Outline of methods casinos can detect Bots

Methods local to actual computer

  • Scan of files on hard drive
    • Internet history – visits to winholdem/openholdem etc.
    • Prefetch data
    • Shortcuts on desktop/recent documents/ anywhere
    • Temp folder
  • Names of running processes
  • Window titles
  • Registry entries
  • Screenshots
  • Use of Virtual Machine
  • Running in non-admin windows account
  • Suspicious casino preferences:
    • Specific sizes of table
    • Four color deck
    • Replacement of images in casino install directory
    • Creation of custom preferences.ini
    • Turning off sound/animation
  • Hardware Unique Identification
  • Suspicious mouse/keyboard activity
    • Too many clicks within specified time
    • Clicking on same spot always / never misclicking?
    • Instant mouse movement
    • suspicious drivers, fake keyboards/mouse
  • Screen Resolution particularly impossible resolutions in VM’s
  • DLL injection check
  • Open network connections

Methods external to actual computer

  • IP address
  • Identification used for signup
  • Long/Suspicious playing hours
  • CAPTCHA during game
  • Compare actions to other players / known bots
  • Look at how often users sit together for collusion


Its interesting that things that can’t prove that your a pokerbot, do count towards you being labelled a pokerbot when added together.

Full Tilt for example finds it suspicious if you have 4 color cards, strange table sizes etc. This can be seen from their .exe

Information contained in fulltilt.exe

Information contained in fulltilt.exe

If you can think of any other methods they use, please let me know below.