A new bot nuke is in order

[Deathscythe]

Well the first bot worked for a while and now the bots are back and I think there need to be another bot nuke one but this time it should aim at not only players but, also the IP address of the people who play them. Who agrees?

[Ellac]

We remain committed to our ongoing work to ensure that the successes of Bot Nuke Day are never undone by staying a few steps ahead in the arms race with the remaining bot developers and gold farmers. Were already well underway with our next generation of anti-botting software called Optimus, which is going to be released shortly, and were also currently developing ways to remove the remaining screen-scraper bots from the game. Well also be continuing to fight gold-farmers on every front.

 

Based on that News Post, Jagex is already developing this and it will be released in the coming months, if not weeks.

[tripsis]

I assume by "aiming at the IP address of people who play them," you're referring to IP bans? If so, IP bans aren't really a realistic or long-term solution. If someone goes through the lengths to download and execute a working bot, odds are they're also willing (and have enough knowledge) to use a proxy, which would get around an IP ban. So.. it wouldn't be that effective. Then of course you have to consider that a lot of IPs are dynamic anyway.. so again, an IP ban isn't really effective unless they use a range, which wouldn't be good because it could also ban/block out legitimate players.

 

But Jagex is constantly looking for ways to destroy botters and ultimately I imagine it's pretty hard to always stay on top of them. It's not like they can press a button that says "Destroy bots" and have it be done. A lot of work has to go into figuring out how the bots work and coming up with a solution to effectively stop them.

[Ren]

I assume by "aiming at the IP address of people who play them," you're referring to IP bans? If so, IP bans aren't really a realistic or long-term solution. If someone goes through the lengths to download and execute a working bot, odds are they're also willing (and have enough knowledge) to use a proxy, which would get around an IP ban. So.. it wouldn't be that effective. Then of course you have to consider that a lot of IPs are dynamic anyway.. so again, an IP ban isn't really effective unless they use a range, which wouldn't be good because it could also ban/block out legitimate players.

 

But Jagex is constantly looking for ways to destroy botters and ultimately I imagine it's pretty hard to always stay on top of them. It's not like they can press a button that says "Destroy bots" and have it be done. A lot of work has to go into figuring out how the bots work and coming up with a solution to effectively stop them.

I'm not super knowedgeable on IP addresses, but I thought each computer had it's own ID? I thought most, if not all, replicated technology has it's own ID. Ban computer access if possible..? You could take it a step further and do that. And if they could pinpoint RL addresses, they could attempt to subpoena (hoping that's correct) a lot of people, fight them legally..Impractial probably though :\. I just hate botters, rwters, etc.

[tripsis]

I assume by "aiming at the IP address of people who play them," you're referring to IP bans? If so, IP bans aren't really a realistic or long-term solution. If someone goes through the lengths to download and execute a working bot, odds are they're also willing (and have enough knowledge) to use a proxy, which would get around an IP ban. So.. it wouldn't be that effective. Then of course you have to consider that a lot of IPs are dynamic anyway.. so again, an IP ban isn't really effective unless they use a range, which wouldn't be good because it could also ban/block out legitimate players.

 

But Jagex is constantly looking for ways to destroy botters and ultimately I imagine it's pretty hard to always stay on top of them. It's not like they can press a button that says "Destroy bots" and have it be done. A lot of work has to go into figuring out how the bots work and coming up with a solution to effectively stop them.

I'm not super knowedgeable on IP addresses, but I thought each computer had it's own ID? I thought most, if not all, replicated technology has it's own ID. Ban computer access if possible..? You could take it a step further and do that. And if they could pinpoint RL addresses, they could attempt to subpoena (hoping that's correct) a lot of people, fight them legally..Impractial probably though :\. I just hate botters, rwters, etc.

Every computer does have a unique MAC address, but if I understand it correctly, you cannot determine someone's MAC address through the internet.. you can only get their IP address, which is determined by the ISP. If people are using the same network they will all have the same IP address. You can also mask your IP address by using a proxy. So if you are IP banned you can just use a proxy and get around the ban.

 

Furthermore, my understanding is that the use of bots is not technically illegal - only the creation of bots. That's why Jagex goes after the creators of these botting programs rather than the users (again, could be mistaken here, but that's what I read somewhere at some point...). And if you consider how many thousands and thousands of people bot, they're not going to take legal action against every single one of them. It's unrealistic and not worth their time. They'll go after the source - the makers and suppliers of the bots.

[Thanorpheus]

Yea computer stuff is crazy easy to manipulate if you know what you're doing. Although I would think that after Jagex won over powerbot in court that no new companies would try to stand up to them again, seeing how if powerbot made bots again they'd have to pay jagex, what was it, like something around a million dollars in damages?

[Bad911]

Are you kidding me...<_< Banning IPs is stupid. No one does that for obvious reasons.

 

You might as well ban everyone who uses commutative internet. One person bots on their laptop at their college and suddenly you assume 1000+ people are botters? A small group of kids go to a public library and then they're all banned? Some people also do Lan or have relatives who are completely innocent.

Not to mention, a lot of people have multiple IPs. They go to their friends house to play or they have changed locations, moved, or changed ISPs over the years. Are you going to ban someone registered under a botter's IP five years ago?

And then there are dynamic IPs, Proxies, and VPNs which make it pointless. Some people use these services for security reasons, are you going to deny them the right to not spread their personal information over the internet? A lot of websites can phish for things like credit card information which is protected by these services. If you ban a well known and reliable Proxy or VPN server, you put your customers at risk.

 

Keep in mind, it's none of Jagex's business what my IP address is. Just because you know my name, doesn't give you any right to it at all.

[Dusk Souls]

I assume by "aiming at the IP address of people who play them," you're referring to IP bans? If so, IP bans aren't really a realistic or long-term solution. If someone goes through the lengths to download and execute a working bot, odds are they're also willing (and have enough knowledge) to use a proxy, which would get around an IP ban. So.. it wouldn't be that effective. Then of course you have to consider that a lot of IPs are dynamic anyway.. so again, an IP ban isn't really effective unless they use a range, which wouldn't be good because it could also ban/block out legitimate players.

 

But Jagex is constantly looking for ways to destroy botters and ultimately I imagine it's pretty hard to always stay on top of them. It's not like they can press a button that says "Destroy bots" and have it be done. A lot of work has to go into figuring out how the bots work and coming up with a solution to effectively stop them.

I'm not super knowedgeable on IP addresses, but I thought each computer had it's own ID? I thought most, if not all, replicated technology has it's own ID. Ban computer access if possible..? You could take it a step further and do that. And if they could pinpoint RL addresses, they could attempt to subpoena (hoping that's correct) a lot of people, fight them legally..Impractial probably though :\. I just hate botters, rwters, etc.

Every computer does have a unique MAC address, but if I understand it correctly, you cannot determine someone's MAC address through the internet.. you can only get their IP address, which is determined by the ISP. If people are using the same network they will all have the same IP address. You can also mask your IP address by using a proxy. So if you are IP banned you can just use a proxy and get around the ban.

 

Furthermore, my understanding is that the use of bots is not technically illegal - only the creation of bots. That's why Jagex goes after the creators of these botting programs rather than the users (again, could be mistaken here, but that's what I read somewhere at some point...). And if you consider how many thousands and thousands of people bot, they're not going to take legal action against every single one of them. It's unrealistic and not worth their time. They'll go after the source - the makers and suppliers of the bots.

 

I don't know much about this; but since Botting is against Jagex rules and when you create an account you have to accept the rules it becomes illegal in a sense? As I said I don't know.

[dyze]

It's a tricky situation, I do think Jagex are going about it the right way however. Because of the legal difficulties, and the difficulties determining who is actually botting and who isn't on any given IP address, it makes much more sense to stop botting from the source. Going after the creators and changing the game code to break bots is certainly a more sensible move.

 

I agree though, bots are back without a doubt. I'm reporting 10+ per day just doing my daily activities. Go to Daemonheim in most worlds and there are SG bots, go to Green Dragons, bots there. It wont be long before the underground botting market is back properly.

[Deathscythe]

It's a tricky situation, I do think Jagex are going about it the right way however. Because of the legal difficulties, and the difficulties determining who is actually botting and who isn't on any given IP address, it makes much more sense to stop botting from the source. Going after the creators and changing the game code to break bots is certainly a more sensible move.

 

I agree though, bots are back without a doubt. I'm reporting 10+ per day just doing my daily activities. Go to Daemonheim in most worlds and there are SG bots, go to Green Dragons, bots there. It wont be long before the underground botting market is back properly.

That could work.

[Pete Party]

I assume by "aiming at the IP address of people who play them," you're referring to IP bans? If so, IP bans aren't really a realistic or long-term solution. If someone goes through the lengths to download and execute a working bot, odds are they're also willing (and have enough knowledge) to use a proxy, which would get around an IP ban. So.. it wouldn't be that effective. Then of course you have to consider that a lot of IPs are dynamic anyway.. so again, an IP ban isn't really effective unless they use a range, which wouldn't be good because it could also ban/block out legitimate players.

 

But Jagex is constantly looking for ways to destroy botters and ultimately I imagine it's pretty hard to always stay on top of them. It's not like they can press a button that says "Destroy bots" and have it be done. A lot of work has to go into figuring out how the bots work and coming up with a solution to effectively stop them.

I'm not super knowedgeable on IP addresses, but I thought each computer had it's own ID? I thought most, if not all, replicated technology has it's own ID. Ban computer access if possible..? You could take it a step further and do that. And if they could pinpoint RL addresses, they could attempt to subpoena (hoping that's correct) a lot of people, fight them legally..Impractial probably though :\. I just hate botters, rwters, etc.

Every computer does have a unique MAC address, but if I understand it correctly, you cannot determine someone's MAC address through the internet.. you can only get their IP address, which is determined by the ISP. If people are using the same network they will all have the same IP address. You can also mask your IP address by using a proxy. So if you are IP banned you can just use a proxy and get around the ban.

 

Furthermore, my understanding is that the use of bots is not technically illegal - only the creation of bots. That's why Jagex goes after the creators of these botting programs rather than the users (again, could be mistaken here, but that's what I read somewhere at some point...). And if you consider how many thousands and thousands of people bot, they're not going to take legal action against every single one of them. It's unrealistic and not worth their time. They'll go after the source - the makers and suppliers of the bots.

 

Each packet sent has the Mac address of the original source in it.

Ip bans are not only IP bans they go together with a lot of other information gathered, Username and mac are considerable among them.

A big problem is proxies, you can ban them but you would ban all of the people on it, so first they should not allow proxies (which not many people use)

Then make it so proxies cannot connect to the game.

And Jagex would have to set up a bunch of guidelines for themselves for when to hand out an ip ban.

 

I guess with IPv6 it would be easier because every computer in a subnet can then be blocked separately instead of blocking the entire building.

It will cost a lot to get someone with knowledge on how to do this all, but it will be effective.

 

A lot is possible, even when you think it is not.

[deacon377]

I assume by "aiming at the IP address of people who play them," you're referring to IP bans? If so, IP bans aren't really a realistic or long-term solution. If someone goes through the lengths to download and execute a working bot, odds are they're also willing (and have enough knowledge) to use a proxy, which would get around an IP ban. So.. it wouldn't be that effective. Then of course you have to consider that a lot of IPs are dynamic anyway.. so again, an IP ban isn't really effective unless they use a range, which wouldn't be good because it could also ban/block out legitimate players.

 

But Jagex is constantly looking for ways to destroy botters and ultimately I imagine it's pretty hard to always stay on top of them. It's not like they can press a button that says "Destroy bots" and have it be done. A lot of work has to go into figuring out how the bots work and coming up with a solution to effectively stop them.

I'm not super knowedgeable on IP addresses, but I thought each computer had it's own ID? I thought most, if not all, replicated technology has it's own ID. Ban computer access if possible..? You could take it a step further and do that. And if they could pinpoint RL addresses, they could attempt to subpoena (hoping that's correct) a lot of people, fight them legally..Impractial probably though :\. I just hate botters, rwters, etc.

Every computer does have a unique MAC address, but if I understand it correctly, you cannot determine someone's MAC address through the internet.. you can only get their IP address, which is determined by the ISP. If people are using the same network they will all have the same IP address. You can also mask your IP address by using a proxy. So if you are IP banned you can just use a proxy and get around the ban.

 

Furthermore, my understanding is that the use of bots is not technically illegal - only the creation of bots. That's why Jagex goes after the creators of these botting programs rather than the users (again, could be mistaken here, but that's what I read somewhere at some point...). And if you consider how many thousands and thousands of people bot, they're not going to take legal action against every single one of them. It's unrealistic and not worth their time. They'll go after the source - the makers and suppliers of the bots.

 

Each packet sent has the Mac address of the original source in it.

Ip bans are not only IP bans they go together with a lot of other information gathered, Username and mac are considerable among them.

A big problem is proxies, you can ban them but you would ban all of the people on it, so first they should not allow proxies (which not many people use)

Then make it so proxies cannot connect to the game.

And Jagex would have to set up a bunch of guidelines for themselves for when to hand out an ip ban.

 

I guess with IPv6 it would be easier because every computer in a subnet can then be blocked separately instead of blocking the entire building.

It will cost a lot to get someone with knowledge on how to do this all, but it will be effective.

 

A lot is possible, even when you think it is not.

 

 

Just to comment.

 

Proxies also use dynamic IP's provided from their ISP's.

This process would be doubly useless for some better proxy networks (which I will not list to protect members of tip.it) whom use a consistently shifting IP thanks to an internal DHCP that re-assigns all the users on its networks every 2-3 hours, just as a normal IP release would work.

 

To OP, when a user connects to his internet, his computer has communicated with his internet service provider for a temporary IP address. This is called a dynamic IP address. Dynamic IP addresses expire anywhere from a single to three days. After they expire, they're reassigned to a new user in his local domain which could be as small as building, to half of a county in California.

 

As far as MAC address go with identifying people that play games like Runescape, yes, with java (which is pretty well sand boxed) it's hard to identify the MAC address of a computer legitimately and reliably unless java had a certain degree of user administrative rights. You may have to accept their security ticket which drops a cookie of basic information, but regardless, you can easily spoof a fake or duplicate MAC address into your TCP/IP transmissions.

 

As the person above me mentioned, it is possible to block one person using IPV6 (a more current, updated and intricate method of identifying computers. Plus we're out of IPV4 addresses to give to computers), and as he correctly identified; the cost measures of doing this would be high.

 

I think regardless of what jagex does, re-configuring its network setup as well as banning IP addresses or even going so far to ban mac addresses- it would be better off continuing this cat and mouse game of making new busters for the new bots that come out every so often versus employing several full time network engineers whom expect many thousands of dollars a month for their services...which in this case would be hard to justify quite frankly.

[X3EN]

As far as MAC address go with identifying people that play games like Runescape, yes, with java (which is pretty well sand boxed) it's hard to identify the MAC address of a computer legitimately and reliably unless java had a certain degree of user administrative rights.

 

Completely wrong. You must be forgetting that current RS client applet is coded by JaGeX themselves (and not some 3rd party). Or perhaps you forgot that the unsigned applet is no longer available?

 

With a signed applet (regardless if it's CA or self-signed), you can do everything, including native OS kernel calls (CreateProcess/CreateResource & co.).

Back to the topic: the hardware (MAC) address cannot be obtained from a remote network, but since the client applet runs on the target computer... You get the idea. More details can be found in NetworkInterface.

 

you can easily spoof a fake or duplicate MAC address into your TCP/IP transmissions.

 

Completely right. Unfortunately, getting a new MAC address on a NIC (regardless of it's type) takes maximum of a few minutes (in a case when you don't know how to do it and don't have any software at hand).

[Vancouver]

The people running this game obviously don't do their research or else they would of stopped gold farming years ago if they actually cared about it. They put more money in their pocket by keeping them.

[Pete Party]

A new fairy tale quest is out, at the end all bots will be banned.

 

[hide=spoiler!]The quest is a fairy tale[/hide]

[iSharkMan]

If Jagex just did a monthly bot ban people will soon get bored and stop using bots. It shouldn't be too much trouble nuking bots monthly.

[Jonanananas]

If Jagex just did a monthly bot ban people will soon get bored and stop using bots. It shouldn't be too much trouble nuking bots monthly.

 

How do imagine nuking bots works?

 

If you mean stopping them from working through technical means, that takes time to develop. They use their nukes once they are finished with coding. They simply can't do that earlier.

 

If you mean a mass ban...you have to detect those bots first...and experience has shown that this works really bad because you want to avoid false positives at all costs, so you only really find the most obvious bots.