Open TerrorBite opened 11 years ago
Optional login feature may not be a good idea: don't want servers making continuous login attempts to Minecraft.net with compromised accounts.
IMO, Having all of the servers with a list of compromised accounts in username:password is a bad idea. How about a centralized server hosted by you or another 3rd party that keeps up to date info?
It's up to server owners to provide such a list (which would have to be public anyway for them to find it). I don't want to dictate to anyone who should or shouldn't be banned - this is not MCBans or similar.
Perhaps don't include passwords in the list. Since the login feature is a bad idea, there is no need to use that. I suspect that you can't check what password was used by the player to login, so the username is all you can use to check.
It could provide a link the user could visit for more information (or perhaps link to mojang to report their account).
Certain major griefing clients are able to load lists of compromised accounts from a text file in username:password format. Many of these account lists can be easily found via a Google search.
InformaBan should have the ability to load these lists, in username:password format, and deny login to these accounts with a message explaining that the account is compromised.
Optionally, this feature could attempt a Minecraft login with the compromised credentials, and allow login if they are no longer valid (e.g. password has been changed).