Pluginscape
← Back to blog
GuideInfrastructure

IP, proxies, and chain bans: the infrastructure side of account safety

April 24, 2026 · 10 min read

Most people think about bot detection as a per-account problem: does this account look like a bot? But Jagex also operates at the infrastructure level — linking accounts to machines, IPs, and each other. When one account falls, those links determine whether the rest go down with it.

The key linkage mechanisms:

random.dat — A 24-byte file the OSRS client writes to your home directory. It functions as a unique machine identifier (UID). According to community analysis, when Jagex runs mass bans, they frequently target UIDs rather than IP addresses alone. The client regenerates this file if it exceeds 25 bytes in length. A companion file, jagex_cl_oldschool_LIVE.dat, in the Jagex cache directory serves a similar identification purpose.

Every account that logs in from the same machine shares the same random.dat — and Jagex knows it.

IP address — Logged at account creation and at every login. Jagex has historically banned entire IP subnets during crackdowns, especially on popular VPS and datacenter IP ranges. Accounts that share IPs with banned accounts get flagged for review. Your IP history is permanent — a single login from a compromised IP creates a lasting association.

Jagex Account linkage — Since the rollout of the Jagex Launcher (2022-2024), multiple in-game characters can be linked to a single Jagex Account. While bans "in almost all circumstances" apply at the character level, the Jagex Account itself can be banned in specific cases — meaning every character under it goes down at once.

Trade and wealth graph — This is the one people underestimate. Jagex explicitly states that if any account obtained wealth through rule-breaking (botting, RWT), "all your accounts will be banned." They trace wealth movement through trade history, IP connections, and device linkage. Gold transferred from a bot account to your main creates a direct, traceable link. Items too.

Chain bans explained

A chain ban is when one account's ban cascades to other accounts through shared linkage signals. The typical sequence:

  1. Account A gets banned — behavioral detection, player report, or ban wave
  2. Jagex checks linkage — what machine fingerprint (random.dat UID) and IP addresses did Account A use?
  3. Associated accounts get flagged — every account that logged in from the same UID or IP is pulled for review
  4. Suspicious linked accounts get banned — accounts with any rule-breaking activity on those linked machines are swept
  5. Wealth tracing extends the chain — gold or items transferred from Account A to other accounts triggers further investigation, potentially pulling in accounts on entirely different machines

This is why a single careless login — running your main account on the same machine as a bot account without isolation — can destroy everything. The chain doesn't care that you only logged in "just to check something real quick." One shared UID, one shared IP, and the link is permanent.

Chain bans are also why muling is dangerous if done carelessly. The mule account touches both the bot accounts (receiving gold) and potentially your main (forwarding gold). It becomes the bridge that connects accounts you intended to keep separate.

Residential vs. datacenter proxies

The proxy landscape for OSRS has shifted decisively toward residential IPs. Here's why each option performs the way it does:

Datacenter proxies are cheap ($1-5/month) and fast, but their IP ranges are well-documented and many are already flagged. Jagex has been aggressive about banning entire datacenter subnets. If your proxy IP was previously used by other botters — and on a shared datacenter proxy, it almost certainly was — your account inherits that IP's reputation from day one.

Residential proxies use IP addresses assigned to real ISP customers. They're significantly harder to distinguish from legitimate players connecting from home. More expensive ($5-15/month per IP), but the reduction in IP-based detection is dramatic.

VPNs — especially free or public ones — are the worst option. Their IPs have extensive botting histories across potentially thousands of users. Many popular VPN exit nodes are already on Jagex's flagged list. A VPN IP is often more suspicious than no proxy at all.

Best practices for proxy usage:

  • One proxy IP per account — never share IPs between accounts that need to be isolated. This is the single most important rule. Shared IPs are the primary chain ban vector
  • Match proxy geography to your play pattern — a sudden jump from a US residential IP to a Singapore datacenter IP triggers location anomaly flags
  • Prefer SOCKS5 over HTTP proxies — OSRS uses a TCP-based game protocol, and HTTP proxies can cause dropped packets and connection instability
  • Create accounts from the same proxy you'll play on — IP consistency from creation through play reduces anomalies. An account created on a US IP that immediately starts playing from a German IP looks suspicious
  • Check proxy reputation — some providers offer "virgin" IPs that haven't been used for gaming. A clean IP with no prior OSRS botting history starts with a neutral reputation instead of a negative one

The random.dat ritual

Deleting machine fingerprint files between sessions is the primary defense against UID-based chain bans. The key files:

Minimum cleanup:

  • Delete random.dat from your home directory — this is the primary machine UID
  • Delete jagex_cl_oldschool_LIVE.dat from the Jagex cache directory — the secondary identifier

Full cleanup:

  • Wipe the entire Jagex cache directory — forces a complete re-download of game assets but eliminates all stored identifiers and any other tracking files

This cleanup needs to happen every time you switch between accounts that need to be isolated from each other. Log out of Account A, delete the files, then log into Account B. The fresh client launch generates new identifiers with no link to the previous session.

Various community tools automate this process — scripts that wipe the relevant files and directories on a schedule or between client launches. The specific tool matters less than the discipline of doing it consistently.

The critical rule: never log into your main account and a bot account from the same machine without wiping these files in between. One shared UID creates a permanent, irrevocable link in Jagex's database. There's no way to undo it after the fact.

VM isolation for multi-account setups

For serious multi-account operation, Virtual Machines provide the strongest isolation available. From Jagex's perspective, each VM looks like a completely separate computer with its own fingerprint.

The setup:

  • Clone a base VM image (VMware Workstation, VirtualBox, or similar) and deploy one to two accounts per VM instance
  • Each VM connects through its own dedicated proxy — different VM, different IP, no overlap
  • random.dat is unique per VM, generated fresh on first client launch
  • Network traffic from each VM exits through a different IP via per-VM proxy configuration

This gives you hardware-level isolation. The accounts in VM-A share no fingerprint, no IP, and no file system with the accounts in VM-B. A ban in one VM has no linkage path to accounts in another.

The lightweight alternative: If full VMs are too resource-heavy, separate OS user profiles provide partial isolation. Each user profile has its own home directory — and therefore its own random.dat — though the underlying hardware fingerprint and external IP remain shared unless you also configure per-profile proxy routing. It's better than nothing but weaker than full VM isolation.

VM detection: It's theoretically possible for the game client to detect that it's running inside a VM through hypervisor artifacts. However, community consensus is that Jagex doesn't actively check for this. Running in a VM is not itself evidence of botting — plenty of legitimate players use VMs for various reasons. The isolation benefit far outweighs the theoretical detection risk.

Resource planning: Each OSRS client instance needs roughly 512MB-1GB of RAM and minimal CPU. A machine with 16GB of RAM can comfortably run 8-10 lightweight VMs. Use a minimal OS install (no desktop environment beyond what the client needs) to reduce overhead.

Mobile and emulator approaches

An alternative infrastructure path worth mentioning: running the OSRS mobile client through Android emulators like BlueStacks or LDPlayer. This sidesteps the desktop client's fingerprinting entirely — different input model (taps instead of mouse trajectories), different process signatures, different machine fingerprint mechanism.

Emulators generate their own device identifiers independent of the host machine's random.dat, providing natural isolation between the emulated environment and any desktop client instances. Each emulator instance can also be configured with its own proxy.

Community ban-rate reports for emulator-based approaches are generally favorable, though limited in sample size. The input patterns are inherently different from desktop botting — tap-based interaction has its own behavioral characteristics that Jagex's detection models may evaluate differently. It's an entirely different infrastructure stack that warrants its own detailed breakdown in a future article.

Pluginscape's HWID licensing means one license per machine — but your infrastructure setup beyond the plugin is your responsibility. Good plugins on bad infrastructure still get banned. This guide helps you get the infrastructure right so the plugins can do their job.

Further reading: Anatomy of an OSRS ban wave → · How to minimize the risk of getting banned →

Built-in antiban, out of the box

Every Pluginscape plugin ships with mouse humanization, session management, and behavioral variance — so you can focus on gains, not configuration.

Browse plugins →

Continue reading

AntibanGuide· 14 min read

How to minimize the risk of getting banned

TechnicalDeep dive· 16 min read

How Jagex actually detects bots: the technical breakdown

Your Cart

Your cart is empty.