Automatically ban compromised accounts

[TerrorBite]

Certain major griefing clients are able to load lists of compromised accounts from a text file in username:password format. Many of these account lists can be easily found via a Google search.

InformaBan should have the ability to load these lists, in username:password format, and deny login to these accounts with a message explaining that the account is compromised.

Optionally, this feature could attempt a Minecraft login with the compromised credentials, and allow login if they are no longer valid (e.g. password has been changed).

[TerrorBite]

Optional login feature may not be a good idea: don't want servers making continuous login attempts to Minecraft.net with compromised accounts.

[cyberkitsune]

IMO, Having all of the servers with a list of compromised accounts in username:password is a bad idea. How about a centralized server hosted by you or another 3rd party that keeps up to date info?

[TerrorBite]

It's up to server owners to provide such a list (which would have to be public anyway for them to find it). I don't want to dictate to anyone who should or shouldn't be banned - this is not MCBans or similar.

[nickperkins]

Perhaps don't include passwords in the list. Since the login feature is a bad idea, there is no need to use that. I suspect that you can't check what password was used by the player to login, so the username is all you can use to check.

It could provide a link the user could visit for more information (or perhaps link to mojang to report their account).