Mojira Archive
WEB-1116

Name blocking

Invalid credit card

Sign up with the name using an invalid credit card.

Example

  1. Go to a fake ID site. eg "fakenamegenerator".
  2. Create new account on minecraft.net.
  3. Buy the account and fill in the name you want to block. eg "mojiratest".
  4. Use invalid credit card information (number, expire date, cvv).
  5. Just click the buy button and the name will be blocked for 24 hours.

Umigrated accounts

Unmigrated accounts are by far the most used to snipe semi-OGs or to use cape accounts to snipe OGs on it. My best guess is that they migrate the account by using the correct email but just the wrong password or vice versa. However, I can't test this.

Old patched method

Confirmed, Mojang disabled blocking. Only reason I theorised that it was some 3rd party caused event was because a name was blocked mid-day, in between the two OG's, and the response signatures from mojang looked very different.

If you try to run:

curl '[https://authserver.mojang.com/authenticate]' -H 'Host: authserver.mojang.com' -H 'Content-Type: application/json' --data '{"agent":{"name":"Minecraft","version":1},"password":"PASSWORD_HERE","requestUser":true,"username":"EMAIL_HERE"}'

Then take the accessToken from the response.

curl '[https://api.mojang.com/user/profile/agent/minecraft/name/NAME_TO_BLOCK]' -X PUT -H 'Host: api.mojang.com' -H 'Authorization: Bearer ACCESS_TOKEN'

returns

{"error":"UnauthorizedOperationException","errorMessage":"User not authenticated"}

This used some sort of giftcodes, it's unclear to me.

Possible Fix

These systems were implemented not by accident, but they are there for people to still get their name they want for if they filled in wrong number of their credit card, ect. But this is getting just straight up abused by all these snipers and they make big time money from it. To fix this, either remove it completely or reduce it.

Suggested reduction: have this system only kick in 5 minutes after a name dropped and only for 10 minutes blocked on that IP/proxy or just make the time blocked 5 minutes as from my research, snipers are not very well-made. They have to manually claim the name and sometimes takes up to 24 hours as result, the name runs out of its block and someone else gets it.

Duplicate

Oval

[Mojang] Web Team

2018-08-27, 12:42 AM

2020-05-28, 09:24 AM

2020-05-28, 09:23 AM

0

3