Hey guys. I think either Bukkit or Minecraft itself has an authentication problem, because we're getting players logging in as other players' accounts. This is happening while the server is IN Online-mode, so it's proving to be a problem. I'm sure this isn't someone stealing passwords. We've only seen one IP doing it, but that's all it takes to get my spider-senses tingling, so I'd like a plugin to address it. Can someone write up a plugin that automatically bans any IP seen logging into multiple accounts? I'm willing to accept some false positives from people who actually own multiple accounts; that's less important than dealing with this.
The problem with that is that you often get brothers/sisters who live in the same house who play on servers together. Although they might be on different computers, they would still have the same IP. Same applies for friends playing within a university. Since universities often route all there traffic through one router, any people playing from within the university would appear to have the same IP.
Again, I'm totally okay with this - players who are banned via this sort of false positive would be free to contact me to get it lifted.
IP banning in general is a bad practice that too many people use and which you shouldn't do. Ban their names if must be, but not the IP. Most people do not have static IPs, so all they need to do is to reset their router and they can play again.