
Pastebin abused - lehmannro
http://www.michielovertoom.com/python/pastebin-abused/
======
mtogo
I thought everyone knew this. Pastebin hasn't been used seriously for pasting
code snippets for years, everyone's moved to one of the ( _much_ ) better
pastebins. Here's just a few i can think of off the top of my head:

<http://paste.pocoo.org/>

<http://gist.github.com/>

<http://dpaste.org/>

<http://fpaste.org/>

<http://codepad.org/>

and <http://rafb.net/paste/> before it was shut down

~~~
Kadin
I wouldn't be so quick to dismiss Pastebin's legitimate uses. I see it get
used all the time for sharing debug output and system logs (generally between
systems where there isn't any other easy method of communication).

The other ones may be prettier but Pastebin has mindshare.

~~~
adambyrtek
What do you mean by "mindshare"? It's not like there is any real community on
those sites. For me most of them are completely interchangeable. The only
exception is Gist, which has the advantage of version control.

~~~
Kadin
Lots of people (that I know, anyway) know what Pastebin is, and don't know of
any of the other, similar sites. If they need to paste some output, they type
"pastebin.com" into their address bar and that's it.

------
pavel_lishin
Some of them sound downright sad: <http://pastebin.com/v70Z85aC>

Another I just saw was a keylog of someone changing their password after their
Facebook account was flagged for suspicious activity. Obviously, they've got
bigger problems.

Question: should I contact this person and tell them what happened?

(Thinking about it, it would be trivial to write a script that monitors for
this kind of stuff, and e-mails the victim, or sends them a facebook message,
explaining what happened. But, uh, seems like it might expose me to liability
at worst, and angry reply emails at best.)

~~~
StudyAnimal
I know, irregardless is not even a word!

------
shii
Welcome to the internet, this is pretty old news. You want to see more
interesting stuff? Next time you stumble upon an owned computer, try to follow
where the network stack is leading to and you'll sometimes find IRC channels
with really interesting mechanics and things in them to control these
computers.

~~~
mattdeboard
Interesting, do you know of any blog posts or articles that discusses these
rooms, or more on how to do this? And I may be showing my out-of-touchness
with black-hat culture, but I assume by "owned" computer, you mean one that's
a botnet node?

~~~
jessedhillon
I'd say a good way to get started would be to install Windows XP on a machine,
start downloading and installing pirated warez, then watch `netstat` or
install Wireshark.

~~~
ZoFreX
I would suggest two modifications to your plan: Using a VM (easier and fairly
safe, very few viruses can break out of a VM), and getting the viruses some
other way (I don't see that many in pirated material). One way that works is
to follow the links next time a spambot hits a large IRC channel you're in.

------
MrVitaliy
Why is it considered an abuse?

Here is a description on what service pastebin provides: "Pastebin.com is the
number one paste tool since 2002. Pastebin is a website where you can store
text online for a set period of time."

It doesn't make pastebin abused just because some internet individual thinks
it is only for interesting source code.

~~~
BasDirks
It's possibly abuse because it's possibly used for illegal activities.

"just because some internet individual"

Your condescending tone implies undisclosed motives. I might be wrong, feel
free to correct me.

~~~
mattdeboard
Judging by the comments on the linked article, I'd say quite a few black-hats
and crackers/etc are upset he's bringing this to light for those of us who
were unaware.

------
raganwald
Reminds me of:

<http://en.wikipedia.org/wiki/Dead_drop>

------
DanBlake
This has been the case for a while. Anything you paste there will be seen by
everyone + google. I did a simple pastebin for myself a while back that doesnt
have a public directory - <http://tinypaste.com> \- Also has code compilation
built in, via codepad

~~~
caf
I think you've missed the point. It's not interesting that public pastes are
public; it's interesting that pastebin is being used as a dead drop.

------
kragen
There's a discussion in Cory Doctorow's "For The Win" (excellent novel, btw,
download it today) of how to coordinate groups of anonymous activists online.
A favorite tactic of the fictional activists in the book was to take over the
comment thread of some arbitrary old blog post for a short period of time,
using it as a chat channel.

Obviously, Pastebin works too.

------
arkitaip
Never thought about this. It's scary what even a basic search such as
_site:pastebin.com password username_ can return.

~~~
HoLyVieR
Have you tried searching for "site:pastebin.com mysql_connect" ? That's even
scarier. There's people that do post their database password and username
publicly.

~~~
tomjen3
That is unlikely to matter - mysql and postsql doesn't allow connections from
outside of localhost by default on Ubuntu (and properly other unixes as well).

So really, yeah if you already have local access you can pwn the box, but you
have pretty much done that already.

------
BoppreH
Seems like a logical step to me, especially for dodgy automated tools. Making
your programs paste the illegal info in pastebin makes a lot of sense from a
plausible deniability standpoint. "No sir, I didn't plant the bug there, I
just found this log on a public website."

Pastebin's owner seems to not mind automated tools using the site (
<http://stackoverflow.com/questions/833887/pastebin-api> , comment on question
), so the only solution I see is a "report public paste" feature. But that
would be near useless against the volume of computer generated content
created. And worse yet, the address that pasted it is just another victim, so
there's little hope going against it.

Though I really hope I'm wrong, pastebin is a great website.

------
baby
I see things like that on pastebin since ages. I thought it was common
knowledge that pastebin hosted that kind of content until today.

------
cubicle67
WARNING - don't click on the tinypic link in the comments

[Edit: not sure if the pic's fake or not, but it's a photo of the top halves
of two corpses]

~~~
Luyt
Thanks for the tip, I removed the link from that comment. It was a gruesome
picture indeed, fake or not.

~~~
radical-edward
Real and recent. They were Libyan rebels.

~~~
danshapiro
If you could send the original link to (my first name) at (photobucket.com)
I'll make sure it gets removed.

------
melpomene
I forked the code in this article and made it parse a Pastebin site hosted on
the I2P Darknet (<http://i2p2.de>). Expected to find alot of more stuff like
this in a completly anonymous enviroment like I2P. But no, the anonymous
people on I2P seems like a nice bunch.

Here is the code:
[http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-past...](http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-pastebin-
parser.html)

------
tzs
It's kind of rude not to edit out the usernames and passwords from his
examples.

~~~
oasisbob
He states "I have changed some details to protect the innocent."

While I haven't tested any of the examples myself, I'd assume they're subtly
munged.

~~~
tdfx
I can confirm that the adult site passwords do not work.

~~~
44Aman
hah!

------
mathrawka
This has been happening for a long time. I remember stumbling across an
/etc/passwd file that was from a Yahoo! server awhile ago.

------
adambyrtek
I'm surprised they don't use asymmetric encryption to hide their tracks. It
seems obvious to encrypt the contents using a public key before sending it to
pastebin, so that only the attacker (or attackers) can decrypt it.

~~~
JonnieCache
Two words: plausible deniability.

------
armored
Makes me want to run google searches on all my passwords, just in case...

~~~
hollerith
Don't do that: google might leak them somehow.

------
mahmud
Welcome to the internet.

------
Kwpolska
Well, pastebins are free, you can post anything there. If you don't want to
see stuff like that, then DON'T CHECK OUT THE PUBLIC PASTES.

pastebin.com sucks. Use LodgeIt[] or Gist[].

[LodgeIt]: <http://paste.pocoo.org/>

[Gist]: <http://gist.github.com/>

------
cookiecaper
This is why you always must remember to set good expiration settings and edit
out any confidential content (like passwords or identifying chunks of code)
when you use a pastebin.

------
dendory
Why is this news, hasn't this been the case since the very start? Any time I
see a link to a pastebin site I always take a look at the public shares just
to see what's up there and it's always filled with this stuff.

------
wging
Thought this was going to be about the posting of the full version of that
paywalled Wall Street Journal article on Iran's plans for its own internet.
Thank god that's still okay.

------
jkyro
No commenters? I guess they're all checking out whether the porn site
passwords are actually valid.

~~~
skrebbel
Unfortunately, they're not.

