Pastebin abused

I thought everyone knew this. Pastebin hasn't been used seriously for pasting code snippets for years, everyone's moved to one of the (<i>much</i>) better pastebins. Here's just a few i can think of off the top of my head:<p><a href="http://paste.pocoo.org/" rel="nofollow">http://paste.pocoo.org/</a><p><a href="http://gist.github.com/" rel="nofollow">http://gist.github.com/</a><p><a href="http://dpaste.org/" rel="nofollow">http://dpaste.org/</a><p><a href="http://fpaste.org/" rel="nofollow">http://fpaste.org/</a><p><a href="http://codepad.org/" rel="nofollow">http://codepad.org/</a><p>and <a href="http://rafb.net/paste/" rel="nofollow">http://rafb.net/paste/</a> before it was shut down

Some of them sound downright sad: <a href="http://pastebin.com/v70Z85aC" rel="nofollow">http://pastebin.com/v70Z85aC</a><p>Another I just saw was a keylog of someone changing their password after their Facebook account was flagged for suspicious activity. Obviously, they've got bigger problems.<p>Question: should I contact this person and tell them what happened?<p>(Thinking about it, it would be trivial to write a script that monitors for this kind of stuff, and e-mails the victim, or sends them a facebook message, explaining what happened. But, uh, seems like it might expose me to liability at worst, and angry reply emails at best.)

Welcome to the internet, this is pretty old news. You want to see more interesting stuff? Next time you stumble upon an owned computer, try to follow where the network stack is leading to and you'll sometimes find IRC channels with really interesting mechanics and things in them to control these computers.

Why is it considered an abuse?<p>Here is a description on what service pastebin provides: "Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time."<p>It doesn't make pastebin abused just because some internet individual thinks it is only for interesting source code.

Reminds me of:<p><a href="http://en.wikipedia.org/wiki/Dead_drop" rel="nofollow">http://en.wikipedia.org/wiki/Dead_drop</a>

This has been the case for a while. Anything you paste there will be seen by everyone + google. I did a simple pastebin for myself a while back that doesnt have a public directory - <a href="http://tinypaste.com" rel="nofollow">http://tinypaste.com</a> - Also has code compilation built in, via codepad

There's a discussion in Cory Doctorow's "For The Win" (excellent novel, btw, download it today) of how to coordinate groups of anonymous activists online. A favorite tactic of the fictional activists in the book was to take over the comment thread of some arbitrary old blog post for a short period of time, using it as a chat channel.<p>Obviously, Pastebin works too.

Never thought about this. It's scary what even a basic search such as <i>site:pastebin.com password username</i> can return.

Seems like a logical step to me, especially for dodgy automated tools. Making your programs paste the illegal info in pastebin makes a lot of sense from a plausible deniability standpoint. "No sir, I didn't plant the bug there, I just found this log on a public website."<p>Pastebin's owner seems to not mind automated tools using the site ( <a href="http://stackoverflow.com/questions/833887/pastebin-api" rel="nofollow">http://stackoverflow.com/questions/833887/pastebin-api</a> , comment on question ), so the only solution I see is a "report public paste" feature. But that would be near useless against the volume of computer generated content created. And worse yet, the address that pasted it is just another victim, so there's little hope going against it.<p>Though I really hope I'm wrong, pastebin is a great website.

I see things like that on pastebin since ages. I thought it was common knowledge that pastebin hosted that kind of content until today.

WARNING - don't click on the tinypic link in the comments<p>[Edit: not sure if the pic's fake or not, but it's a photo of the top halves of two corpses]

I forked the code in this article and made it parse a Pastebin site hosted on the I2P Darknet (<a href="http://i2p2.de" rel="nofollow">http://i2p2.de</a>). Expected to find alot of more stuff like this in a completly anonymous enviroment like I2P. But no, the anonymous people on I2P seems like a nice bunch.<p>Here is the code: <a href="http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-pastebin-parser.html" rel="nofollow">http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-past...</a>

It's kind of rude not to edit out the usernames and passwords from his examples.

This has been happening for a long time. I remember stumbling across an /etc/passwd file that was from a Yahoo! server awhile ago.

I'm surprised they don't use asymmetric encryption to hide their tracks. It seems obvious to encrypt the contents using a public key before sending it to pastebin, so that only the attacker (or attackers) can decrypt it.

Makes me want to run google searches on all my passwords, just in case...

Welcome to the internet.

Well, pastebins are free, you can post anything there. If you don't want to see stuff like that, then DON'T CHECK OUT THE PUBLIC PASTES.<p>pastebin.com sucks. Use LodgeIt[] or Gist[].<p>[LodgeIt]: <a href="http://paste.pocoo.org/" rel="nofollow">http://paste.pocoo.org/</a><p>[Gist]: <a href="http://gist.github.com/" rel="nofollow">http://gist.github.com/</a>

This is why you always must remember to set good expiration settings and edit out any confidential content (like passwords or identifying chunks of code) when you use a pastebin.

Why is this news, hasn't this been the case since the very start? Any time I see a link to a pastebin site I always take a look at the public shares just to see what's up there and it's always filled with this stuff.

Thought this was going to be about the posting of the full version of that paywalled Wall Street Journal article on Iran's plans for its own internet. Thank god that's still okay.

No commenters? I guess they're all checking out whether the porn site passwords are actually valid.