Why restarting the server on multiple "read time out" errors is a really bad idea.

September 4, 2012 at 3:28 PMPhonicUK

One of the most frequent feature requests for McMyAdmin over the last couple of months has been the ability to make McMyAdmin automatically restart the server if a "read time out" happens (or if many of them happen in a short time frame)

The short and sweet answer to why this is a bad idea is simple - it's too easy to exploit to deliberately make the server restart excessively, and it would be almost impossible to protect against.

So let's go over what's happening here:

A 'read time out' occurs when you are trying to read a piece of data (in this case, from a network socket) and it takes too long to read the data. Normally this happens because the sending party has stopped sending data unexpectedly (due to a connection issue or a software failure) and the receiving party is still expecting data.

Normally a read timeout isn't an issue and the server just carries on its merry way (and in fact the minecraft server does indeed do this during a 'legitimate' read timeout) - but for one reason or another Craftbukkit has a bug whose symptoms are large numbers of these happening in rapid succession, followed by users being disconnected and the server becoming unresponsive.

Why this keeps happening in Craftbukkit I don't know - but what I do know is that it would be very easy to trigger deliberately. Simply connect to the minecraft server, and midway through sending a packet - simply stop.

So if McMyAdmin were to (have the option to) restart servers automatically in this situation - It'd be very trivial to keep large numbers of servers in a restart loop with a very small amount of traffic, a griefers wet dream.

Posted in: McMyAdmin