Automatic MM Service

Status
This thread has been locked.
Tommy W

Tommy W

Professional Noddle
Deactivated
Feedback score
31
Posts
974
Reactions
475
Resources
0
Would anyone use an automatic MM service?

So what would happen is this:

The seller generates an MM session, they then enter the account credentials and account email, the credentials will then be checked, and if they are legit, the process will continue, else, it will tell them that the credentials are invalid and end the session.

The buyer then enters the session code, they then get into a dashboard which both of them can access, it will show the account name, etc.

The buyer then clicks "pay" and it will generate a BTC address for the buyer to send to, once done, the system will automatically start securing the account.

The securing process goes like this:
#1 - Generates an email with a secure password on our email server
#2 - Changes the account email to the new email
#3 - Confirms the email change on the old email, if it is on cooldown, it changes the old emails password.
#4 - Changes the account password to a randomly generated one
#5 - If it was successfully changed to the new email, it then tries to delete the old one.

At last, it tells the buyer the username and password to the new email (or old email if the email change was on cooldown) and the account, and ends the session.

Would anyone here use this service?
If not, why?
 
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
Wqrld

Wqrld

System Administrator
Premium
Feedback score
28
Posts
215
Reactions
102
Resources
0
one you cant really check accounts without getting a chance to lock them. Two most people dont want/have BTC

I like the idea but i dont see it working out like this.
 
Tommy W

Tommy W

Professional Noddle
Deactivated
Feedback score
31
Posts
974
Reactions
475
Resources
0
Wqrld said:
one you cant really check accounts without getting a chance to lock them. Two most people dont want/have BTC

I like the idea but i dont see it working out like this.
Click to expand...
It's pretty dangerous with PayPal, so I'm going to avoid using that.

I also doubt that it will be locked, if in testing phases it sometimes happens, I'll try and implement a system where it checks the account via the user's IP.
 
pet

pet

Jahn is MY DADDY :)
Supreme
Feedback score
39
Posts
948
Reactions
1,127
Resources
0
There are a lot of checks the bot would have to make as for the Minecraft accounts there are a lot of things to look out for e.g og info, dispute link(changeable email) etc.

Other than that it's a really cool concept, but I doubt people would use it regardless because it's much safer to just mm manually. I myself as an mm wouldn't use it, to avoid issues (bot messing up) and a mm process takes 10mins tops.

EDIT:
the bot would have to secure accounts too cause the seller of the account could change details after providing them to the bot. Securing an account requires human verification most of the time also.
 
Last edited:
Tommy W

Tommy W

Professional Noddle
Deactivated
Feedback score
31
Posts
974
Reactions
475
Resources
0
Jasmines Pet said:
There are a lot of checks the bot would have to make as for the Minecraft accounts there are a lot of things to look out for e.g og info, dispute link(changeable email) etc.

Other than that it's a really cool concept, but I doubt people would use it regardless because it's much safer to just mm manually. I myself as an mm wouldn't use it, to avoid issues (bot messing up) and a mm process takes 10mins tops.

EDIT:
the bot would have to secure accounts too cause the seller of the account could change details after providing them to the bot. Securing an account requires human verification most of the time also.
Click to expand...

About securing, it says this on the thread:

The buyer then clicks "pay" and it will generate a BTC address for the buyer to send to, once done, the system will automatically start securing the account.

The securing process goes like this:
#1 - Generates an email with a secure password on our email server
#2 - Changes the account email to the new email
#3 - Confirms the email change on the old email, if it is on cooldown, it changes the old emails password.
#4 - Changes the account password to a randomly generated one
#5 - If it was successfully changed to the new email, it then tries to delete the old one.
 
Zyger

Zyger

Middleman
Supreme
Feedback score
414
Posts
2,209
Reactions
2,615
Resources
0
Tommy W said:
About securing, it says this on the thread:

The buyer then clicks "pay" and it will generate a BTC address for the buyer to send to, once done, the system will automatically start securing the account.

The securing process goes like this:
#1 - Generates an email with a secure password on our email server
#2 - Changes the account email to the new email
#3 - Confirms the email change on the old email, if it is on cooldown, it changes the old emails password.
#4 - Changes the account password to a randomly generated one
#5 - If it was successfully changed to the new email, it then tries to delete the old one.
Click to expand...

#1 - Mojang has blacklisted entire mail domains in the past for being associated with account selling, which means that you'd run the risk of losing users accounts. Chearful can vouch for this.

#3 - It's not that easy, there's tons of different email providers that you'd have to have different code for, and pretty much all of them have some form of protection against automation to prevent blackhat activity, so it wouldn't work anyway.

There's also the 2FA that you wouldn't be able to get through. For some emails, e.g. Gmail, even if 2FA is removed prior, it still asks for 2FA for a while after for security reasons.

You also don't need to confirm the email change on the old emails anymore. It's all done from the new emails, but a dispute link is sent back to the old email which can be used to pull the account back at any time.

#5 - Assuming you were somehow able to gain access to the email properly and delete it, many email providers give you the option to recover the email account for a while after, for security reasons.

There's also many other issues, such as having the same static ip log into many different accounts, and if you used basic proxies to bypass this, they'd still most likely be detected as being suspicious, putting the users account at risk.

If this were possible for minecraft accounts, I would've done it a long time ago.
 
Last edited:
AlfieSR

AlfieSR

Plugin Developer
Supreme
Feedback score
5
Posts
93
Reactions
36
Resources
0
Had a similar sort of concept in mind before, but I can't ever see something like this being successful.
 
Anish

Anish

Developer
Supreme
Feedback score
9
Posts
365
Reactions
176
Resources
0
I agree with Zyger on this one, it's going to be insanely hard to implement a system that does all this without the possibility of the account being locked.

Good concept, execution definitely requires some more research done on it.
 
Status
This thread has been locked.
Top