Buying a new Minecraft account costs less than €15. For a player you've banned, that's a small price to pay to get back into a server they like - or one they want to cause problems for. Alt account detection is the mechanism that makes ban evasion significantly harder, and when it's working well, most banned players don't make it past the first login attempt.
The Core Mechanism: IP Matching
The primary method for detecting alt accounts is IP address correlation. When a player joins your server, their IP address is logged alongside their UUID. When they return with a new account, they usually come from the same IP. The system checks whether the new UUID has ever shared an IP with a banned player and flags it if there's a match.
The challenge is doing this in a way that's both effective and privacy-safe. Storing raw IP addresses in plaintext is a GDPR problem waiting to happen. Modern systems like Warden Guard store only a one-way hash of the IP - the original address can't be recovered, but you can still check whether two accounts have ever shared the same IP.
Exact Match vs. Subnet Match
There are two types of IP matching worth knowing about. An exact match means the new account connected from precisely the same IP address as the banned account. A subnet match (typically /24) means they share the first three octets of the IP - the same local network, essentially the same household or organization.
Subnet matching catches cases where someone switches between Wi-Fi and Ethernet, or where a shared router assigns slightly different IPs at different times. It does have a higher false positive rate - multiple people in an apartment building on the same ISP can share a /24 subnet. Most servers treat subnet matches as a manual review flag rather than an automatic ban.
What It Doesn't Catch
Alt detection isn't foolproof. A player using a VPN or connecting from a different location entirely will have no IP overlap with their banned account. This is why IP-based alt detection should be one layer in your security stack, not the only one.
Some systems also track shared device fingerprints or behavioral patterns, but these are more complex and more prone to false positives. For most community servers, IP-based detection with a manual review step for ambiguous cases is the right balance.
Cross-Server Alt Detection
Single-server alt detection has a significant weakness: if the player has never connected to your server before, you have no IP history to match against. This is where network-level alt detection becomes powerful. Warden Guard hashes IP history across all connected servers. A player banned on Server A three months ago - who has never visited your server - will still trigger a match when they join you with a new account, because the IP hash from Server A is in the network registry.
Handling Flags Correctly
When your system flags a potential alt, the response should be proportional. For exact matches with known severe bans, automatic blocking is reasonable. For subnet matches or matches against minor ban records, a manual review flag is better - send a notification to staff, let them investigate before taking action. Not every flagged account is a genuine alt, and wrongly blocking legitimate players damages trust in your server.