Here is the third part of the tutorial.
- Part 1: Understanding http requests.
- Part 2: Making http requests with C#.
- Part 3: Making your bot less detectable.
In this part of the tutorial I wont be giving code samples because the implementation differs for each game. What you will find here are tips that you could apply in your code.
The easiest and probably the most important prevention is changing your user-agent. In most browser games the moderators are able to see with which browser your are connecting to the game. When making a bot you have the advantage that you can control all the requests, including the user-agent that is send.
This doesn’t mean however that you can enter anything you want. If your bot has an user-agent like “My Bot v1.0” you know for sure you will get banned soon.You should instead use an user-agent of an existing browser like Firefox, IE or Chrome. The user-agent below is from FireFox.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:184.108.40.206) Gecko/20110803 Firefox/3.6.20
When the game moderators now look at your user-agent it will look like you’re playing the game in FireFox.
A bot can get detected if the interval between each action is always the same. For example checking a building queue every 20 minutes. They will still have to watch your account manually to detect this but there is a change they will detect your bot. To solve this you can randomize the interval. When you want to use an interval of 20 minutes you could for example use a value that is -10% or +10% of this interval.
Adding some delays can also be very useful. By increasing the delays between requests your bot will work better on slower connections. It will also make it less detectable because because when the bot is a bit slower it will act more like an human.
When your bot can reconnect to the server when the connection is lost you should make sure the reconnect timer isn’t to short. When there is for example a server maintenance and your bot tries to reconnect every 10-30 seconds you will get a lot of failed login attempts. This will most likely result in a ban.
If you have a question or a tip/suggestion feel free to share them in the comments.