Pastebin abused (opens in new tab)

(michielovertoom.com)

171 pointslehmannro14y ago50 comments

50 comments

I thought everyone knew this. Pastebin hasn't been used seriously for pasting code snippets for years, everyone's moved to one of the (much) better pastebins. Here's just a few i can think of off the top of my head:

http://paste.pocoo.org/

http://gist.github.com/

http://dpaste.org/

http://fpaste.org/

http://codepad.org/

and http://rafb.net/paste/ before it was shut down

joshwa14y ago

I always preferred http://pastie.org/ as it's the prettiest and most readable of the bunch. You can select from a good list of syntax highlighting color schemes, for instance (and they have Twilight and Vibrant Ink...)

Here's an example I found on their recent pastes page:

http://pastie.org/pastes/1987149

Go play with the Theme dropdown.

Kadin14y ago

I wouldn't be so quick to dismiss Pastebin's legitimate uses. I see it get used all the time for sharing debug output and system logs (generally between systems where there isn't any other easy method of communication).

The other ones may be prettier but Pastebin has mindshare.

adambyrtek14y ago

What do you mean by "mindshare"? It's not like there is any real community on those sites. For me most of them are completely interchangeable. The only exception is Gist, which has the advantage of version control.

1 more reply

genbattle14y ago

I think pastebin is still a very good site for code pastes. I haven't seen a site which offers more features and functionality. Sure if you just want a quick public anonymous post of some plain text, any will do. In my case pastebin.com is the only one i've found that had syntax highlighting for some of the more obscure languages I use (such as Go).

jessedhillon14y ago

I'd also like to add http://ideone.com/

adatta0214y ago

also http://jsfiddle.net/

burgerbrain14y ago

If you, like me, are still addicted to typing in 'rafb..': http://rafb.me/

pavel_lishin14y ago

Some of them sound downright sad: http://pastebin.com/v70Z85aC

Another I just saw was a keylog of someone changing their password after their Facebook account was flagged for suspicious activity. Obviously, they've got bigger problems.

Question: should I contact this person and tell them what happened?

(Thinking about it, it would be trivial to write a script that monitors for this kind of stuff, and e-mails the victim, or sends them a facebook message, explaining what happened. But, uh, seems like it might expose me to liability at worst, and angry reply emails at best.)

StudyAnimal14y ago

I know, irregardless is not even a word!

mike-cardwell14y ago

Could use an anonymous remailer.

shii14y ago

Welcome to the internet, this is pretty old news. You want to see more interesting stuff? Next time you stumble upon an owned computer, try to follow where the network stack is leading to and you'll sometimes find IRC channels with really interesting mechanics and things in them to control these computers.

mattdeboard14y ago

Interesting, do you know of any blog posts or articles that discusses these rooms, or more on how to do this? And I may be showing my out-of-touchness with black-hat culture, but I assume by "owned" computer, you mean one that's a botnet node?

JonnieCache14y ago

Tip: botnet hunting is a perfect example of something you should not learn from a set of instructions on someones blog. To do so would be a criminal sacrifice of an opportunity for joyous discovery and autodidacticism.

It's called botnet hunting for a reason. The thrill of the chase.

I'm really glad that I was 13 before the era where you could just go and get detailed instructions on every possible piece of knowledge, and before there were places like stackexchange where people scramble to answer your every question in seconds. Instead I had to spend hours days and weeks doing this stuff from scratch, and without that, I doubt if I'd be paying the rent with computers right now.

Sorry if this sounds a bit condesending, I'm just trying to help people get the maximum utility from their time skulking around in virtual alleyways chasing criminals. Surely a noble aim? ;)

jessedhillon14y ago

I'd say a good way to get started would be to install Windows XP on a machine, start downloading and installing pirated warez, then watch `netstat` or install Wireshark.

1 more reply

MrVitaliy14y ago

Why is it considered an abuse?

Here is a description on what service pastebin provides: "Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time."

It doesn't make pastebin abused just because some internet individual thinks it is only for interesting source code.

BasDirks14y ago

It's possibly abuse because it's possibly used for illegal activities.

"just because some internet individual"

Your condescending tone implies undisclosed motives. I might be wrong, feel free to correct me.

mattdeboard14y ago

Judging by the comments on the linked article, I'd say quite a few black-hats and crackers/etc are upset he's bringing this to light for those of us who were unaware.

raganwald14y ago

Reminds me of:

http://en.wikipedia.org/wiki/Dead_drop

DanBlake14y ago

This has been the case for a while. Anything you paste there will be seen by everyone + google. I did a simple pastebin for myself a while back that doesnt have a public directory - http://tinypaste.com - Also has code compilation built in, via codepad

caf14y ago

I think you've missed the point. It's not interesting that public pastes are public; it's interesting that pastebin is being used as a dead drop.

kragen14y ago

There's a discussion in Cory Doctorow's "For The Win" (excellent novel, btw, download it today) of how to coordinate groups of anonymous activists online. A favorite tactic of the fictional activists in the book was to take over the comment thread of some arbitrary old blog post for a short period of time, using it as a chat channel.

Obviously, Pastebin works too.

arkitaip14y ago

Never thought about this. It's scary what even a basic search such as site:pastebin.com password username can return.

HoLyVieR14y ago

Have you tried searching for "site:pastebin.com mysql_connect" ? That's even scarier. There's people that do post their database password and username publicly.

tomjen314y ago

That is unlikely to matter - mysql and postsql doesn't allow connections from outside of localhost by default on Ubuntu (and properly other unixes as well).

So really, yeah if you already have local access you can pwn the box, but you have pretty much done that already.

BoppreH14y ago

Seems like a logical step to me, especially for dodgy automated tools. Making your programs paste the illegal info in pastebin makes a lot of sense from a plausible deniability standpoint. "No sir, I didn't plant the bug there, I just found this log on a public website."

Pastebin's owner seems to not mind automated tools using the site ( http://stackoverflow.com/questions/833887/pastebin-api , comment on question ), so the only solution I see is a "report public paste" feature. But that would be near useless against the volume of computer generated content created. And worse yet, the address that pasted it is just another victim, so there's little hope going against it.

Though I really hope I'm wrong, pastebin is a great website.

baby14y ago

I see things like that on pastebin since ages. I thought it was common knowledge that pastebin hosted that kind of content until today.

cubicle6714y ago

WARNING - don't click on the tinypic link in the comments

[Edit: not sure if the pic's fake or not, but it's a photo of the top halves of two corpses]

Luyt14y ago

Thanks for the tip, I removed the link from that comment. It was a gruesome picture indeed, fake or not.

radical-edward14y ago

Real and recent. They were Libyan rebels.

1 more reply

melpomene14y ago

I forked the code in this article and made it parse a Pastebin site hosted on the I2P Darknet (http://i2p2.de). Expected to find alot of more stuff like this in a completly anonymous enviroment like I2P. But no, the anonymous people on I2P seems like a nice bunch.

Here is the code: http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-past...

tzs14y ago

It's kind of rude not to edit out the usernames and passwords from his examples.

oasisbob14y ago

He states "I have changed some details to protect the innocent."

While I haven't tested any of the examples myself, I'd assume they're subtly munged.

tdfx14y ago

I can confirm that the adult site passwords do not work.

1 more reply

mathrawka14y ago

This has been happening for a long time. I remember stumbling across an /etc/passwd file that was from a Yahoo! server awhile ago.

adambyrtek14y ago

I'm surprised they don't use asymmetric encryption to hide their tracks. It seems obvious to encrypt the contents using a public key before sending it to pastebin, so that only the attacker (or attackers) can decrypt it.

JonnieCache14y ago

Two words: plausible deniability.

armored14y ago

Makes me want to run google searches on all my passwords, just in case...

hollerith14y ago

Don't do that: google might leak them somehow.

mahmud14y ago

Welcome to the internet.

Kwpolska14y ago

Well, pastebins are free, you can post anything there. If you don't want to see stuff like that, then DON'T CHECK OUT THE PUBLIC PASTES.

pastebin.com sucks. Use LodgeIt[] or Gist[].

[LodgeIt]: http://paste.pocoo.org/

[Gist]: http://gist.github.com/

cookiecaper14y ago

This is why you always must remember to set good expiration settings and edit out any confidential content (like passwords or identifying chunks of code) when you use a pastebin.

dendory14y ago

Why is this news, hasn't this been the case since the very start? Any time I see a link to a pastebin site I always take a look at the public shares just to see what's up there and it's always filled with this stuff.

wging14y ago

Thought this was going to be about the posting of the full version of that paywalled Wall Street Journal article on Iran's plans for its own internet. Thank god that's still okay.

jkyro14y ago

No commenters? I guess they're all checking out whether the porn site passwords are actually valid.

skrebbel14y ago

Unfortunately, they're not.

j / k navigate · click thread line to collapse

50 comments

mtogo14y ago

http://paste.pocoo.org/

http://gist.github.com/

http://dpaste.org/

http://fpaste.org/

http://codepad.org/

and http://rafb.net/paste/ before it was shut down

joshwa14y ago

Here's an example I found on their recent pastes page:

http://pastie.org/pastes/1987149

Go play with the Theme dropdown.

Kadin14y ago

The other ones may be prettier but Pastebin has mindshare.

adambyrtek14y ago

1 more reply

genbattle14y ago

jessedhillon14y ago

I'd also like to add http://ideone.com/

adatta0214y ago

also http://jsfiddle.net/

burgerbrain14y ago

If you, like me, are still addicted to typing in 'rafb..': http://rafb.me/

pavel_lishin14y ago

Some of them sound downright sad: http://pastebin.com/v70Z85aC

Another I just saw was a keylog of someone changing their password after their Facebook account was flagged for suspicious activity. Obviously, they've got bigger problems.

Question: should I contact this person and tell them what happened?

StudyAnimal14y ago

I know, irregardless is not even a word!

mike-cardwell14y ago

Could use an anonymous remailer.

shii14y ago

mattdeboard14y ago

JonnieCache14y ago

It's called botnet hunting for a reason. The thrill of the chase.

Sorry if this sounds a bit condesending, I'm just trying to help people get the maximum utility from their time skulking around in virtual alleyways chasing criminals. Surely a noble aim? ;)

jessedhillon14y ago

I'd say a good way to get started would be to install Windows XP on a machine, start downloading and installing pirated warez, then watch `netstat` or install Wireshark.

1 more reply

MrVitaliy14y ago

Why is it considered an abuse?

Here is a description on what service pastebin provides: "Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time."

It doesn't make pastebin abused just because some internet individual thinks it is only for interesting source code.

BasDirks14y ago

It's possibly abuse because it's possibly used for illegal activities.

"just because some internet individual"

Your condescending tone implies undisclosed motives. I might be wrong, feel free to correct me.

mattdeboard14y ago

Judging by the comments on the linked article, I'd say quite a few black-hats and crackers/etc are upset he's bringing this to light for those of us who were unaware.

raganwald14y ago

Reminds me of:

http://en.wikipedia.org/wiki/Dead_drop

DanBlake14y ago

caf14y ago

I think you've missed the point. It's not interesting that public pastes are public; it's interesting that pastebin is being used as a dead drop.

kragen14y ago

Obviously, Pastebin works too.

arkitaip14y ago

Never thought about this. It's scary what even a basic search such as site:pastebin.com password username can return.

HoLyVieR14y ago

Have you tried searching for "site:pastebin.com mysql_connect" ? That's even scarier. There's people that do post their database password and username publicly.

tomjen314y ago

That is unlikely to matter - mysql and postsql doesn't allow connections from outside of localhost by default on Ubuntu (and properly other unixes as well).

So really, yeah if you already have local access you can pwn the box, but you have pretty much done that already.

BoppreH14y ago

Though I really hope I'm wrong, pastebin is a great website.

baby14y ago

I see things like that on pastebin since ages. I thought it was common knowledge that pastebin hosted that kind of content until today.

cubicle6714y ago

WARNING - don't click on the tinypic link in the comments

[Edit: not sure if the pic's fake or not, but it's a photo of the top halves of two corpses]

Luyt14y ago

Thanks for the tip, I removed the link from that comment. It was a gruesome picture indeed, fake or not.

radical-edward14y ago

Real and recent. They were Libyan rebels.

1 more reply

melpomene14y ago

Here is the code: http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-past...

tzs14y ago

It's kind of rude not to edit out the usernames and passwords from his examples.

oasisbob14y ago

He states "I have changed some details to protect the innocent."

While I haven't tested any of the examples myself, I'd assume they're subtly munged.

tdfx14y ago

I can confirm that the adult site passwords do not work.

1 more reply

mathrawka14y ago

This has been happening for a long time. I remember stumbling across an /etc/passwd file that was from a Yahoo! server awhile ago.

adambyrtek14y ago

JonnieCache14y ago

Two words: plausible deniability.

armored14y ago

Makes me want to run google searches on all my passwords, just in case...

hollerith14y ago

Don't do that: google might leak them somehow.

mahmud14y ago

Welcome to the internet.

Kwpolska14y ago

Well, pastebins are free, you can post anything there. If you don't want to see stuff like that, then DON'T CHECK OUT THE PUBLIC PASTES.

pastebin.com sucks. Use LodgeIt[] or Gist[].

[LodgeIt]: http://paste.pocoo.org/

[Gist]: http://gist.github.com/

cookiecaper14y ago

This is why you always must remember to set good expiration settings and edit out any confidential content (like passwords or identifying chunks of code) when you use a pastebin.

dendory14y ago

wging14y ago

Thought this was going to be about the posting of the full version of that paywalled Wall Street Journal article on Iran's plans for its own internet. Thank god that's still okay.

jkyro14y ago

No commenters? I guess they're all checking out whether the porn site passwords are actually valid.

skrebbel14y ago

Unfortunately, they're not.

j / k navigate · click thread line to collapse