Minecraft – Does Mojang blacklist or throttle login attempts from specific IP addresses

minecraft-java-edition

I recently ran a Minecraft event with 50 players, all in the same physical space with a shared internet connection. About 2/3 of players were challenged for their authentication credentials, and after entering known good email addresses and passwords that had all previously worked, login was denied with an error indicating invalid credentials.

I was able to reset the passwords on these accounts, but even after resetting the passwords they still did not work.

The strangest thing was that the newly reset passwords would not even work when trying to log in via https://accounts.mojang.com/login — I would reset a password, get the green confirmation message that the new password was successfully set, and then when I tried logging in again via the web site it would not accept it.

Switching over to an internet connection via a cell phone resulted in everything working. We tried to fool the system by logging in over a cell connection, and then switching the network back, and that worked for a few accounts but then we started getting "invalid token" errors after switching networks.

Then after a couple hours, everything worked again.

To me this points to a temporary throttling or blacklist of the network's IP address.

Since everything worked fine before and after the event, I tend to believe it is not a problem with the firewall or network configuration on our side of things.

Is this a known practice used by Mojang?

What triggers it?

Is there a way to proactively avoid it by getting an IP address whitelisted?

Why don't they provide any actionable information when they are doing this, and why would they permit a password to be reset but not used?

Best Answer

Around a month ago, Mojang added a new system to protect against logging into cracked accounts. If you fail to login to too many accounts during a short period of time, your IP will be blocked from somewhere around 30 minutes to 4 hours, then the accounts you tried logging into are flagged. The accounts are then reviewed, if it looks like it has been hacked then the account is reset and sent a new password to the original email. You must use a VPN to bypass this restriction, or use a HTTP Proxy for the actual login of the accounts

Related Solutions

Minecraft crashes after logging in: A fatal error has been detected by the Java Runtime Environment

Let's look at what is happening: Minecraft is trying to do something which returns 0xc0000005.

In ntstatus.h, a list of error code definitions, 0xc0000005 is STATUS_ACCESS_VIOLATION.

MSDN - Analyze Crashes to Find Security Vulnerabilities in Your Apps reports:

Access violation exceptions (STATUS_ACCESS_VIOLATION) are generated by modern processors when a memory access caused by an instruction or program execution does not satisfy certain conditions defined by the processor architecture or memory management unit structures.

So, we now know that Minecraft does something that causes invalid memory access.

But, what exactly is Minecraft doing?

j  org.lwjgl.opengl.WindowsContextImplementation.nCreate(Ljava/nio/ByteBuffer;Ljava/nio/IntBuffer;Ljava/nio/ByteBuffer;)Ljava/nio/ByteBuffer;+0
j  org.lwjgl.opengl.WindowsContextImplementation.create(Lorg/lwjgl/opengl/PeerInfo;Ljava/nio/IntBuffer;Ljava/nio/ByteBuffer;)Ljava/nio/ByteBuffer;+10
j  org.lwjgl.opengl.Context.<init>(Lorg/lwjgl/opengl/PeerInfo;Lorg/lwjgl/opengl/ContextAttribs;Lorg/lwjgl/opengl/Context;)V+104
j  org.lwjgl.opengl.Display.create(Lorg/lwjgl/opengl/PixelFormat;Lorg/lwjgl/opengl/Drawable;Lorg/lwjgl/opengl/ContextAttribs;)V+88

Here we see, Minecraft tries to allocate an OpenGL Device Context buffer in memory.

The thread mentioned by Ben Blank has a different stack trace and thus is irrelevant.

We first have to get more knowledge about your memory, which you gave:

I noticed that the command that the minecraft.jar file is being run with says that it can have up to 1024mb of ram. I only have ~500mb of ram, so it would be referencing pointers in an unknown location. I also notice a gl issue, which I'm not really sure how to fix.

Given that low amount of memory, I'm going to guess that your graphics card uses 128 MB shared memory which means that it uses RAM memory to operate. I'm guessing that your Windows uses another 100 MB. There is only 250 MB of memory remaining for Minecraft, and your page file.

Minecraft uses from 512 MB to 1 GB, consider that playing Minecraft will cause disk trashing.

VM Arguments:
jvm_args: -Xms512m -Xmx1024m

So, now, where does the problem lie?

"so it would be referencing pointers in an unknown location" -- no. Just because you tell it it's allowed to use 1024 MB doesn't mean it ignores allocation errors when it runs out of space and creates invalid addresses out of thin air to reference. For all I know it wouldn't even matter, Windows would just give it space in the page file. - Matthew Read

This comment on the question is not 100% correct, there are exceptions that don't use the page file.

Exactly, OpenGL Device Context buffers must be in RAM; the solution is to buy more RAM.

I doubt if 1 GB will do the job given that Minecraft can use up to 1 GB; better to be safe than sorry and get 2 GB to avoid future problems. This also makes sure you don't experience disk trashing to the page file, which can have a great impact on the performance...

Or well, I could be all wrong and it could be a driver problem. But seriously, 512 MB isn't enough...

Minecraft login issue

If you have a firewall it may be preventing minecraft from accessing the login servers. Try disabling it and logging in. If that works then investigate the settings to override the block of minecraft.exe or java.exe.

Best Answer

Related Solutions

Minecraft crashes after logging in: A fatal error has been detected by the Java Runtime Environment

Minecraft login issue

Related Topic