1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

Puppeteer.js Reddit account creation bot.

Discussion in 'HTML & JavaScript' started by Chatoyant, Sep 11, 2019.

  1. Chatoyant

    Chatoyant Newbie

    Joined:
    Aug 27, 2019
    Messages:
    3
    Likes Received:
    2
    Occupation:
    Loser
    Location:
    NA
    Hi all, new member here. Worked on putting together a reddit account creation bot as a side project. Found a marketplace where I could sell fresh accounts. Have been learning to make bots, and was excited to find a project that might make me a little bit of money. Unfortunately that didn't happen, but I don't want to give up yet.

    I want to go over what I put together, what I consider a success, then talk about potential problems that brought about me making 1200 accounts that all got shadow banned.

    Puppeteer.js
    So I built the bot using Puppeteer.js. I'm very much a novice coder, but the languages that I've been learning are Bash and Javascript. The first iteration of the bot that I made was fairly simple. It navigated to the old.reddit site and clicked through the sign up process. Each account was registered with a fresh cellular ip address being generated by my smart phone (on an Iphone using shortcuts automation to turn on and off airplane mode every 5mins), with a fresh chrome instance (no cookies), and bypassing the captcha by using a chrome extension. All automated. I generated about 900 accounts and then tried to upload the first batch to the marketplace. Got a reply that they were all shadow banned. Bummer. All accounts were getting banned after 24 hours.

    Where I thought I went wrong was frequency of creation, no user actions upon sign up, and after looking into the UserAgent anonymizer realized that all the account were signing up with the same anonymized UserAgent.

    I built a second iteration of the bot that had randomized UserAgents with randomized viewports, also a small amount of randomized actions after creation like viewing links, upvoting, and joining subreddits. The accounts were created slower, but at the rate of about 100 accounts a day. Different Ip's, different UserAgents, different actions. I thought for sure that these accounts would make it.

    They too got shadow banned.

    Where I think I'm still fucking up

    So my question is, how am I caught by the spam filter?
    1. Is it that I'm using cellular IP's from the same state?
    2. Could it be that they are all created in increments, at a rate of a bout 1 account every 10 mins?
    3. Could it be some sort of automated detection with the reCaptcha? The extension solves it by using the audio reCaptcha. Extension is called Buster.
    4. Could it be that they are siging up with the old website? It is used less.
    5. No accounts signed up with email. Would they be safe if they were email verified?


    I wish I knew what the issue was, I was excited about having a little semi-passive gig going.

    It's also worth noting that I made accounts on my iphone itself through the app in bursts of about 20 a day and they are all still clean. I may start doing this manually just so I can build up a batch of them, but I don't know how to automate that.

    Possible solutions.
    Maybe using rotating private proxies would be more successful?

    Does anyone know of a way to emulate an Iphone on a linux system? Like in a virtual machine, I don't know if that is possible. Even if I needed to have a macOS device, that could be attained. I just need something that I can automate iphone interactions with the reddit app.

    If anyone knows if this is possible, I'd love to be pointed in the right direction.

    I anyone has any questions about the bot, let me know.
     
    • Thanks Thanks x 2
  2. mojito56

    mojito56 Registered Member

    Joined:
    Apr 24, 2016
    Messages:
    54
    Likes Received:
    52
    Did you find a solution? Used puppeteer quite a bit for scraping, but not for social media botting. It's something I'd really like to get into though, but there aren't too many practical guides out there on how to remain undetected.
     
  3. jl125

    jl125 Newbie

    Joined:
    Oct 10, 2019
    Messages:
    22
    Likes Received:
    3
    Gender:
    Male
    Have you looked into puppeteer-extra?
     
  4. calculataur

    calculataur Newbie

    Joined:
    Mar 24, 2014
    Messages:
    13
    Likes Received:
    2
    puppeteer-extra is good, yes
     
  5. hakann

    hakann Jr. VIP Jr. VIP

    Joined:
    Oct 10, 2015
    Messages:
    107
    Likes Received:
    41
    Gender:
    Male
    Home Page:
    There are many techniques that sites are using
    to detect fake or botted traffic or accounts. The bigger
    the site the higher fraud detection they use.

    The most basic things are cookies and user profiles.
    It might be that your instances of browser are simply
    detected as brand new and very first thing they do
    is creating a new account.

    To fight that there is a thing called profile worm up.
    So your new instance firstly have to go to google and
    other sites so it creates some history and collects
    cookies from different sites. Only after some worm up
    you will be detected as "regular" user.

    But its just one thing you have to be aware of.
    There are other tehniques that detects you based
    on your graphic and audio card or based on how
    your browser renders picture. Google for:

    Flash
    WebRTC
    WebGL
    Canvas
    Audio

    regarding browser detection issues. All of them
    may expose you as a fake user, for example all
    your browser instances shared same canvas so
    targeting site marked all your instances as sent
    from same machine.

    There is workaround for every of these issues, but
    main thing is to figure out which of these ar used by
    targeted site, so you can react accordingly.

    Generally you can turn off those in your browser instances
    or add some noise to detected info over javascript in case
    that targeted site demands some of thesee turned on.

    Keep on learning and exploring and you will beat them
    eventually. Best of luck with your future projects.
     
  6. Sebastiann

    Sebastiann Newbie

    Joined:
    Apr 27, 2020
    Messages:
    34
    Likes Received:
    25
    Gender:
    Male
    1. You made all your accounts on the iPhone, so of course, they will know they are all the same.

    2. You should use 'puppeteer-extra' with 'puppeteer-extra-plugin-stealth' at a minimum, via Multilogin 5+ at ideal (included a demo of my boot scripts here: https://github.com/prescience-data/puppeter-browser ).

    3. Don't randomise user agents each session, create a config file and keep them all consistent for each identity (obviously vary them between identities though) .

    4. Yes, reCaptcha will generally be able to detect that you aren't making mouse movements and typing like a human if you just rely on the default Puppeteer commands. You should build a mouse pan script or even better record some mouse noise and play it in periodically. Don't just use `page.$('element').click()` without panning organically to it with some natural-looking curve etc. Additionally, make sure you add noise in the delay between keypress actions, ie don't just rely on `page.$('element').type('lorem ipsum', {delay: 8})` - build a function that presses one key at a time and vary the delay not only on the key-up/down, but also delays between individual keypress actions.

    5. Lastly, you will probably need to at least email activate them, I don't know if I would ever buy an account with no email attached to it, otherwise, you're forcing the buyer to do that part as well and your competition will generally provide email login/pass with the account. If you have figured out how to automate a signup for Reddit, automating an email registration with a non-phone-verified provider should be fairly straight forward as well.