Syscall:writev(..) failed: Broken pipe


#1

We have been in the process of recovering from a hack. This has been involved in migrating to Sponge and updating all plugins from 1.7.10 to their equivalents. In which, we have been monitoring logs looking for malicious actions.

Today, a user logged in, immediately triggered a bunch of file write options from the looks of this, and disconnected.

https://pastebin.com/fbCXszWT

It seems that this was not triggered by a plugin or by a malformed client due to the mods they are connecting with. Would I be safe to assume that either Sponge or the restricted environment I have placed the server in would cause this output due to the user sending malicious packets to the server? We has a similar issue where someone took advantage of a mod by sending false packets that were interpreted by another mod.


#2

All of that is separate from sponge. Sponge does very little modifications to networking. In this case however, no files are being read, what’s printed in the log is failure to write from packets. There’s very little Sponge can do in this case.