possible action holding any possible combation of items. Such things are easily solved by humans since they can tell the letter on the chest of the guy sitting down, the number on the open mouthed dragon's wing plus 5 and the letter on the cape of the human holding an axe.

 

That these images can be randomly generated means no program's going to reasonably defeat and will be quickly discovered unless all models are solved with 100% accuracy (otherwise, you just stop using the model that gets bombarded with correct answers while other models in it's group are wrong. Yeah, you got CAPTCHA solving services as mentioned in this thread, but thanks to the needed time (snapshot, send for solve, received solve, repeat for next question) you quickly identify such methods.

 

Now, the other type where you have models that are moving/rotating defeat CAPTCHA solving services (unless they send videos). However, that's open to the problems you mention where you have models, skins and likely actions identified by programs. Still, you're trying to account for questions that can have enormous variance. Even then, you're stuck with the same problem that unless you solve each question and model with 100% accuracy, you basically are telling the company when one of the models of it's CAPTCHA is getting compromised. We are talking about hundreds of thousands of possiibilities. Yeah, you can know all the models, all the emotes, all the actions, all the clothing and weapons, all the hair. Thing is, there can be dozens if not hundreds of form questions that then are populated with these variances. This isn't

 

I get you're a great programmer, but I think you're overstating what bots can do in this part. However, let me ask: The "answers" are basically all letters and numbers and common symbols (about 50 characters if we stick to capital letters). The character model is just the human model. The skins, each with a possible "answer" on it, are individually applied to either leg, either arm, chest, and head in addition to being mapped on various weapons, shields, capes. The models can do any activity a normal character can do. There can be upto four different models on screen with their relative position being obvious. How many multi-part form questions can you think of based on that (along the lines of "What is the symbol is on the shield of the person behind the man swinging a sword?"). You then have the option of generating a new scene for each question requiring three correct answers in a row within 10 questions else you get a 10 minute time out to limit seeing too many questions at once.

 

Knowing all the variables that have to be accounted, how long would it take to create a 100% accurate bot that won't reveal itself by taking too long to solve the problem?

[VonMedo]

For the last time, capatchas are useless not because bots can solve them, but because there is a service that will solve massive numbers of capatchas for you for a very small cost. All the bot client would need to do is take a screen of the 3D capatcha, send it through the service, and it would be solved for them.

Really? What use will it be to take a screen shot when the 3d models with the letters are rotating in and out of view in addition to having to individually enter letters on a pad similar to the bank pin set up? Of course a human can solve it, and many OCR programs can decode standard CAPTCHAS now. But tell me a program that can reasonably get that info I describe to the real world captcha solvers?

Bot clients can retrieve any and all data from RuneScape. They could retrieve the 3d model, the texture used on it, and the question. There's no software for it yet (because it doesn't exist obviously), but all it'd take is a few bot developers to get a few randoms and there'd be a anti-random for that in a heart-beat. :).

 

Dozens of models wouldn't help much either. You can download and view every model used on RuneScape, without getting the random, through various readily available softwares.

Again, there are two methods. First is a 2d image that's generated from a random 3d design. That's the type that can't be defeated by a program as you cannot tell me some program can recognize every possible angle of rotation on a human that can be in the middle of performing any possible action holding any possible combation of items. Such things are easily solved by humans since they can tell the letter on the chest of the guy sitting down, the number on the open mouthed dragon's wing plus 5 and the letter on the cape of the human holding an axe.

 

That these images can be randomly generated means no program's going to reasonably defeat and will be quickly discovered unless all models are solved with 100% accuracy (otherwise, you just stop using the model that gets bombarded with correct answers while other models in it's group are wrong. Yeah, you got CAPTCHA solving services as mentioned in this thread, but thanks to the needed time (snapshot, send for solve, received solve, repeat for next question) you quickly identify such methods.

 

Now, the other type where you have models that are moving/rotating defeat CAPTCHA solving services (unless they send videos). However, that's open to the problems you mention where you have models, skins and likely actions identified by programs. Still, you're trying to account for questions that can have enormous variance. Even then, you're stuck with the same problem that unless you solve each question and model with 100% accuracy, you basically are telling the company when one of the models of it's CAPTCHA is getting compromised. We are talking about hundreds of thousands of possiibilities. Yeah, you can know all the models, all the emotes, all the actions, all the clothing and weapons, all the hair. Thing is, there can be dozens if not hundreds of form questions that then are populated with these variances. This isn't

 

I get you're a great programmer, but I think you're overstating what bots can do in this part. However, let me ask: The "answers" are basically all letters and numbers and common symbols (about 50 characters if we stick to capital letters). The character model is just the human model. The skins, each with a possible "answer" on it, are individually applied to either leg, either arm, chest, and head in addition to being mapped on various weapons, shields, capes. The models can do any activity a normal character can do. There can be upto four different models on screen with their relative position being obvious. How many multi-part form questions can you think of based on that (along the lines of "What is the symbol is on the shield of the person behind the man swinging a sword?"). You then have the option of generating a new scene for each question requiring three correct answers in a row within 10 questions else you get a 10 minute time out to limit seeing too many questions at once.

 

Knowing all the variables that have to be accounted, how long would it take to create a 100% accurate bot that won't reveal itself by taking too long to solve the problem?

 

my brother uses a free bot and it does randoms better than I ever will,when he got that cage random and you have to match key with lock,bot clicks on key before I could see what shape it was,bots hack client and see right answer in the code,they don't have to wait for keys to turn so they could see which one matches the lock,it's all in the code...

[Yay0siris]

bots use id #'s

[NukeMarine]

my brother uses a free bot and it does randoms better than I ever will,when he got that cage random and you have to match key with lock,bot clicks on key before I could see what shape it was,bots hack client and see right answer in the code,they don't have to wait for keys to turn so they could see which one matches the lock,it's all in the code...

Well, that plays on what Stev says about them being able to get the models and id's just from the game code without needing to even get a random to program around it. So you have a model of all lock and key types which makes matching up models child's play. Fairly sure that's how most of the 'match this character with that character' get botted with ease. However, I'm talking about matching human language with a game layout. If I say "guy swinging the sword", and you see 3 characters with long hair and what appears to be dresses and feminine features while another has beard, short hair, and pants. Ok, what a "man waving a long knife" or a "fellow with a pointy weapon"? There's quite a few words that point out a definite character.

 

Yeah, bots are really good at playing RS if they know it. That they can interpret the game beyond the visual level makes them even more efficient. They just suck at figuring out something new which means manual changes by the programmers to adapt. The hard part is programming or creating a method that can create something new that confuses bots but not players that can't easily be turned into an algorithm within hours of release. Even better, it's something new that updates on a constant basis.

 

Anyway, I'm for an invasive bot captcha that happens frequently for new or unsponsored accounts (not random events, but actually methods meant to find out "are you a bot or not"). As time goes on, positively passing these tests means you're tested less and less. Actually failing the test means you have a penalty time out and encourages more frequent tests. Oh, and make these part of the account creation process.

[Makoto_the_Phoenix]

Anyway, I'm for an invasive bot captcha that happens frequently for new or unsponsored accounts (not random events, but actually methods meant to find out "are you a bot or not"). As time goes on, positively passing these tests means you're tested less and less. Actually failing the test means you have a penalty time out and encourages more frequent tests. Oh, and make these part of the account creation process.

 

You've been around since classic, right? You should know that CAPTCHA doesn't work as effectively as one would think. Not just because it's not much of a hurdle to overcome (i.e. downloading the model for the CAPTCHA, sending the data off to a third party site for validation, etc), but it causes a legitimate inconvenience to a certain demographic of players with vision impairments.

[Sona]

Anyway, I'm for an invasive bot captcha that happens frequently for new or unsponsored accounts (not random events, but actually methods meant to find out "are you a bot or not"). As time goes on, positively passing these tests means you're tested less and less. Actually failing the test means you have a penalty time out and encourages more frequent tests. Oh, and make these part of the account creation process.

 

This is operating on the idea that older accounts are less likely to bot and/or as older botting accounts are banned the system becomes increasingly sufficient at tagging newer bot accounts? Because I think this is already present in the system.

 

Though something that may be worth bringing up: there is little to no penalty in failing a random, currently. For most players being teleported somewhere is a minor inconvenience, and I'm pretty sure most bots know how to get around it as well. Assuming bots do fail randoms at a decent interval and humans don't, would punishment have marginally positive effects on deterrence?

[Stev]

NukeMarine,

You would be surprised how much can be done through a bot client. As I said, any and all data can be retrieved from RuneScape.

 

There are only a limited number of questions that can be asked. Jagex would use a random combination of:

x letter on the x body or armor piece of x character doing x emote behind the character performing x emote.

 

A bot could figure that our rather easily. They can get the textures from each model in the random. They can tell what each player/NPC/model is wearing. They can tell a model's position in the game relative to another.

 

There may be hundreds of thousands of possible random questions, but there will be a pattern for each. Even if it was:

What is the number on the cape of the woman which is on the other side of the interface of the clapping man who's wearing a blue robe. Add 5 to this number.

 

Well, quite easily done. The bot sees "woman" and "other side". Which woman model has the furthest distance from a "man" model doing a "clapping" emote with "blue robes"? You don't think a bot could do that? All of that information is easily retrieved. If Jagex has the capability of coding such randoms, using something that can get all data necessary from the RuneScape applet, a program can be written to recognize and solve such patterns.

[L2Pullout]

Not sure if this has been mentioned but captchas were essentially beaten in RSC using a program called "sleepwalker." This was a side program that worked along side a macro client that would open the sleeping bag when the character was 100% fatigued. It would then take a picture of that captcha and send it to a program where a real active user was waiting to solve it. To keep using this program you had to keep your account in the green which required that you do so many of these captchas a day. It was very fast to keep your account in the green, probably about 5 minutes or less a day of solving captchas.

 

Even with the idea of using 3d images of a dog with a certain letter on it would be beaten by this because I don't necessary think it was a picture that was sent to the program, but more of a live stream of it, hence, thats how you could solve it.

[NukeMarine]

Not sure if this has been mentioned but captchas were essentially beaten in RSC using a program called "sleepwalker." This was a side program that worked along side a macro client that would open the sleeping bag when the character was 100% fatigued. It would then take a picture of that captcha and send it to a program where a real active user was waiting to solve it. To keep using this program you had to keep your account in the green which required that you do so many of these captchas a day. It was very fast to keep your account in the green, probably about 5 minutes or less a day of solving captchas.

 

Even with the idea of using 3d images of a dog with a certain letter on it would be beaten by this because I don't necessary think it was a picture that was sent to the program, but more of a live stream of it, hence, thats how you could solve it.

That's a given. If there's a system set up where people can remotely answer captchas AND answer it quickly enough then there is no counteraction if all you're requiring is correct answer. RS can make this difficult as the answers don't have to be only alpha-numeric (answer to select could be a heart or sword or something else). That'll limit participation in such programs pretty much to only RS players. The question then is does such a system allow such a fast turnaround that it's hard to distinguish it from a player sitting in front of the computer? In not, Jagex just has the accounts that answer to slow to keep getting more and more tests. If the turnaround is fast, well, at the very least you've taken 30 to 60 seconds out of a living person's day.

 

Anyway, based on what Stev's claiming, the best bet is getting hundreds if not thousands of 2d images that were randomly generated using unrealeased 3d models. Each image can have dozens of questions. It shouldn't be too difficult to constantly generate and update the captcha with new images and questions as it's done automatically.

[Mercifull]

Jagex should just add ASIRRA to RS :P

[blacksimon]

Unreleased 3d models...

 

 

Sadly, that's not how java works. The models have to be released, otherwise they can't be fetched.

And for big companies like jagex, they release models long before using them for testing purposes

 

 

edit: zomg cats

i bet you someone can make a pretty accurate script to do that much faster than a human can

[Stev]

Not sure if this has been mentioned but captchas were essentially beaten in RSC using a program called "sleepwalker." This was a side program that worked along side a macro client that would open the sleeping bag when the character was 100% fatigued. It would then take a picture of that captcha and send it to a program where a real active user was waiting to solve it. To keep using this program you had to keep your account in the green which required that you do so many of these captchas a day. It was very fast to keep your account in the green, probably about 5 minutes or less a day of solving captchas.

 

Even with the idea of using 3d images of a dog with a certain letter on it would be beaten by this because I don't necessary think it was a picture that was sent to the program, but more of a live stream of it, hence, thats how you could solve it.

That's a given. If there's a system set up where people can remotely answer captchas AND answer it quickly enough then there is no counteraction if all you're requiring is correct answer. RS can make this difficult as the answers don't have to be only alpha-numeric (answer to select could be a heart or sword or something else). That'll limit participation in such programs pretty much to only RS players. The question then is does such a system allow such a fast turnaround that it's hard to distinguish it from a player sitting in front of the computer? In not, Jagex just has the accounts that answer to slow to keep getting more and more tests. If the turnaround is fast, well, at the very least you've taken 30 to 60 seconds out of a living person's day.

 

Anyway, based on what Stev's claiming, the best bet is getting hundreds if not thousands of 2d images that were randomly generated using unrealeased 3d models. Each image can have dozens of questions. It shouldn't be too difficult to constantly generate and update the captcha with new images and questions as it's done automatically.

First you have to think whether or not Jagex really wants all bots gone; If they really want a detection system that could keep the number of bots so low that they'd need no anti-cheat department except the few people that write the software.

 

Let's incorrectly assume that they did want to scrap half of their income...

 

No, there best bet would not be the 2D models as you've explained. And models can not be unreleased as explained above. Hell, there's been models of D Kites and D Crossbows in the model list for years! Since WGS!

 

There best bet is to do as many other major companies have done (eBay, anyone?). They should fire or transfer their current employees (Don't get me started on that joke of an employee Carlos) and hire those that are able to beat and bypass their anti-cheat systems with only a few minutes work. Hire the people that are currently getting paid bottom-dollar for their bots clients and scripts and put them to work. No one knows more about it then the ones getting paid to bypass it. Hire the people currently getting paid to quite easily bypass their systems.

 

Kinda reminds me of an old movie I rewatched recently; Blue Streak. Who would make the best cop/detective? An ex-con.

[Tim]

Not sure if this has been mentioned but captchas were essentially beaten in RSC using a program called "sleepwalker." This was a side program that worked along side a macro client that would open the sleeping bag when the character was 100% fatigued. It would then take a picture of that captcha and send it to a program where a real active user was waiting to solve it. To keep using this program you had to keep your account in the green which required that you do so many of these captchas a day. It was very fast to keep your account in the green, probably about 5 minutes or less a day of solving captchas.

 

Even with the idea of using 3d images of a dog with a certain letter on it would be beaten by this because I don't necessary think it was a picture that was sent to the program, but more of a live stream of it, hence, thats how you could solve it.

That's a given. If there's a system set up where people can remotely answer captchas AND answer it quickly enough then there is no counteraction if all you're requiring is correct answer. RS can make this difficult as the answers don't have to be only alpha-numeric (answer to select could be a heart or sword or something else). That'll limit participation in such programs pretty much to only RS players. The question then is does such a system allow such a fast turnaround that it's hard to distinguish it from a player sitting in front of the computer? In not, Jagex just has the accounts that answer to slow to keep getting more and more tests. If the turnaround is fast, well, at the very least you've taken 30 to 60 seconds out of a living person's day.

 

Anyway, based on what Stev's claiming, the best bet is getting hundreds if not thousands of 2d images that were randomly generated using unrealeased 3d models. Each image can have dozens of questions. It shouldn't be too difficult to constantly generate and update the captcha with new images and questions as it's done automatically.

First you have to think whether or not Jagex really wants all bots gone; If they really want a detection system that could keep the number of bots so low that they'd need no anti-cheat department except the few people that write the software.

 

Let's incorrectly assume that they did want to scrap half of their income...

 

No, there best bet would not be the 2D models as you've explained. And models can not be unreleased as explained above. Hell, there's been models of D Kites and D Crossbows in the model list for years! Since WGS!

 

There best bet is to do as many other major companies have done (eBay, anyone?). They should fire or transfer their current employees (Don't get me started on that joke of an employee Carlos) and hire those that are able to beat and bypass their anti-cheat systems with only a few minutes work. Hire the people that are currently getting paid bottom-dollar for their bots clients and scripts and put them to work. No one knows more about it then the ones getting paid to bypass it. Hire the people currently getting paid to quite easily bypass their systems.

 

Kinda reminds me of an old movie I rewatched recently; Blue Streak. Who would make the best cop/detective? An ex-con.

 

Similar to Valve, their major bug and bug abuse section is beeing looked after by the very person who found them and exploits them. It's better for their company to hire someone who knows the understanding of finding, abusing and fixing bugs then the very person who knows how to find and exploit.

[NukeMarine]

First you have to think whether or not Jagex really wants all bots gone; If they really want a detection system that could keep the number of bots so low that they'd need no anti-cheat department except the few people that write the software.

 

Let's incorrectly assume that they did want to scrap half of their income...

 

No, there best bet would not be the 2D models as you've explained. And models can not be unreleased as explained above. Hell, there's been models of D Kites and D Crossbows in the model list for years! Since WGS!

 

There best bet is to do as many other major companies have done (eBay, anyone?). They should fire or transfer their current employees (Don't get me started on that joke of an employee Carlos) and hire those that are able to beat and bypass their anti-cheat systems with only a few minutes work. Hire the people that are currently getting paid bottom-dollar for their bots clients and scripts and put them to work. No one knows more about it then the ones getting paid to bypass it. Hire the people currently getting paid to quite easily bypass their systems.

 

Kinda reminds me of an old movie I rewatched recently; Blue Streak. Who would make the best cop/detective? An ex-con.

Not totally agreeing with the business tactics debate. If that were really the case, then I'd buy them not rapidly stopping the member bots (just stat wiping them), but what's the financial incentive of not fully busting the f2p bots?

 

About the 2D image generated from 3D models, maybe you misunderstood what I was talking about. Here's a version I was thinking about: 3D Photo CAPTCHA. The reason you don't release the models just makes it more difficult to compare a newly generated image.

 

Now, it's probably a great idea to hire a team of guys and gals that make a hobby/living off of breaking anti-bot methods. Don't know if they do that, but it's possible.

[brunokiller]

 

Similar to Valve, their major bug and bug abuse section is beeing looked after by the very person who found them and exploits them. It's better for their company to hire someone who knows the understanding of finding, abusing and fixing bugs then the very person who knows how to find and exploit.

 

They don't want to hire bugabusers for some reason lol

 

 

They did try to leech though :razz:

 

 

Then i tell them how to fix a bug and in return, they wipe my bank...

[Stev]

Now, it's probably a great idea to hire a team of guys and gals that make a hobby/living off of breaking anti-bot methods. Don't know if they do that, but it's possible.

Most of them have other jobs, yes, but several are also freshly out of college without a real career yet and would jump at the opportunity. Hell, a full-time career making decent money with benefits is better then scripting a few bot clients + scripts making bottom dollar at home. ;).