Friday, March 8, 2013

CCP's War On Bots: Lock Up Your Bots, Hide Your Accounts!

Yesterday TheMittani.com published a piece I wrote on the latest innovation in the War on Bots.  Well, at least the developer of Red Guard thinks it is an innovation because botters using his software started getting banned.  I'll let you click on the link for the initial story and present an update.

CCP Sreegs came out on the forums yesterday and made the following statement:
"We will not state what changes were made but yes there were changes made targeting specific malicious actors who are aware of the fact that they were targeted and have made some early attempts at guessing how they were targeted on their forums which is where this information seems to be sourced from. We don't have any further comment on the topic at this time but it can stay open for discussion as it's based in fact."
Right now the bot devs are speculating that CCP is reading the memory to see if various ddl files are loaded into memory.  But the possibility exists that CCP just solved Red Guard and the technology is based on techniques used to keep banned users from logging in with fresh accounts.

I keep referring to Red Guard, but what is it?  Casper from the Eve Pilot forums gave this explanation:
"its a freeware closed source app put out by another bot developer, idea was to intercept the communication between the client and server to mask the hardware and os the client is using. Should a GM take the time to look for hard links between accounts it would make it a bit more difficult.

"However this is deemed a major violation of 3 sections in the EULA, modifying the client, intercepting and modifying the communications between the client and server, and using a third party app in conjunction with the client. If you are caught, all linked accounts are permanently banned, no warning.

"Slav [the Eve Pilot dev] warned me earlier about using it. Lesson learned."
Yes, I am quoting someone from a botting forum.  In fact, the title of the post, "Lock up your bots, hide your accounts" is actually the title of the posts the Red Guard dev was making warning all the users of his software that they would get banned for using his software if they logged into Eve.  If you want to read more from the forums, keep reading after the break.  Enjoy!

Eve Pilot

casper (5 March 13) - "When they ban your account, do you not usually get an email stating why it was banned or at least whether its permanent or temporary? Had a few go down last night, one with the bot, others were plexed by it, not botting. None of the associated email accounts received an email stating the reason. No RMT..."

"was a redguard detection ban, btw..."

"i logged into the accounts right when they happened to be checking. Just my luck.

"I finally got an email: You were detected using a modified client; all accounts subsequently permanently banned.

"I'll just delete that little program, seemed like a good idea at the time."


Slav 2 (EP dev) (5 March 13) - "Hmm, seems CCP started to fight with client modifications. Probably introduced another check which RG does not emulate yet."

Questor

Echu (5 March 13) - "7 down. Different ip, system, 8-9h per day"

Gray (5 March 13) - "7 down. Permban, no mail, but it seems that the usual way - RMT. RG was used, same IP though. Toons on other IPs seems to be up for now (knock-knock!)."

Gray (5 March 13) - "It *IS* because of RMT. But then again, what's the point to have 18-account farm if you don't RMT - unless you feel like buying a titan every day and having it shot down..."

smg (5 March 13) - "Got banned 6 chars. Never RMT, few days old. They have not been connected anyhow with anything promiscious other than RG perhaps. I lost all my bots few months ago. Since than I took brake from Q for 3 months. Come back 4 days ago, used new pp, bought plexes, fresh installed computer and started 6 toons, which got banned today :("

Semaj (6 March 13) - "also had 7 perma-banned about last week. no mail. RMT. cant complain though as i had been using the same chars since before these here questor forums were started!"

Gray (6 March 13) - "Heck! I wonder how do you manage to survive for such a long time? Scared Like if you didn't RMT at all :)  Then again, CCP are probably on a real crusade against botters if they ban such ancient chars too now..."



9 comments:

  1. Offtopic but have to ask: on the top of the blog stands "The Nosy Gamer", but articles are signed as "NoizyGamer". Are you "Nosy" or "Noizy"?

    ReplyDelete
    Replies
    1. How about Noeasy Gamer. ^_^

      Delete
    2. @Riverini - LOL

      @Gevlon - I go by Noizy. When I started the blog I didn't think about social media and by the time I did all the Nosy and NosyGamer tags were taken.

      Delete
  2. Always nice to here news about banned bots.
    Looking forward to Sreegs Fanfest presentation

    ReplyDelete
    Replies
    1. My thoughts too. He's ramping up action prior to his hour in the spotlight like the showman he has always been. Fair enough, he and his team are the best in the world.

      Delete
    2. Maybe he plans to go out with a bang.

      Delete
  3. solar are american petsMarch 8, 2013 at 7:29 PM

    now how is SOLAR FLEET supposed to make their isk?!

    ReplyDelete
    Replies
    1. SOLAR now uses the same bots as Goonswarm and PL, so no problem.

      Delete
    2. Is that the tech moon "bot"?

      Delete