Ban users who attempt to hack other users.

[Luigical]

We ban lots of people for soo many reasons. We ban users for leaking products, breaking too many rules, even not returning the $1.50 of a Minecraft account.
However, apparently not for any type of remote hack.

I had a user join my test servers, send commands for a Log4J attack, luckily I was able to handle the attack. I have since verified the name and their connected Minecraft Market account. However, I made a ticket on this issue and I was given the following response.
"I'm not sure if there's anything we can do about this. I do apologize for the inconvenience. It might be best if you leave a feedback on the user."

My suggestion is this: We should also ban them from attempting a hack in this way.

 

[Geek]

For further clarification as was mentioned in the ticket, we have a policy against our service for comprising the service. To my understanding, this is not extended to other services that MC-Market does not own and control. Additionally, we have banned for compromising users, however in this case no user was compromised as that extends specifically, again to my understanding, to MC-Market accounts.

It is my personal opinion that MC-Market shouldn't handle cases like this that are outside there service. While there are many reasons for this, I think the biggest reason is that we cannot verify it in a majority of cases. We have to accept the evidence that is given to us, and we have to take you at your word that your service is secure. That's not to say that it isn't, but it comes down to verification of the information which we are simply unable to do as I highly doubt you would be willing to give the staff member handling your ticket access to your backend to verify the claims.

 

[Ally]

For further clarification as was mentioned in the ticket, we have a policy against our service for comprising the service. To my understanding, this is not extended to other services that MC-Market does not own and control. Additionally, we have banned for compromising users, however in this case no user was compromised as that extends specifically, again to my understanding, to MC-Market accounts.

It is my personal opinion that MC-Market shouldn't handle cases like this that are outside there service. While there are many reasons for this, I think the biggest reason is that we cannot verify it in a majority of cases. We have to accept the evidence that is given to us, and we have to take you at your word that your service is secure. That's not to say that it isn't, but it comes down to verification of the information which we are simply unable to do as I highly doubt you would be willing to give the staff member handling your ticket access to your backend to verify the claims.

This line of reasoning is exactly why in a feedback dispute, this sort of a feedback would not hold up (assuming the same standard of burden of proof)

---

Unfortunately this sort of puts you in a deadlock. You can't get them banned or add feedback and consequently you can't say that they hacked you or you get hit with a slander warning.

 

[Luigical]

It is my personal opinion that MC-Market shouldn't handle cases like this that are outside there service. While there are many reasons for this, I think the biggest reason is that we cannot verify it in a majority of cases. We have to accept the evidence that is given to us, and we have to take you at your word that your service is secure. That's not to say that it isn't, but it comes down to verification of the information which we are simply unable to do as I highly doubt you would be willing to give the staff member handling your ticket access to your backend to verify the claims.

I am not asking you to do anything to someone who can't be verified, but the info I provided was more than enough. You do the same thing with scam reports, most of those happen over discord. Would you just no longer handle those due to it being off-site?

 

[Stelios]

MC Market is not Minecraft Police. What does someone attempting to hack your server have to do with MCM?

 

[Luigical]

MC Market is not Minecraft Police. What does someone attempting to hack your server have to do with MCM?

They directly attacked a service that I sell on this site. They found me using this site.

Should we allow people to scam as long as they do it off-site? Like what kind of logic are you using here?

Post automatically merged: Jan 14, 2022

Banned Landon Mlchael thoughts on why you disagree?

 

[Stelios]

They directly attacked a service that I sell on this site. They found me using this site.

Should we allow people to scam as long as they do it off-site? Like what kind of logic are you using here?

Who scammed you? When did a transaction take place? What did they cheat you out of?
Scamming is something a user can be banned for (4.2), hacking your server is not.

You had a public server, anyone could have logged in and sent anything. Not everyone is going to have good intentions, regardless of where they found it. Would you have contacted your webhost to block them off of their datacenter if they'd found it on your website? Or Facebook if they'd found it on there? Maybe report them to Mojang, they wouldn't have found you if it weren't for their game. I know, report them to Google, if they didn't have Chrome they would've never found you.

The difference between every bannable offence you mentioned, and your case, is found vs transacted.

There is no transaction, or scam, in this case. There is simply "information transmission" (should I call it that?) via MCM, which is what public forums are designed for.
As for the user's intentions with this information, whether good or bad, again, MCM is not Minecraft police, or police in general.

At least that's my view on it. I know not everyone's going to agree and that's fine. I think MCM staff have enough going on with actual scam reports, I don't think policing the entire Minecraft community is something they should have to do.

 

[Luigical]

The difference between every bannable offence you mentioned, and your case, is found vs transacted.

But this isn't a random user. This is a user who got my IP from this site, was reviewing my test servers in order to purchase a product. The origin was this site. Not somewhere random.

My exact suggestion is to make something like this bannable, with adequate proof of course.

We banned Beer for very similar reasons.

 

[Ted]

Manipulating a vulnerability in a software is illegal. Although it depends on how the company wants to take action on said attacker, but in this case the owner of the server is holding the attacker accountable. Even if the attack didn't produce an outcome that benefited the attacker, the attacker still attempted a backdoor method. In all my time being with Mc-Market, they have held up real world laws over their website violations favorably.

 

[Ambrosia]

Manipulating a vulnerability in a software is illegal. Although it depends on how the company wants to take action on said attacker, but in this case the owner of the server is holding the attacker accountable. Even if the attack didn't produce an outcome that benefited the attacker, the attacker still attempted a backdoor method. In all my time being with Mc-Market, they have held up real world laws over their website violations favorably.

What are you on about? This is absolutely nothing to do with MC-Market, it's a Mojang issue at that.

 

[Ted]

What are you on about? This is absolutely nothing to do with MC-Market, it's a Mojang issue at that.

The user linked the person to someone in the community. Therefor it's a community member attacking another community member. Just because the cause didn't include mc-market doesn't mean mc-market shouldn't take action. Through time I've seen many people banned from mc-market for just having an account, whenever a transaction did not involve the website whatsoever.

 

[Ambrosia]

The user linked the person to someone in the community. Therefor it's a community member attacking another community member. Just because the cause didn't include mc-market doesn't mean mc-market shouldn't take action. Through time I've seen many people banned from mc-market for just having an account, whenever a transaction did not involve the website whatsoever.

So if I have a Google account and I attack someone in real life who also has a Google account, is Google responsible for me attacking that person?

 

[Stelios]

But this isn't a random user. This is a user who got my IP from this site, was reviewing my test servers in order to purchase a product. The origin was this site. Not somewhere random.

So did they purchase a product and try to scam you? Where is the scam in this? I don't see it.

My exact suggestion is to make something like this bannable, with adequate proof of course.

And my opinion is that MCM staff are not Minecraft police.
I also don't see how there can be adequate, unmanipulable proof about something like this - Especially since there's no official transaction (Via PayPal, Credit Card, etc) in place, or something publicly available (Like source code of an uploaded resource)

We banned Beer for very similar reasons.

Is Beer the developer that was banned for placing backdoors in jars? I assume that would then fall under rules 5.1 and 5.4, not 4.2

 

[Ted]

So if I have a Google account and I attack someone in real life who also has a Google account, is Google responsible for me attacking that person?

No one said mc-market is responsible for the attack. OP is suggesting that since the user is part of the community and preforming malicious attacks on other users in the community, the user should be banned from the community. I don't understand how this is hard to understand?

 

[Ambrosia]

No one said mc-market is responsible for the attack. OP is suggesting that since the user is part of the community and preforming malicious attacks on other users in the community, the user should be banned from the community. I don't understand how this is hard to understand?

I might have mistaken using the word responsible, however, it's the same logic. If MC-Market had to ban everyone for everything that happened off-site, then I am sure it would be very hard to keep up with, and the consistency of punishments would make it unfair. MC-Market can't handle everything that happens off-site, especially if there are no rules on it.

 

[Ted]

I might have mistaken using the word responsible, however, it's the same logic. If MC-Market had to ban everyone for everything that happened off-site, then I am sure it would be very hard to keep up with, and the consistency of punishments would make it unfair. MC-Market can't handle everything that happens off-site, especially if there are no rules on it.

I've been here for 6+ years, I've seen them do it before.. that's all I'm saying

 

[Ambrosia]

I've been here for 6+ years, I've seen them do it before.. that's all I'm saying

5+ years as well, and I understand that but there could have been underlying conditions that we didn't know about.

 

[Luigical]

5+ years as well, and I understand that but there could have been underlying conditions that we didn't know about.

Well, that's pretty arrogant.,
In your 5+ years, you obviously haven't seen what everyone else has managed to see. I don't know what kind of factors you think are in place/justify hacking someone, but you have a pretty messed-up sense of justice. But to clarify, I haven't had any issues with this user beforehand. He was likely just attempting to hack my server because he knows a lot of high profile people join the servers to inspect my work and they want to be able to remotely access those users PC's

Post automatically merged: Jan 16, 2022

And my opinion is that MCM staff are not Minecraft police.

No, they aren't, but if they are controlling people outside the community with scamming, I'm not sure why we are drawing a line at attempting to remotely hack users. "We don't let our users steal other people's money, but we do allow them to hack into your computer and do whatever they want."

 

[Stelios]

"We don't let our users steal other people's money, but we do allow them to hack into your computer and do whatever they want."

I'd phrase that differently.
"We don't allow users to scam THROUGH our platform, but we'll allow anyone to view IPs and all other text/information YOU have PUBLICALLY posted".


And just for the fun of it. Say they DO get banned. What is that going to achieve? They can still view your server IP and attempt to hack it. Because you posted it, and it's public, available to anyone.
Meanwhile with a scam situation, if they don't have an account in good standing, they won't be able to scam someone else.

 

[Luigical]

I'd phrase that differently.
"We don't allow users to scam THROUGH our platform, but we'll allow anyone to view IPs and all other text/information YOU have PUBLICALLY posted".

But that's wrong. Because if you scam on Discord you get banned on here too. Even if that's off-site, they don't allow you to scam through other platforms either.

Banning this user does the same thing that banning a scammer, that user can no longer participate in active deals and such on-site, the goal of banning someone is to keep them out and make it as hard as possible for them to be able to scam again.