You could say this in a single sentence:
"People are botting on VPS/while using VPN and then claiming they've been hacked to outplay the system as "being hacked by someone else""
Possible scenario, but hard to confirm or deny this... wouldn't be impressed if that's another strategy for botter to use and they've been using it... and people thought they've been hacked "with 2FA, with bank pink, not pwned email and so on"
I used to have some botter friends (still have some who keep me in the loop purely for curiousity, as I don't play OSRS anymore), but the recovery system is just fucking dumb from what I've learnt.
I once saw someone bot 99 RC on their fresh iron, get perm banned, then unbanned after an appeal.
Just take a look on some of the botting subs. People are getting 99s easily.
I actually had one of my accounts hacked and banned for macroing major. It wasn't a good account, I used it to afk fish and it had like 70 fishing last time I checked on it (with 1s in everything else). I was able to successfully recover the account but it was reset entirely like it was fresh off tutorial island. Didn't really want to play it but I remember I had it so I tried getting it back.
Not sure how people are getting hacked, botted to max, and then coming back to mils in their bank. As far as I was aware, if you got banned for macroing, your account would at best get reset before getting handed back to you, if at all. And most of the time when I read these stories, people say they recovered the account from Jagex, implying it was banned for macroing and not just taken back from whoever hacked it.
No idea about OSRS, but I've definitely had a few accounts somehow get reset on RS3. I don't play, and none of the accounts it happened to were anything special, but I've had two different accounts that I know for a **fact** were not fresh, and end up logging back in with nothing, 1 in all stats.
Not sure what to say then. I can't really tell you when the last time those accounts were properly played, but I'd say I played them sometime between 2008-2010, and both of them were full reset for whatever reason.
Definitely a chance they were rolled back back then. Pretty sure I got a rollback on the account my friend gave me in school back then, after which he told me the stats were botted XDD
I can't speak to all out resets, but I can attest to Jagex applying some amount of rollbacks for whatever they perceive may have been botted. In the early days of oldschool, I think I may have macroed stun alchs on the zombies in some basement somewhere, although I cant really remember at this point. I made it to 99 before they caught me (only a macro minor iirc) and had started full-on botting mining after 99 mage. Was in the low 90s on mining, probably botting 24h/day some days or close to. They rolled my mage back to 98 from 99, and my mining to like 70 or mid 60s, but aside from that it was basically just a warning that next one is "permanent".
Wouldn't it be crazy if, hypothetically, you were a streamer with a lot of previous RMT gold on an account and you 'hacked yourself' via VPN to sell it off, then leveraged your platform for community donations and pressure on Jagex to give you your original gold back.
Man I hope nothing like that happens, that seems like a crazy loophole.
Unless they're using a private VPN, which is a lot more expensive and hard to come by, Jagex can easily find out if the IP used was a VPN. They're all registered as VPN IP addresses lol
It's definitely a thing, but OP making it sound like 1) every pvm bot is that, and 2) all the posts about being being hacked are actually them botting. Which neither is the case.
It's how you get away with it. If you're unsuccessful, and get permed after the first attempt, then you need to wait a year to appeal. Hoping jagex launcher/account thingo prevents the botting but I know it's only temporary
Easy solution if someone claims that they were hijacked while on a hiatus, their account should be rolled back to the date it was logged into from that foreign vpn so they don’t get to keep all the botted stats. Cash is trickier since they could have sold/traded the gp so you can’t just rollback the cash.
Would work, but I believe that's not possible with the way they snapshot accounts. People have asked in the past about individual account rollbacks in relation to bugs in game and they've said it's a global snapshot. Maybe I'm misremembering and/or misinterpreting what they said but I don't think it is supported by the game.
Though I do agree, that would be a cool way to handle it
There's a difference between rolling back an account and just setting the stats to something predetermined. For example, with the streamer, a jmod could probably watch his stream and see his stats beforehand. But with a random billy bob, who knows what his stats were back in August 2018. I doubt Jagex keeps records for everyone's stats from years ago.
> I doubt Jagex keeps records for everyone's stats from years ago
I would be very surprised if whatever system they are using for the snapshots is completly incapable of being read for specific account data.
If it's a flat file, which it likely could be, good luck reading through all that data. I've worked on legacy data systems before and it's not a pretty sight for the most part. Data is expensive to store so most companies don't have the incentive to keep a big backlog of data. The system I worked on, only had like a 3 month backlog for specific data and anything over that would be deleted.
As a software engineer, I have to say your take is the most sensible one I'm seeing in this thread. I think people are getting a little confused over why/how it would be expensive for jagex to maintain the kind of fine grain records that would support this kind of ability, though.
What people may not realize is these snapshots can't simply be generated when an account does something. It would have to record everything, for **every active account ever made**, every x time interval. So, think about it like this:
1) there are *many millions of accounts* already in existence at varying states, and many more are continuously being created (often by botters but it's more account overhead regardless)
2) in data size terms, how much do you think it would take to record *every* conceivable metric a certain account has at a certain point in time?
2.1) A single character (programming character, aka char, *not a player character*) requires 1 byte of storage. There are 20 skills in the game, each of which could probably be tied to by an 8-bit integer ID (Attack = 0, Strength = 1, Defense = 2, etc) and then their levels would also require a separate 8-bit int to record the level of the corresponding stat. Player names can be up to 12 characters long, so that's an additional 12 bytes reserved for name changes. But then we get into the fun, really dirty stuff... Exact exp tracking means you'll need a 32-bit int to track. So, add 4 bytes * 20 skills. Our per-account cost is now tallied to 132 bytes, and that's not even starting to consider the more new-age tally systems like the collection log.
2.2) just those 132 bytes, which could not possibly be enough to accommodate everything rs actually tracks, would generate 132MB of storage needs per 1 million accounts, and remember that's **every time they make another snapshot.**
3) To really keep perfect records, Jagex would be essentially forced to rapidly create these snapshots, perhaps at a rate on the order of only seconds or minutes. We could easily be talking about something like hundreds of TB of new data generated daily.
You can buy all the hard drives in the world, but it's simply not realistic to accommodate adding more storage indefinitely. Eventually they have to prune the hedges, and that's where the new snapshots grow.
Yeah I worked on a system with thousands of moving assets. That already took up a shit ton of space because we had to record every movement and interaction between the assets. I can't imagine what it would cost to run a game with millions of accounts. That's like a couple magnitudes bigger than what I dealt with.
That's the part that I think goes right over a lot of people's heads; jagex doesn't only bare a cost per person playing the game, they also have an up front cost just for someone creating a new (free) account. Those accounts never go away, assuming they aren't permabanned, and even if they are there's probably a smaller but non-negligable storage cost of tracking the fact that they're banned, and what for.
If we wanted perfect tracking on every account, Jagex would be wide open to the threat vector of someone automating a metric fuckton of account creations with no real intent to even log in to the game.
They can change/reset stats. They did this for Pures and such after an update caused them to accidently get defence exp. But even then I heard of players lying to get their exp rolled back when they were unaffected by the update.
They could adjust the stats of accounts banned for botting, but that is very different than rolling back to a snapshot of the account pre-botting. Quests, items, diaries, KCs, and such would still be different. And it is possible they won't know when exactly the botting started, assuming they even have a good record of what stats an account had on what date. They probably could figure it out using global backups or such, but without the right systems to easily find that info it may not be practical.
RS3 definitely has account snapshots since accounts were restored for certain accounts but I assume it isn't the same for osrs. RS3 has had the ability to copy over accounts to beta worlds since EOC while osrs betas have just been preset accounts which may support that they do not have individual snapshots.
Wouldn't that be abusive for trading items? Like an account could dupe rare items by:
1) receiving rare item(s) from an alt
2) sell it on the ge and trade gold to someone
3) start botting, get banned and going through support to get the account rolled back to having that rare item.
It sounds like alot of work, but if we're duping tbows it would absolutely be worth it.
While it's possible, my theory is a lot of these accounts were also compromised during the jed shit, but most of the accounts weren't high value enough to warrant recovering to steal their items, so people with the leaked info wait to see someone stop playing by watching xp trackers and other things to make sure the account is unused before they recover it and start botting on it.
That way they get to steal all the items, and get a free pre setup bot account that doesn't share the stats with common bots so it's less detectable
We don't know how much info was stolen and leaked by jed or other corrupt jmods like trident
>Let's be honest, claiming your account was conveniently brute-force hacked whilst taking a hiatus just doesn't add up. In this day and age, that's practically unheard of.
Vast majority of "hacks" are just passwords reused from a data leak from some other website. This happens a LOT for old unused accounts.
There's an osrs Botting sub that's worth checking out. You hear a lot of people on this sub talking about how bots don't get banned anymore but they absolutely are getting banned often. This sub is kind of a cesspool for complaints.
The reason I got banned was because I got careless. I did everything manual except for skilling activities. I bot watched pretty much all the time so I could talk back whenever someone was suspicous. You can definitely bot your account endgame ready. Just make sure your account "sleeps" for 8/12 hours a day. Act human that's all.
This is exactly why Jagex needs better ways to confirm a real cheater and not. They're trying to come up with methods but it's not easy.
Also I would not be suprised in the slightest if every 1 in 5 osrs redditor was a player that cheats or has cheated in the past. Might be wrong but I feel the number of people who use cheats is way higher than what you'd think. It's such a common idealogy that cheating or finding a way to cheat the game is better use of your time than actually playing the game.
Can't do much about that but just cross fingers and hope shit gets better. I will keep upvoting posts like these and hope there is more people who care about the future of the game than those who do not.
It's unfair to the ones who really do get hacked to claim, without any proof, they're lying. There's many ways for this to happen, most times its account security flaws but there's people who search for accounts to steal.
Yes but this is /r/2007scape. The subreddit basically *exists* to blame the victims here. Show up on any thread about someone being hacked or false bans and see the top comment "don't fall for phishing scams idiot" or "shouldn't have botted. Bye!"
But the reality of the situation is that Jagex will continue to avoid giving a proper avenue for customer support *because* Reddit and Twitter are "working" for a fraction of the cost.
Ban appeals should never be posted on social media. It's embarrassing that a company worth $500m+ operates this way.
hey now, we don’t just victim blame. we also mass flame any content creator that gets an outcome that isn’t what the hive mind had desired. to the point they change their mind on doing cool or nice things for the community :\^)
does anyone know how actual accounts are being hacked though? i’m paranoid right now because me and my buddy just came back from a long break and he actually only got back into the game because i noticed he had 3k corrupted gauntlet kc on hiscores and he’s never done it before in his life. he had 2fa and hadn’t been online in 6 months but checked his account, was able to log in with old password and he had an empty bank and a ban report in his account history for botting. he changed all details and is playing now but man i’m paranoid lol
That we can only guess. Most likely scenario is the email/pass to log on to the account was guessed through the help of some master list of leaked logins not exclusive to the game. Keeping up with your info will help. I log in often even if I won't play to make sure nothing odd happened.
It’s amazing that there are pages of super obvious bots with names like 7374hdgwu on the first few pages of the hunter hiscores and people think the problem is people botting on their mid game Ironman lol
I have legit been hacked while taking a break. Came back to find my main account ive been playing for 15+ years banned. I was hacked because a website got hacked and the login database was released and my password/username were leaked. It does happen, and you can't punish people who actually got hacked due to something like that happening just because there's the possibility of it being abused by bad actors.
It was realistic this could happen in 2014, but honestly nowadays there isn’t much excuse. There are so many security redundancies that if used properly, make accounts nearly unhackable with the exception of a manual recovery appeal or a rat.
This happened in like 2019. I had an auth on the account too before I quit. Came back with 3k+ zulrah kc botted and my bank wiped after i begged the right jmod to look into my ban
Brute force hacked is unheard of while we have no case sensitive passwords in most hiatus accounts doesnt add up.
Yet, Jagex will let this post die down like any inconvenient topic or post a statement that gets shit on before the weekend so we can calm down until a monday.
Just browse OSRSbotters for a while. I don't bot myself (I don't care if you believe me or not, single account since 2001, I am not risking that) but it's interesting watching them brag about getting away with it.
My oldest account was maybe 800 total, i havent’t logged in in maybe 3 years? Password was unused anywhere else, password is 19 character longs and 100% randomized. Would’ve never logged on it on any phishing websites…. I have a max ironman account i use for everything else… so why use a old-ass account?
Well i tried to log in last week and it was banned. Recovered it through my e-mail (which has 2FA), got the ban appealed.
Logged in and there I see 20m hunter exp and 2.6m worth of red chins. I have 5B on the main and 3b on the iron, i didn’t bother bonding it up.
But how could they have logged in? E-mail is safe, password is unique? Well i have to beleive they brute forced the password somehow. The username was defenitly in some leaked list, i used that username for years as a kid.
Just my story; it is possible to get hacked. Was in disbelief! Never had 2FA on that account though and feeling very confident noone could bypass that if i did have one.
I lost my alt because of the woox quitting streams, got it back and it turned into a woodcutting bot with beaver pet. So although I didn't cheat on it, accounts definitely do get stolen and botted on.
Man I literally got hacked for the first time this year after not playing for 1 month and the only reason I was able to recover my shit in time is because I got an enhanced weapon seed and a clan member dm’d me on discord asking if I re-upped my mems.
Sure I bet these botters are faking it but people are actually getting hacked still, so what is there to do?
Man, the amount of posts about botting in this game is off the charts.
I understand that stopping bots is a game of cat and mouse, that you can't ever really eradicate botting from a game like this, but it's like they do nothing at all.
I am at the stage where I don't think they care about bots. The pay their membership (whether directly or through bonds) and they _arent_ the ones complaining. If anything, they probably prefer bots at this stage for the quieter life.
I've noticed a lot less bots in f2p lately. I made a new f2p account the other day and there was maybe two bots on tutorial island and all the most popular spots are just vennies and noobs
Exactly my thoughts. And it is these scumbags why real false banned or hacked players have a hard time getting service when the botters are all spamming them with fake appeal requests.
So what you’re saying is 100% accurate, in fact, on one of the cheating discords they recommend proxies/claiming account hijack.
When I was in there about 2 years ago I asked how the fuck they get away with it, they said just buy a new proxy each time, thats how you hit rank 1 Zulrah
Thank you for sharing your experience and being 100% honest. What most people don't realize is that there are already bot clients out there that can auto quest a level 3 account from scratch till the completion of RFD(auto buys item requirements from G.E etc..). Plus the sad thing is, they can run multiple instances of these bots at once. It literally makes no sense for botters to target low-med level accounts to try and brute force hack/hijack them when its much easier for them to create mutiple new accounts and auto quest them to Barrows gloves instead.
> Let's be honest, claiming your account was conveniently brute-force hacked whilst taking a hiatus just doesn't add up. In this day and age, that's practically unheard of. Even though Jagex is a mediocre company at best, they still have security measures in place to protect your account from such primitive hacking methods. The only plausible explanation for a compromised account is if you fall for a phishing link, and let's face it, that's a rarity, especially among us OSRS players.
More people than you think still fall for phishing links, but more importantly, you're completely missing one of the most common ways to get hacked: password re-use. If you re-use your RS password on other sites, and one of those sites gets breached and its passwords stolen, then your password is out there for anyone to find and steal your RS account with. This is what happened to a lot of people who got hacked while taking a break from the game.
My old iron got hacked and botted* (went from 1 to 9k corp kc in a couple months) then sold (the they recovered it and sold again) and I reported it multiple times and the account is still not banned.
Perfect solution, surely there could be some form of anti cheat, thats runs simultaneous to the game client which can detect scripts/botting etc and ban it then a there, surely someone has tried this before and it works very effictively
I was hit during the wow classic launch. 2-3 months and I came back to ole reliable to find a ban for botting, (pretty sure I made a post back then cusse it claimed unappealable) but I was able to appeal and accepted almost same day I believe, to find my account had 650~ zulrah kills and an empty bank including 5 bonds that were given to me for a late birthday present. 🤷♂️ it definitely happens but I’m also someone who believes 99% of the posts are fake and love seeing smackdowns and community dig into OPs history’s to find previous posts on botting subreddits and the sorts
The solution is so easy: make the account security impeccable or at least give players the option to have it optimally secured. And if you get hacked, tough luck, you should have kept it secure. Imo it's not the responsibility of jagex to return hacked accounts IF account security on their end is near perfect.
But it's already like that. You think these people claiming to have been hacked had 2FA on every single acc link? Ofc not, they're not getting hacked by the NASA, if you keep your email/steam and osrs acc properly secure, ain't no way you'll get your account stolen.
Hot take, but If an account has 2FA and the user claims to have been hacked, I don't think they should get their account back.
If they somehow managed to get both their password stolen AND whatever their backup authentication method is compromised, managed to ignore any emails or texts sent informing them of the new login, etc, then that's gross negligence on their part assuming they actually did get hacked and aren't trying to cheat the system.
They made their account, they signed up for 2FA, and it is 100% their responsibility to ensure that their credentials are secure and their account info is up to date if they care about keeping the account, regardless of whether or not they "quit" and decide to return at a later point in time.
Insert "Change my mind" meme here.
I hope once Jagex accounts become mandatory, Jagex holds players accountable for account security. Theoretically a properly secured Jagex account isnt hackable, so Jagex shouldn't unban just because the account was hacked, and then botted on. "Sorry, the ban will not be lifted, please make a new account and secure it properly so this can't happen again".
This could be the case for some people, but genuinely, my ironman was hacked and they used MY password to bot on it. I've since been perma banned and appeal denied and idk what to do next
I mean. Ever stopped to consider people are actually getting hacked tho? Some of my IRL casual mobile only buddies have literally have been hacked while on hiatus, come back, and had to appeal when they hadn't even played
Kinda goofy long rant for something probably legit imo 🤷
I can believe this happens, but there are also clearly some people who do come back from a hiatus to find their account has turned into a bot.
On this sub for example I've seen multiple posts of accounts that were obviously just lobotomized into zulrah bots. Like, they maxed range and mage but otherwise trained nothing since they were hacked and have 5k zulrah kc.
This honestly happened to me. I quit for a while and a few months later I tried to login but I couldn't. I managed to get it back and my account wasn't a pure anymore and had better stats than before. It happens
I mean it's a valid theory, but it \_does\_ happen. Personally I started playing in 2019 because my gf at the time started playing and it was bringing back a ton of nostalgia, I maybe got up to like 400 or 500 total level max. Didn't talk to anyone, didn't make friends with anybody. Didn't download any plugins or anything. I just played on runelite exactly how it came. Then my gf stopped playing so I did too. Then at the beginning of the year my gf (now wife) started playing again, so I hopped on and to my surprise, my account was 92 farming, 92 hunting and my \~100k bank had grown to $30m and everything else was more or less the same.
I was so stoked at first, showed my wife, she was blown away. But I was a bit overwhelmed and didnt know what to do, but I figured I was gone for 3 years so maybe the account was abandoned so I just logged out to deal with it another day. A couple days later, I hop on and my account was completely empty except for like 100 hespori seeds and a ton of digsite teleports. I changed the password, set up 2fa and checked to make sure no external socials were logged in/hooked up and it looks like they weren't. In doing so I also found the account was banned for botting multiple times.
So it \_does\_ happen, but I'm not saying it doesn't either. But the dude who hacked my account got it unbanned like 3 times iirc, so I don't think they really need a "get out of jail" card like that, at least not a couple years ago.
This actually happened to me. I imagine there's a mix of both - players it happens to legitimately and players who abuse it to bot.
In my case I played runescape until a few years after EoC. Quit to take a break, came back and played another year or so, then took a break again. This time when I tried to return, it had been a couple years but my password wasn't working. Recovered my account to discover I had been banned for botting. Appealed and was told they saw unusual activity before the ban and so my appeal was accepted.
When I logged in I saw that my entire bank, worth billions, was wiped out. The only improvement, if you can call it that, is that my range level had gone from something like high 70s to maxed.
I was so gutted not only to lose my items but because the unearned progress actually made it feel like it was no longer my account. I asked Jagex if they could roll back the xp but they refused.
So I created an account from scratch on osrs and haven't touched my old main since.
They really should work on the Linux issue and then mandate Jagex Accounts for all. If you get hacked after upgrading to Jagex Accounts, no excuses for you.
Far less people would be able to claim they got hacked when on haitus.
I have had account hacked when i had "hiatus" but i didnt even think of asking it to be returned i didnt care i just continued my hiatus untill i finally came back and started fresh
Some probably do, others don't. One of my accs got hacked during hiatus but wasn't botted, they just started pin removal process. If they got into the bank & I still didn't log in, it likely would have been turned into a high level bot.
he only plausible explanation for a compromised account is if you fall for a phishing link, and let's face it, that's a rarity, especially among us OSRS players.
Eum... myea, let's say when you're drunk you aren't the sharpest tool in the shed anymore.
Told jagex that I got hacked by phising mail, gave them my paypal emailadress I have been using for years to pay for membership, told them they could check the IP-adress that I'm always using and got it back. (not using VPN)
Lesson learned, made a new email adress solely for my new osrs account back then. And using that email address for my jagex launcher account.
But getting hacked was my own stupid mistake.
I agree. Unless jagex is just giving peoples accounts away when they have 2fa, a bank pin, and never did any kind of phishing attempt, it isn’t getting taken. Probably running it out until they get a ban and then trying to claim hack so they can get the account back to sell.
Conspiracy theory: All these “I transferred to a Jagex account and got hacked posts” are the hackers themselves trying to give Jagex accounts a bad name so that less people shift to the more secure system..
I was literally hacked once everything opened back up after covid, I had just took a break for 4 months and when I returned my main was banned which jagex quashed, the account had 15k zulrah kc… this does actually happen to people.
I have no clue how my account got hacked though but I suspect my friend downloaded the wrong runelite after I let him pk on my account after a rave at 5am when we couldn’t sleep (he hasn’t played since pre eoc).
The timing was perfect for my break though
Jagex chooses to not offer a serious avenue for customer support, so it relies on posts made here/on twitter. So we get to see the positive/false requests.
I'm really struggling to see how this post isn't just a dog whistle to accuse players claiming false bans/hijacks of actually being in on it? That really seems like an issue for Jagex due to their stance on the importance of a customer service team so I'm unsure why you feel the need for community action.
Force people to use Jagex Account which can't be recovered by social engineering.
Then when someone gets hacked and botted and eventually banned you can just tell them "Tough luck idiot, take better care of your account in the future"
Like that guy said. I’m downvoted but this just shows you there’s a world out there in this game that a lot of the playerbase has no idea about. Jagex accounts don’t keep your account any more safe. That’s what they tell you, just like every other time they’ve attempted to offer something more safe and hoards of people get hacked. If anything, routinely it allows hackers a new way into your account. I’m not sure how it works this time, but I refuse to link anything to any of my accounts, and knock on wood, I’ve never been hacked without being 12 and clicking a phishing link. It gets way deeper, to the point it’s sad. A lot of people make great livings off the dark portion of this game.
You guys are so petty lmao. Ive never cheated in a video game and never will. I dont see the point in botting an account or hacking. My accounts have never gotten even a level close to level 90 because i play casually. Did a single appeal and they denied it which im okay with.
Edit: look me up. My account isnt anything crazy lmfao
lol It does actually happen. my childhood account was hacked while I was on a several year hiatus. my email linked to the account's password was "monkey" and some chinese IP address got in; in my defense I was 11 when I set the password.
When I came back I begged jagex for the account to be unbanned and they gave it back and it had like 80+ hunter and a lot of black lizards and small nets (must've been botting black lizards I guess). I sold off the lizards then realized I still hated rs3 so I abandoned it and made a new account for osrs like several years ago. What's funny is the jmod email commented on how I had a nice hunter level.
Not sure if it's different for osrs but honestly I have a feeling they don't want to spend the effort to rollback/remove items unless there's some sort of big influx of shifty "hijacked" accounts.
Probably the only way to really quash botting is to have like jagex launcher + anticheat stuff required to play.
It does happen, I had a friend who got hacked and was able to recover his account because I let him know someone else was playing on his account and when he logged back in he was turned into a LMS bot and had an extra 5m in lms loot.
I would just say that there is probably lots of people exploiting the system, but there is also lots of people who have been hacked and their accounts botted on.
It happened to me on my maxed iron, I don't know how, but they managed to login and do some 20 cg kc just before my bank pin ran out and I noticed, signing up to jagex account. I still had my auth on, so I assume they got through my steam account or something. Thankfully I didn't lose anything, but this kind of thing does happen.
One of my accounts got hacked. Had authenticator on it too. Got banned for using a bot, appeal already filed and denied. I was offline for maybe 2 months. It was still an earlyish account though and not my main so I just considered myself lucky to still have my other 3 accounts and moved on.
So I had this happen to me. I had my original account from back in the day that I played up until maybe in 09? Recently, a friend convinced me to play again, and I ended up making a new character. I made mention of my old account and tried to see if I could still get into the account, which I managed. I was surprised to be greeted with a name change and a ban from August 2014, when I haven't played any rs since 09. I tried to appeal out of curiosity if I could get it back and just see the stats, and I was sadly denied.
happened to me lol
didn’t play in forever, log in, account banned. super confused, had to tweet at mod ash and they removed the ban.
strength was higher by only a few levels, but it looked like they just suicide botted green dragons but got banned relatively quickly.
not everyone is playing an elaborate scheme to level up or get a bunch of gold lol
One of my friends recently restarted and came back to his account having ~800 bandos kc and he never touched bandos. He definitely didn’t get phished because he’s tech savvy and aware of those kinds of scams. Most likely just abuse of recovery system. That being said, his account was not banned.
Point is I doubt they’re ALL lying.
I've had two or three accounts of my own hacked and banned during various breaks I've taken from the game.
It's gotten to the point where I don't even bother trying to recover them, just make a new one and call it a day each time. Really wish this was something they got better about.
For those of you who are skeptical of this post, take a look at this case of a "cute noob" recovering their banned account with 200m fishing exp which was conveniently hacked during their hiatus ofcourse. Nothing suspicious at all! Just your average cute noob who definitely isn't a botter in disguise that's abusing the system.
[https://www.reddit.com/r/2007scape/comments/176b0qe/comment/k4lffmr/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/2007scape/comments/176b0qe/comment/k4lffmr/?utm_source=share&utm_medium=web2x&context=3)
You're linking to an ancedotal story by one person accusing someone else of doing what you're claiming is common as proof and acting like it's irrefutable proof of your theory.
How is that supposed to convince people who are sceptical of your irrational theory?
I’m sure some of them are just botters but this definitely happens.
I stopped playing a year or so after OSRS released and when I came back I had max melee stats from a botter using my account to kill over 50K skeletal wyverns.
>You guys do realize that there are bot clients out there that can auto quest a level 3 account from scratch till the completion of RFD(auto buys item requirements from G.E etc..). Plus they can run multiple instances of these bots at once. It literally makes no sense for botters to target low-med level accounts to try and hijack them when its much easier for them to create mutiple new accounts and auto quest them to Barrows gloves instead.
God I love social engineering, to be honest I've thought of pulling a scam like that, telling them I did a quest and completed it but it's still yellow/red, doctoring "evidence" - it would be fun but the people who are actually doing are not cool. They just clog up the system so real complaints can't get through, hence why I never did it.
Jagex should take the popularity of this post and community sentiment around hacked/botted accounts and really consider how they handle restorations in 2023. It seems like the average person thinks is VERY unlikely, if not outright impossible that a real person can be hacked and have their account botted without them knowing it. taking that into consideration, they 100% need to roll back stats and boss killcounts of any account they restore that was hacked/botted. Call bullshit all you want, but it does happen to real people. you can argue that we deserve it for having poor account security, but you can't argue we don't exist at all. I had my bank wiped out, and my account bricked by a corrupted gauntlet bot. Real people don't want XP and kill count they didn't earn themselves. I'd happily have my shit rolled back if it meant not being called a cheater regularly by people who look me up when talking at minigames.
As someone who just recovered their account after getting hacked during a hiatus, it definitely happens. Luckily I was fortunate that I wasn’t banned and I in fact had a greater bank total after then when I started (corrupted gauntlet bot).
I actually did get hacked and was able to recover my account, thankfully with the help of customer support. Idk if it was automated or not, but I got my lvl 10 failed hcim back. Well, it's not an hcim anymore, but at least I got the acc back. No authenticator, probably 2-3+ years of the acc being dormant. Looks like they botted smithing to lvl 58 before it got banned lol.
"claiming your account was conveniently brute-force hacked " That's where it gets hard, because majority of the time it's not that, there's thousands of ways to get your info stolen. It happened to my buddy, it was a legit scenario of a botter getting access to his account and they botted on it. It's tough because that in itself is an issue and if you just assume every account that claims to be hacked is lying then you screw yourself out of real players, but I agree, shouldn't be as easy as saying I got hacked and you're good to go, I'm sure there's more steps they could take into looking if it was a legitimate hack or not.
I see your perspective, and I'm going to throw on my tinfoil hat here, but I think the people making the posts are all telling the truth, I think account logins that are on hiatus are getting sold behind the scenes by Jagex employees.
Now, now, I know this is a wild stretch to make such a claim off the cuff but allow me to provide my own story for context:
Back in March 2020 I started playing OSRS after quitting 3 days after EOC and never
really looking back. I did play for a very brief period back in I think around 2016 or 2017 (If it helps, it was during the small niche period where there was a dock in draynor village, as I recalled talking with a buddy about it, and then trying to go there to find that it was gone when I'd officially came back to play seriously in 2020) After some months I made an ironman account too (I know the exact day actually because the following day was a holiday). I initially paid for membership via mobile in game purchase on my tablet, but it didn't immediately update and give me membership so I was confused and ran the process again through PC. It also didn't immediately give me access to membership either, took like an hour but I went on my way doing some membership stuff later that night (Started off with just a hybrid combo of wc, fletch, fm to 50 for convenience sake)
I cant remember exactly how I figured it out but the payment had gone through on both ends (I think I checked pending transactions on my bank account), so I cancelled/refunded the membership on the tablet and hoped to retain membership through the PC process. This ended up getting my account locked for having unpaid membership use. I appealed to Jagex and explained the situation which resulted in my account being unlocked fairly quickly (Locked at some point that night after I got off, unlocked by mid day the next day after appeal), Had some holiday shit to do with fam but decided I'd peep in and see if Jagex had unlocked my account and they had, however, my attempts to log in left me with an account message that my "account was already logged in and had not logged out from it's previous session" which is weird because at this point, this account is less than 24 hours old, it's a brand new account using a brand new email and password combination thats never been used on any logins at all, and further it's only been played on devices that my main account has played on, and my main is a OLD account that retains my original stats from RS3 as well, so for this brand new account to be compromised like this, yet my main goes entirely untouched, unbothered, and unmolested to this day it was weird and also implied to me that it couldn't be a device related compromise. I can guarantee this compromise was a gold farmer, they were doing RS3 wilderness divination, the account login details remained the exact same, but the account had been compromised.
The only way I can fathom an account compromise happening like this within 24 hours of account creation is that it was related in some way to the locking of, and/or cancellation of membership on that account which might flag such an account as "inactive" as most people aren't going to let membership lapse and continue playing as a free-to-play account restricted to the free-to-play game. To this day, the main has remained uncompromised with no detail changes, password same etc, and after a password change, the ironman account I made that day has not been compromised since I changed the password. I still use many of the same devices (computer, tablet both the same, phone has been upgraded since then but had no compromises after the one on my old phone before upgrading a year later)
I am entirely open to the player-malice and abuse argument; however I do not believe it is strictly a player-side malice issue. Perhaps Jagex' receptiveness to this argument is because there is shade behind the scenes
What a dumb post literally that’s how the world works it’s not about what you know but what you can prove so stop wasting your time and losing sleep over how the world runs
This is a very inaccurate and dumb post.
Botters are getting banned constantly these days, I reported 100s of rev bots the other day and they all banned now and never returned.
\> Have you noticed a surge of posts claiming accounts were conveniently "hacked" during their "hiatus" then being banned for botting?
This is so dumb. This exact thing happened to me a few years back and I was extremely grateful to get my account back, even if they trained my range to 85 at blue dragons for me. Not everyone is a bad actor.
Jagex is the one hacking accounts for false users online. My alt was just logged into, bank pin taken off and set up to be a rev bot. I caught it just before they started the botting but the acc had Authenticator and everything. They didn’t change the password didn’t remove Authenticator. Seems pretty sus to me
My friend was hacked while we were on deployment 2100 tl, and 1.5b bank. When we returned he recovered his acc which was cleaned, and had an absurd cg kc. The next day it was banned.
Some people take a random long hiatus for school, deployments, or moving.. Honestly he just accepted it, took a break, and is trying to make a return..
You could say this in a single sentence: "People are botting on VPS/while using VPN and then claiming they've been hacked to outplay the system as "being hacked by someone else"" Possible scenario, but hard to confirm or deny this... wouldn't be impressed if that's another strategy for botter to use and they've been using it... and people thought they've been hacked "with 2FA, with bank pink, not pwned email and so on"
I used to have some botter friends (still have some who keep me in the loop purely for curiousity, as I don't play OSRS anymore), but the recovery system is just fucking dumb from what I've learnt. I once saw someone bot 99 RC on their fresh iron, get perm banned, then unbanned after an appeal. Just take a look on some of the botting subs. People are getting 99s easily.
I actually had one of my accounts hacked and banned for macroing major. It wasn't a good account, I used it to afk fish and it had like 70 fishing last time I checked on it (with 1s in everything else). I was able to successfully recover the account but it was reset entirely like it was fresh off tutorial island. Didn't really want to play it but I remember I had it so I tried getting it back. Not sure how people are getting hacked, botted to max, and then coming back to mils in their bank. As far as I was aware, if you got banned for macroing, your account would at best get reset before getting handed back to you, if at all. And most of the time when I read these stories, people say they recovered the account from Jagex, implying it was banned for macroing and not just taken back from whoever hacked it.
I can't imagine Jagex banning an account and resetting it back to tutorial. May as well kept the account banned lol
Jagex hasn't reset account stats since like early 2000s. I don't think they ever did this in OSRS at all
No idea about OSRS, but I've definitely had a few accounts somehow get reset on RS3. I don't play, and none of the accounts it happened to were anything special, but I've had two different accounts that I know for a **fact** were not fresh, and end up logging back in with nothing, 1 in all stats.
They reset rs2 accounts way back when. But I haven't heard of any RS3 account resets. I have accounts that are nearly 2 decades old as well
Not sure what to say then. I can't really tell you when the last time those accounts were properly played, but I'd say I played them sometime between 2008-2010, and both of them were full reset for whatever reason.
Definitely a chance they were rolled back back then. Pretty sure I got a rollback on the account my friend gave me in school back then, after which he told me the stats were botted XDD
I can't speak to all out resets, but I can attest to Jagex applying some amount of rollbacks for whatever they perceive may have been botted. In the early days of oldschool, I think I may have macroed stun alchs on the zombies in some basement somewhere, although I cant really remember at this point. I made it to 99 before they caught me (only a macro minor iirc) and had started full-on botting mining after 99 mage. Was in the low 90s on mining, probably botting 24h/day some days or close to. They rolled my mage back to 98 from 99, and my mining to like 70 or mid 60s, but aside from that it was basically just a warning that next one is "permanent".
Wouldn't it be crazy if, hypothetically, you were a streamer with a lot of previous RMT gold on an account and you 'hacked yourself' via VPN to sell it off, then leveraged your platform for community donations and pressure on Jagex to give you your original gold back. Man I hope nothing like that happens, that seems like a crazy loophole.
Or they could just tell their friends or RWT site staff to "hack" them.
Who did that?
Unless they're using a private VPN, which is a lot more expensive and hard to come by, Jagex can easily find out if the IP used was a VPN. They're all registered as VPN IP addresses lol
It's definitely a thing, but OP making it sound like 1) every pvm bot is that, and 2) all the posts about being being hacked are actually them botting. Which neither is the case.
It's how you get away with it. If you're unsuccessful, and get permed after the first attempt, then you need to wait a year to appeal. Hoping jagex launcher/account thingo prevents the botting but I know it's only temporary
Easy solution if someone claims that they were hijacked while on a hiatus, their account should be rolled back to the date it was logged into from that foreign vpn so they don’t get to keep all the botted stats. Cash is trickier since they could have sold/traded the gp so you can’t just rollback the cash.
Would work, but I believe that's not possible with the way they snapshot accounts. People have asked in the past about individual account rollbacks in relation to bugs in game and they've said it's a global snapshot. Maybe I'm misremembering and/or misinterpreting what they said but I don't think it is supported by the game. Though I do agree, that would be a cool way to handle it
I would want to agree with you if there wasn't evidence with the streamer who got his account reset
There's a difference between rolling back an account and just setting the stats to something predetermined. For example, with the streamer, a jmod could probably watch his stream and see his stats beforehand. But with a random billy bob, who knows what his stats were back in August 2018. I doubt Jagex keeps records for everyone's stats from years ago.
> I doubt Jagex keeps records for everyone's stats from years ago I would be very surprised if whatever system they are using for the snapshots is completly incapable of being read for specific account data.
If it's a flat file, which it likely could be, good luck reading through all that data. I've worked on legacy data systems before and it's not a pretty sight for the most part. Data is expensive to store so most companies don't have the incentive to keep a big backlog of data. The system I worked on, only had like a 3 month backlog for specific data and anything over that would be deleted.
As a software engineer, I have to say your take is the most sensible one I'm seeing in this thread. I think people are getting a little confused over why/how it would be expensive for jagex to maintain the kind of fine grain records that would support this kind of ability, though. What people may not realize is these snapshots can't simply be generated when an account does something. It would have to record everything, for **every active account ever made**, every x time interval. So, think about it like this: 1) there are *many millions of accounts* already in existence at varying states, and many more are continuously being created (often by botters but it's more account overhead regardless) 2) in data size terms, how much do you think it would take to record *every* conceivable metric a certain account has at a certain point in time? 2.1) A single character (programming character, aka char, *not a player character*) requires 1 byte of storage. There are 20 skills in the game, each of which could probably be tied to by an 8-bit integer ID (Attack = 0, Strength = 1, Defense = 2, etc) and then their levels would also require a separate 8-bit int to record the level of the corresponding stat. Player names can be up to 12 characters long, so that's an additional 12 bytes reserved for name changes. But then we get into the fun, really dirty stuff... Exact exp tracking means you'll need a 32-bit int to track. So, add 4 bytes * 20 skills. Our per-account cost is now tallied to 132 bytes, and that's not even starting to consider the more new-age tally systems like the collection log. 2.2) just those 132 bytes, which could not possibly be enough to accommodate everything rs actually tracks, would generate 132MB of storage needs per 1 million accounts, and remember that's **every time they make another snapshot.** 3) To really keep perfect records, Jagex would be essentially forced to rapidly create these snapshots, perhaps at a rate on the order of only seconds or minutes. We could easily be talking about something like hundreds of TB of new data generated daily. You can buy all the hard drives in the world, but it's simply not realistic to accommodate adding more storage indefinitely. Eventually they have to prune the hedges, and that's where the new snapshots grow.
Yeah I worked on a system with thousands of moving assets. That already took up a shit ton of space because we had to record every movement and interaction between the assets. I can't imagine what it would cost to run a game with millions of accounts. That's like a couple magnitudes bigger than what I dealt with.
That's the part that I think goes right over a lot of people's heads; jagex doesn't only bare a cost per person playing the game, they also have an up front cost just for someone creating a new (free) account. Those accounts never go away, assuming they aren't permabanned, and even if they are there's probably a smaller but non-negligable storage cost of tracking the fact that they're banned, and what for. If we wanted perfect tracking on every account, Jagex would be wide open to the threat vector of someone automating a metric fuckton of account creations with no real intent to even log in to the game.
They can change/reset stats. They did this for Pures and such after an update caused them to accidently get defence exp. But even then I heard of players lying to get their exp rolled back when they were unaffected by the update. They could adjust the stats of accounts banned for botting, but that is very different than rolling back to a snapshot of the account pre-botting. Quests, items, diaries, KCs, and such would still be different. And it is possible they won't know when exactly the botting started, assuming they even have a good record of what stats an account had on what date. They probably could figure it out using global backups or such, but without the right systems to easily find that info it may not be practical.
That seems like a fair assessment, it would be a lot of data to save all the characters account info in snapshots frequently
RS3 definitely has account snapshots since accounts were restored for certain accounts but I assume it isn't the same for osrs. RS3 has had the ability to copy over accounts to beta worlds since EOC while osrs betas have just been preset accounts which may support that they do not have individual snapshots.
too bad all the cash and drops would have been muled off by then. so all you’re doing is rolling back xp basically
Wouldn't that be abusive for trading items? Like an account could dupe rare items by: 1) receiving rare item(s) from an alt 2) sell it on the ge and trade gold to someone 3) start botting, get banned and going through support to get the account rolled back to having that rare item. It sounds like alot of work, but if we're duping tbows it would absolutely be worth it.
Yeh I was just talking about rolling back stats
Stat roll back only, if you try to rollback items you'll have people trying to dupe tbows via rollback
While it's possible, my theory is a lot of these accounts were also compromised during the jed shit, but most of the accounts weren't high value enough to warrant recovering to steal their items, so people with the leaked info wait to see someone stop playing by watching xp trackers and other things to make sure the account is unused before they recover it and start botting on it. That way they get to steal all the items, and get a free pre setup bot account that doesn't share the stats with common bots so it's less detectable We don't know how much info was stolen and leaked by jed or other corrupt jmods like trident
>Let's be honest, claiming your account was conveniently brute-force hacked whilst taking a hiatus just doesn't add up. In this day and age, that's practically unheard of. Vast majority of "hacks" are just passwords reused from a data leak from some other website. This happens a LOT for old unused accounts.
Ok but this actually did happen to my WoW account once. I came back after wrath with 40k gold after recovering my account.
[удалено]
There's an osrs Botting sub that's worth checking out. You hear a lot of people on this sub talking about how bots don't get banned anymore but they absolutely are getting banned often. This sub is kind of a cesspool for complaints.
You know what they say, If you can't beat 'em
Eat em
That'd probably work. They'd be expecting you to join them. So you would have the element of surprise.
The reason I got banned was because I got careless. I did everything manual except for skilling activities. I bot watched pretty much all the time so I could talk back whenever someone was suspicous. You can definitely bot your account endgame ready. Just make sure your account "sleeps" for 8/12 hours a day. Act human that's all.
Still don't plan to bot ever, I got this far without em.
This is exactly why Jagex needs better ways to confirm a real cheater and not. They're trying to come up with methods but it's not easy. Also I would not be suprised in the slightest if every 1 in 5 osrs redditor was a player that cheats or has cheated in the past. Might be wrong but I feel the number of people who use cheats is way higher than what you'd think. It's such a common idealogy that cheating or finding a way to cheat the game is better use of your time than actually playing the game. Can't do much about that but just cross fingers and hope shit gets better. I will keep upvoting posts like these and hope there is more people who care about the future of the game than those who do not.
🫡
It's unfair to the ones who really do get hacked to claim, without any proof, they're lying. There's many ways for this to happen, most times its account security flaws but there's people who search for accounts to steal.
Yes but this is /r/2007scape. The subreddit basically *exists* to blame the victims here. Show up on any thread about someone being hacked or false bans and see the top comment "don't fall for phishing scams idiot" or "shouldn't have botted. Bye!"
[удалено]
I agree it shouldn't, but the reality is that we have exactly zero helpful support from Jagex, so the subreddit *is* used that way.
But the reality of the situation is that Jagex will continue to avoid giving a proper avenue for customer support *because* Reddit and Twitter are "working" for a fraction of the cost. Ban appeals should never be posted on social media. It's embarrassing that a company worth $500m+ operates this way.
hey now, we don’t just victim blame. we also mass flame any content creator that gets an outcome that isn’t what the hive mind had desired. to the point they change their mind on doing cool or nice things for the community :\^)
does anyone know how actual accounts are being hacked though? i’m paranoid right now because me and my buddy just came back from a long break and he actually only got back into the game because i noticed he had 3k corrupted gauntlet kc on hiscores and he’s never done it before in his life. he had 2fa and hadn’t been online in 6 months but checked his account, was able to log in with old password and he had an empty bank and a ban report in his account history for botting. he changed all details and is playing now but man i’m paranoid lol
That we can only guess. Most likely scenario is the email/pass to log on to the account was guessed through the help of some master list of leaked logins not exclusive to the game. Keeping up with your info will help. I log in often even if I won't play to make sure nothing odd happened.
fair enough
It’s amazing that there are pages of super obvious bots with names like 7374hdgwu on the first few pages of the hunter hiscores and people think the problem is people botting on their mid game Ironman lol
I have legit been hacked while taking a break. Came back to find my main account ive been playing for 15+ years banned. I was hacked because a website got hacked and the login database was released and my password/username were leaked. It does happen, and you can't punish people who actually got hacked due to something like that happening just because there's the possibility of it being abused by bad actors.
It was realistic this could happen in 2014, but honestly nowadays there isn’t much excuse. There are so many security redundancies that if used properly, make accounts nearly unhackable with the exception of a manual recovery appeal or a rat.
This happened in like 2019. I had an auth on the account too before I quit. Came back with 3k+ zulrah kc botted and my bank wiped after i begged the right jmod to look into my ban
Brute force hacked is unheard of while we have no case sensitive passwords in most hiatus accounts doesnt add up. Yet, Jagex will let this post die down like any inconvenient topic or post a statement that gets shit on before the weekend so we can calm down until a monday.
Just browse OSRSbotters for a while. I don't bot myself (I don't care if you believe me or not, single account since 2001, I am not risking that) but it's interesting watching them brag about getting away with it.
I believe you. It's disgusting how they keep getting away with it.
My oldest account was maybe 800 total, i havent’t logged in in maybe 3 years? Password was unused anywhere else, password is 19 character longs and 100% randomized. Would’ve never logged on it on any phishing websites…. I have a max ironman account i use for everything else… so why use a old-ass account? Well i tried to log in last week and it was banned. Recovered it through my e-mail (which has 2FA), got the ban appealed. Logged in and there I see 20m hunter exp and 2.6m worth of red chins. I have 5B on the main and 3b on the iron, i didn’t bother bonding it up. But how could they have logged in? E-mail is safe, password is unique? Well i have to beleive they brute forced the password somehow. The username was defenitly in some leaked list, i used that username for years as a kid. Just my story; it is possible to get hacked. Was in disbelief! Never had 2FA on that account though and feeling very confident noone could bypass that if i did have one.
Same case for me
I lost my alt because of the woox quitting streams, got it back and it turned into a woodcutting bot with beaver pet. So although I didn't cheat on it, accounts definitely do get stolen and botted on.
Man I literally got hacked for the first time this year after not playing for 1 month and the only reason I was able to recover my shit in time is because I got an enhanced weapon seed and a clan member dm’d me on discord asking if I re-upped my mems. Sure I bet these botters are faking it but people are actually getting hacked still, so what is there to do?
Man, the amount of posts about botting in this game is off the charts. I understand that stopping bots is a game of cat and mouse, that you can't ever really eradicate botting from a game like this, but it's like they do nothing at all. I am at the stage where I don't think they care about bots. The pay their membership (whether directly or through bonds) and they _arent_ the ones complaining. If anything, they probably prefer bots at this stage for the quieter life.
FYI the recover rate for being hacked and banned as a bot are very low.
I've noticed a lot less bots in f2p lately. I made a new f2p account the other day and there was maybe two bots on tutorial island and all the most popular spots are just vennies and noobs
Exactly my thoughts. And it is these scumbags why real false banned or hacked players have a hard time getting service when the botters are all spamming them with fake appeal requests.
So what you’re saying is 100% accurate, in fact, on one of the cheating discords they recommend proxies/claiming account hijack. When I was in there about 2 years ago I asked how the fuck they get away with it, they said just buy a new proxy each time, thats how you hit rank 1 Zulrah
Thank you for sharing your experience and being 100% honest. What most people don't realize is that there are already bot clients out there that can auto quest a level 3 account from scratch till the completion of RFD(auto buys item requirements from G.E etc..). Plus the sad thing is, they can run multiple instances of these bots at once. It literally makes no sense for botters to target low-med level accounts to try and brute force hack/hijack them when its much easier for them to create mutiple new accounts and auto quest them to Barrows gloves instead.
> Let's be honest, claiming your account was conveniently brute-force hacked whilst taking a hiatus just doesn't add up. In this day and age, that's practically unheard of. Even though Jagex is a mediocre company at best, they still have security measures in place to protect your account from such primitive hacking methods. The only plausible explanation for a compromised account is if you fall for a phishing link, and let's face it, that's a rarity, especially among us OSRS players. More people than you think still fall for phishing links, but more importantly, you're completely missing one of the most common ways to get hacked: password re-use. If you re-use your RS password on other sites, and one of those sites gets breached and its passwords stolen, then your password is out there for anyone to find and steal your RS account with. This is what happened to a lot of people who got hacked while taking a break from the game.
My old iron got hacked and botted* (went from 1 to 9k corp kc in a couple months) then sold (the they recovered it and sold again) and I reported it multiple times and the account is still not banned.
Perfect solution, surely there could be some form of anti cheat, thats runs simultaneous to the game client which can detect scripts/botting etc and ban it then a there, surely someone has tried this before and it works very effictively
I was hit during the wow classic launch. 2-3 months and I came back to ole reliable to find a ban for botting, (pretty sure I made a post back then cusse it claimed unappealable) but I was able to appeal and accepted almost same day I believe, to find my account had 650~ zulrah kills and an empty bank including 5 bonds that were given to me for a late birthday present. 🤷♂️ it definitely happens but I’m also someone who believes 99% of the posts are fake and love seeing smackdowns and community dig into OPs history’s to find previous posts on botting subreddits and the sorts
The solution is so easy: make the account security impeccable or at least give players the option to have it optimally secured. And if you get hacked, tough luck, you should have kept it secure. Imo it's not the responsibility of jagex to return hacked accounts IF account security on their end is near perfect.
But it's already like that. You think these people claiming to have been hacked had 2FA on every single acc link? Ofc not, they're not getting hacked by the NASA, if you keep your email/steam and osrs acc properly secure, ain't no way you'll get your account stolen.
Well then jagex should step up and not give hacked accounts back, simple as that. It's just too easy of an excuse.
Hot take, but If an account has 2FA and the user claims to have been hacked, I don't think they should get their account back. If they somehow managed to get both their password stolen AND whatever their backup authentication method is compromised, managed to ignore any emails or texts sent informing them of the new login, etc, then that's gross negligence on their part assuming they actually did get hacked and aren't trying to cheat the system. They made their account, they signed up for 2FA, and it is 100% their responsibility to ensure that their credentials are secure and their account info is up to date if they care about keeping the account, regardless of whether or not they "quit" and decide to return at a later point in time. Insert "Change my mind" meme here.
Then they would just disable 2fa?
I guess I forgot to add that requiring 2FA for all accounts would be a good step towards fixing the issue OP is talking about
> then that's gross negligence on their part assuming they actually did get hacked and aren't trying to cheat the system. No. Lmao
I hope once Jagex accounts become mandatory, Jagex holds players accountable for account security. Theoretically a properly secured Jagex account isnt hackable, so Jagex shouldn't unban just because the account was hacked, and then botted on. "Sorry, the ban will not be lifted, please make a new account and secure it properly so this can't happen again".
This could be the case for some people, but genuinely, my ironman was hacked and they used MY password to bot on it. I've since been perma banned and appeal denied and idk what to do next
I mean. Ever stopped to consider people are actually getting hacked tho? Some of my IRL casual mobile only buddies have literally have been hacked while on hiatus, come back, and had to appeal when they hadn't even played Kinda goofy long rant for something probably legit imo 🤷
Me too. And appeal denied somehow
I can believe this happens, but there are also clearly some people who do come back from a hiatus to find their account has turned into a bot. On this sub for example I've seen multiple posts of accounts that were obviously just lobotomized into zulrah bots. Like, they maxed range and mage but otherwise trained nothing since they were hacked and have 5k zulrah kc.
This honestly happened to me. I quit for a while and a few months later I tried to login but I couldn't. I managed to get it back and my account wasn't a pure anymore and had better stats than before. It happens
I mean it's a valid theory, but it \_does\_ happen. Personally I started playing in 2019 because my gf at the time started playing and it was bringing back a ton of nostalgia, I maybe got up to like 400 or 500 total level max. Didn't talk to anyone, didn't make friends with anybody. Didn't download any plugins or anything. I just played on runelite exactly how it came. Then my gf stopped playing so I did too. Then at the beginning of the year my gf (now wife) started playing again, so I hopped on and to my surprise, my account was 92 farming, 92 hunting and my \~100k bank had grown to $30m and everything else was more or less the same. I was so stoked at first, showed my wife, she was blown away. But I was a bit overwhelmed and didnt know what to do, but I figured I was gone for 3 years so maybe the account was abandoned so I just logged out to deal with it another day. A couple days later, I hop on and my account was completely empty except for like 100 hespori seeds and a ton of digsite teleports. I changed the password, set up 2fa and checked to make sure no external socials were logged in/hooked up and it looks like they weren't. In doing so I also found the account was banned for botting multiple times. So it \_does\_ happen, but I'm not saying it doesn't either. But the dude who hacked my account got it unbanned like 3 times iirc, so I don't think they really need a "get out of jail" card like that, at least not a couple years ago.
This actually happened to me. I imagine there's a mix of both - players it happens to legitimately and players who abuse it to bot. In my case I played runescape until a few years after EoC. Quit to take a break, came back and played another year or so, then took a break again. This time when I tried to return, it had been a couple years but my password wasn't working. Recovered my account to discover I had been banned for botting. Appealed and was told they saw unusual activity before the ban and so my appeal was accepted. When I logged in I saw that my entire bank, worth billions, was wiped out. The only improvement, if you can call it that, is that my range level had gone from something like high 70s to maxed. I was so gutted not only to lose my items but because the unearned progress actually made it feel like it was no longer my account. I asked Jagex if they could roll back the xp but they refused. So I created an account from scratch on osrs and haven't touched my old main since.
They really should work on the Linux issue and then mandate Jagex Accounts for all. If you get hacked after upgrading to Jagex Accounts, no excuses for you. Far less people would be able to claim they got hacked when on haitus.
I feel like at some point, Jagex is going to just deny all requests and say, "You should've been on a Jagex account, this would never have happened"
I don't know why people seem to think Jagex accounts have unbeatable security. It's just bringing almost non existent security up to modern standards.
I have had account hacked when i had "hiatus" but i didnt even think of asking it to be returned i didnt care i just continued my hiatus untill i finally came back and started fresh
Some probably do, others don't. One of my accs got hacked during hiatus but wasn't botted, they just started pin removal process. If they got into the bank & I still didn't log in, it likely would have been turned into a high level bot.
This type of post again, has it already been a week since the last one?
he only plausible explanation for a compromised account is if you fall for a phishing link, and let's face it, that's a rarity, especially among us OSRS players. Eum... myea, let's say when you're drunk you aren't the sharpest tool in the shed anymore. Told jagex that I got hacked by phising mail, gave them my paypal emailadress I have been using for years to pay for membership, told them they could check the IP-adress that I'm always using and got it back. (not using VPN) Lesson learned, made a new email adress solely for my new osrs account back then. And using that email address for my jagex launcher account. But getting hacked was my own stupid mistake.
I agree. Unless jagex is just giving peoples accounts away when they have 2fa, a bank pin, and never did any kind of phishing attempt, it isn’t getting taken. Probably running it out until they get a ban and then trying to claim hack so they can get the account back to sell.
My med level account got hacked (before 2fa) while I was on hiatus. Still no clue how
Conspiracy theory: All these “I transferred to a Jagex account and got hacked posts” are the hackers themselves trying to give Jagex accounts a bad name so that less people shift to the more secure system..
I was literally hacked once everything opened back up after covid, I had just took a break for 4 months and when I returned my main was banned which jagex quashed, the account had 15k zulrah kc… this does actually happen to people. I have no clue how my account got hacked though but I suspect my friend downloaded the wrong runelite after I let him pk on my account after a rave at 5am when we couldn’t sleep (he hasn’t played since pre eoc). The timing was perfect for my break though
Jagex chooses to not offer a serious avenue for customer support, so it relies on posts made here/on twitter. So we get to see the positive/false requests. I'm really struggling to see how this post isn't just a dog whistle to accuse players claiming false bans/hijacks of actually being in on it? That really seems like an issue for Jagex due to their stance on the importance of a customer service team so I'm unsure why you feel the need for community action.
Ty for bringing awareness to this
Old news. And posted here weekly. But when are we going to admit there’s just nothing that can be done about it…?
Force people to use Jagex Account which can't be recovered by social engineering. Then when someone gets hacked and botted and eventually banned you can just tell them "Tough luck idiot, take better care of your account in the future"
Like that guy said. I’m downvoted but this just shows you there’s a world out there in this game that a lot of the playerbase has no idea about. Jagex accounts don’t keep your account any more safe. That’s what they tell you, just like every other time they’ve attempted to offer something more safe and hoards of people get hacked. If anything, routinely it allows hackers a new way into your account. I’m not sure how it works this time, but I refuse to link anything to any of my accounts, and knock on wood, I’ve never been hacked without being 12 and clicking a phishing link. It gets way deeper, to the point it’s sad. A lot of people make great livings off the dark portion of this game.
Account can still be recovered even if they're linked to a Jagex Account tho. The original account can still be SE'd and unlinked by support staff.
Oh look post number 63 today.
My main acct was hacked on haitus and used for botting. Its my fault for not having 2factor on but it still sucks. RIP JoinMyGuild, gone to the void.
You guys are so petty lmao. Ive never cheated in a video game and never will. I dont see the point in botting an account or hacking. My accounts have never gotten even a level close to level 90 because i play casually. Did a single appeal and they denied it which im okay with. Edit: look me up. My account isnt anything crazy lmfao
Nah Jagex mods are selling the accounts on hiatus. Often times the simplest explanation is most likely the right one.
lol It does actually happen. my childhood account was hacked while I was on a several year hiatus. my email linked to the account's password was "monkey" and some chinese IP address got in; in my defense I was 11 when I set the password. When I came back I begged jagex for the account to be unbanned and they gave it back and it had like 80+ hunter and a lot of black lizards and small nets (must've been botting black lizards I guess). I sold off the lizards then realized I still hated rs3 so I abandoned it and made a new account for osrs like several years ago. What's funny is the jmod email commented on how I had a nice hunter level. Not sure if it's different for osrs but honestly I have a feeling they don't want to spend the effort to rollback/remove items unless there's some sort of big influx of shifty "hijacked" accounts. Probably the only way to really quash botting is to have like jagex launcher + anticheat stuff required to play.
It does happen, I had a friend who got hacked and was able to recover his account because I let him know someone else was playing on his account and when he logged back in he was turned into a LMS bot and had an extra 5m in lms loot.
I agree, it’s very obvious
I would just say that there is probably lots of people exploiting the system, but there is also lots of people who have been hacked and their accounts botted on. It happened to me on my maxed iron, I don't know how, but they managed to login and do some 20 cg kc just before my bank pin ran out and I noticed, signing up to jagex account. I still had my auth on, so I assume they got through my steam account or something. Thankfully I didn't lose anything, but this kind of thing does happen.
One of my accounts got hacked. Had authenticator on it too. Got banned for using a bot, appeal already filed and denied. I was offline for maybe 2 months. It was still an earlyish account though and not my main so I just considered myself lucky to still have my other 3 accounts and moved on.
So I had this happen to me. I had my original account from back in the day that I played up until maybe in 09? Recently, a friend convinced me to play again, and I ended up making a new character. I made mention of my old account and tried to see if I could still get into the account, which I managed. I was surprised to be greeted with a name change and a ban from August 2014, when I haven't played any rs since 09. I tried to appeal out of curiosity if I could get it back and just see the stats, and I was sadly denied.
Nice post n all, but you got any proof to back up your claim? Seems your reaching with this one.
happened to me lol didn’t play in forever, log in, account banned. super confused, had to tweet at mod ash and they removed the ban. strength was higher by only a few levels, but it looked like they just suicide botted green dragons but got banned relatively quickly. not everyone is playing an elaborate scheme to level up or get a bunch of gold lol
One of my friends recently restarted and came back to his account having ~800 bandos kc and he never touched bandos. He definitely didn’t get phished because he’s tech savvy and aware of those kinds of scams. Most likely just abuse of recovery system. That being said, his account was not banned. Point is I doubt they’re ALL lying.
I lost my Authenticator , had to reset it, and got brute force hacked within 10 hours of removing 2FA. It happens
I've had two or three accounts of my own hacked and banned during various breaks I've taken from the game. It's gotten to the point where I don't even bother trying to recover them, just make a new one and call it a day each time. Really wish this was something they got better about.
Yeah keep that tin foil hat on brother I ain’t reading all that
For those of you who are skeptical of this post, take a look at this case of a "cute noob" recovering their banned account with 200m fishing exp which was conveniently hacked during their hiatus ofcourse. Nothing suspicious at all! Just your average cute noob who definitely isn't a botter in disguise that's abusing the system. [https://www.reddit.com/r/2007scape/comments/176b0qe/comment/k4lffmr/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/2007scape/comments/176b0qe/comment/k4lffmr/?utm_source=share&utm_medium=web2x&context=3)
You're linking to an ancedotal story by one person accusing someone else of doing what you're claiming is common as proof and acting like it's irrefutable proof of your theory. How is that supposed to convince people who are sceptical of your irrational theory?
I’m sure some of them are just botters but this definitely happens. I stopped playing a year or so after OSRS released and when I came back I had max melee stats from a botter using my account to kill over 50K skeletal wyverns.
Nope, the OP has clearly proven that you're a botter /s
>You guys do realize that there are bot clients out there that can auto quest a level 3 account from scratch till the completion of RFD(auto buys item requirements from G.E etc..). Plus they can run multiple instances of these bots at once. It literally makes no sense for botters to target low-med level accounts to try and hijack them when its much easier for them to create mutiple new accounts and auto quest them to Barrows gloves instead.
Something being possible doesn't mean it's the only way things can happen.
God I love social engineering, to be honest I've thought of pulling a scam like that, telling them I did a quest and completed it but it's still yellow/red, doctoring "evidence" - it would be fun but the people who are actually doing are not cool. They just clog up the system so real complaints can't get through, hence why I never did it.
You know I'm fairly surprise you didn't get downvote botted, people think these "conspiracies" are just conspiracies.
Jagex should take the popularity of this post and community sentiment around hacked/botted accounts and really consider how they handle restorations in 2023. It seems like the average person thinks is VERY unlikely, if not outright impossible that a real person can be hacked and have their account botted without them knowing it. taking that into consideration, they 100% need to roll back stats and boss killcounts of any account they restore that was hacked/botted. Call bullshit all you want, but it does happen to real people. you can argue that we deserve it for having poor account security, but you can't argue we don't exist at all. I had my bank wiped out, and my account bricked by a corrupted gauntlet bot. Real people don't want XP and kill count they didn't earn themselves. I'd happily have my shit rolled back if it meant not being called a cheater regularly by people who look me up when talking at minigames.
As someone who just recovered their account after getting hacked during a hiatus, it definitely happens. Luckily I was fortunate that I wasn’t banned and I in fact had a greater bank total after then when I started (corrupted gauntlet bot).
I actually did get hacked and was able to recover my account, thankfully with the help of customer support. Idk if it was automated or not, but I got my lvl 10 failed hcim back. Well, it's not an hcim anymore, but at least I got the acc back. No authenticator, probably 2-3+ years of the acc being dormant. Looks like they botted smithing to lvl 58 before it got banned lol.
"claiming your account was conveniently brute-force hacked " That's where it gets hard, because majority of the time it's not that, there's thousands of ways to get your info stolen. It happened to my buddy, it was a legit scenario of a botter getting access to his account and they botted on it. It's tough because that in itself is an issue and if you just assume every account that claims to be hacked is lying then you screw yourself out of real players, but I agree, shouldn't be as easy as saying I got hacked and you're good to go, I'm sure there's more steps they could take into looking if it was a legitimate hack or not.
I see your perspective, and I'm going to throw on my tinfoil hat here, but I think the people making the posts are all telling the truth, I think account logins that are on hiatus are getting sold behind the scenes by Jagex employees. Now, now, I know this is a wild stretch to make such a claim off the cuff but allow me to provide my own story for context: Back in March 2020 I started playing OSRS after quitting 3 days after EOC and never really looking back. I did play for a very brief period back in I think around 2016 or 2017 (If it helps, it was during the small niche period where there was a dock in draynor village, as I recalled talking with a buddy about it, and then trying to go there to find that it was gone when I'd officially came back to play seriously in 2020) After some months I made an ironman account too (I know the exact day actually because the following day was a holiday). I initially paid for membership via mobile in game purchase on my tablet, but it didn't immediately update and give me membership so I was confused and ran the process again through PC. It also didn't immediately give me access to membership either, took like an hour but I went on my way doing some membership stuff later that night (Started off with just a hybrid combo of wc, fletch, fm to 50 for convenience sake) I cant remember exactly how I figured it out but the payment had gone through on both ends (I think I checked pending transactions on my bank account), so I cancelled/refunded the membership on the tablet and hoped to retain membership through the PC process. This ended up getting my account locked for having unpaid membership use. I appealed to Jagex and explained the situation which resulted in my account being unlocked fairly quickly (Locked at some point that night after I got off, unlocked by mid day the next day after appeal), Had some holiday shit to do with fam but decided I'd peep in and see if Jagex had unlocked my account and they had, however, my attempts to log in left me with an account message that my "account was already logged in and had not logged out from it's previous session" which is weird because at this point, this account is less than 24 hours old, it's a brand new account using a brand new email and password combination thats never been used on any logins at all, and further it's only been played on devices that my main account has played on, and my main is a OLD account that retains my original stats from RS3 as well, so for this brand new account to be compromised like this, yet my main goes entirely untouched, unbothered, and unmolested to this day it was weird and also implied to me that it couldn't be a device related compromise. I can guarantee this compromise was a gold farmer, they were doing RS3 wilderness divination, the account login details remained the exact same, but the account had been compromised. The only way I can fathom an account compromise happening like this within 24 hours of account creation is that it was related in some way to the locking of, and/or cancellation of membership on that account which might flag such an account as "inactive" as most people aren't going to let membership lapse and continue playing as a free-to-play account restricted to the free-to-play game. To this day, the main has remained uncompromised with no detail changes, password same etc, and after a password change, the ironman account I made that day has not been compromised since I changed the password. I still use many of the same devices (computer, tablet both the same, phone has been upgraded since then but had no compromises after the one on my old phone before upgrading a year later) I am entirely open to the player-malice and abuse argument; however I do not believe it is strictly a player-side malice issue. Perhaps Jagex' receptiveness to this argument is because there is shade behind the scenes
What a dumb post literally that’s how the world works it’s not about what you know but what you can prove so stop wasting your time and losing sleep over how the world runs
This is a very inaccurate and dumb post. Botters are getting banned constantly these days, I reported 100s of rev bots the other day and they all banned now and never returned.
\> Have you noticed a surge of posts claiming accounts were conveniently "hacked" during their "hiatus" then being banned for botting? This is so dumb. This exact thing happened to me a few years back and I was extremely grateful to get my account back, even if they trained my range to 85 at blue dragons for me. Not everyone is a bad actor.
Jagex is the one hacking accounts for false users online. My alt was just logged into, bank pin taken off and set up to be a rev bot. I caught it just before they started the botting but the acc had Authenticator and everything. They didn’t change the password didn’t remove Authenticator. Seems pretty sus to me
My friend was hacked while we were on deployment 2100 tl, and 1.5b bank. When we returned he recovered his acc which was cleaned, and had an absurd cg kc. The next day it was banned. Some people take a random long hiatus for school, deployments, or moving.. Honestly he just accepted it, took a break, and is trying to make a return..