Ban users who attempt to hack other users.

Status

Luigical

Professional Grade Setup Specialist
Supreme
Feedback score
46
Posts
730
Reactions
762
Resources
26
We ban lots of people for soo many reasons. We ban users for leaking products, breaking too many rules, even not returning the $1.50 of a Minecraft account.
However, apparently not for any type of remote hack.

I had a user join my test servers, send commands for a Log4J attack, luckily I was able to handle the attack. I have since verified the name and their connected Minecraft Market account. However, I made a ticket on this issue and I was given the following response.
"I'm not sure if there's anything we can do about this. I do apologize for the inconvenience. It might be best if you leave a feedback on the user."

My suggestion is this: We should also ban them from attempting a hack in this way.
 
Type
Suggestion
Status
Implemented
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Ambrosia

Premium
Feedback score
22
Posts
2,340
Reactions
1,384
Resources
0
Well, that's pretty arrogant.,
In your 5+ years, you obviously haven't seen what everyone else has managed to see. I don't know what kind of factors you think are in place/justify hacking someone, but you have a pretty messed-up sense of justice. But to clarify, I haven't had any issues with this user beforehand. He was likely just attempting to hack my server because he knows a lot of high profile people join the servers to inspect my work and they want to be able to remotely access those users PC's
Post automatically merged:


No, they aren't, but if they are controlling people outside the community with scamming, I'm not sure why we are drawing a line at attempting to remotely hack users. "We don't let our users steal other people's money, but we do allow them to hack into your computer and do whatever they want."
"That's pretty arrogant," that's exactly what you agreed to with the post above me. Is that pretty arrogant too? My post was far from arrogant.
 

Justis

Community Member
Management
Feedback score
61
Posts
2,117
Reactions
2,414
Resources
0
The ticket in question was escalated to the management team for review due to the lack of precedent and written policy.

An excerpt from my response:
There’s been no equal precedent to this before and likewise, there’s nothing in our staff documentation about what the correct punishment is if someone performs a penetration test on one of our users’ services without consent.

The most comparable situation which we have policies in place for is a case of malware or backdoors being placed in our users’ products prior to distribution.

According to these policies, any malware which inherently does harm to the user running it will always result in a permanent ban.

A backdoor which offers the possibility of being harmed, but which does not inherently denote harm, such as an author force-op, would result in a 35 point warning. The highest value warning we issue. However, if that backdoor is or was at any point used to perform harm, that too, immediately escalates to a permanent ban.

With this penetration attempt, it’s arguable whether the evidence provided is sufficient for proving malicious intentions. The user may claim to have been intending to reach out and inform you if they found that the server was not properly protected, using their gamemode as proof of viability. However, in the interest of creating a precedent that prioritizes the security of the community over the interests of a single potentially misguided user, I’ve decided that a permanent ban is our best choice for a starting point with our policies on cases like this.

To respond to the concerns of some of the users disagreeing with this thread, I’d like to just say that you’re right. We’re not the police. MC-Market has never been and should never be the final destination for accusations of scamming, attacking, doxing, or any other serious offense. We are, however, very much interested in protecting the community we harbor, and we very much appreciate the opportunity to remove someone whose continued use of our website may have lead to further harm to other members. The staffing requirements due to being involved in our users’ transaction disputes already easily eclipses the sum of all other requests for support related to off-site interactions, so please don’t worry about reports like this resulting in us being overworked. Matters like this have already been factored into our current staffing allocations and there are no issues.

I’ll go ahead and move this to accepted, although the conclusion to the ticket’s escalation would have been the same regardless. Our dedication to the protection of our users is something we’ve consistently maintained throughout the years and we’ve no intention of weakening our enforcement now.
 
Status
Top