I thought everyone knew this. Pastebin hasn't been used seriously for pasting code snippets for years, everyone's moved to one of the (much) better pastebins. Here's just a few i can think of off the top of my head:
I always preferred http://pastie.org/ as it's the prettiest and most readable of the bunch. You can select from a good list of syntax highlighting color schemes, for instance (and they have Twilight and Vibrant Ink...)
Here's an example I found on their recent pastes page:
I wouldn't be so quick to dismiss Pastebin's legitimate uses. I see it get used all the time for sharing debug output and system logs (generally between systems where there isn't any other easy method of communication).
The other ones may be prettier but Pastebin has mindshare.
What do you mean by "mindshare"? It's not like there is any real community on those sites. For me most of them are completely interchangeable. The only exception is Gist, which has the advantage of version control.
Lots of people (that I know, anyway) know what Pastebin is, and don't know of any of the other, similar sites. If they need to paste some output, they type "pastebin.com" into their address bar and that's it.
I think pastebin is still a very good site for code pastes. I haven't seen a site which offers more features and functionality. Sure if you just want a quick public anonymous post of some plain text, any will do. In my case pastebin.com is the only one i've found that had syntax highlighting for some of the more obscure languages I use (such as Go).
Another I just saw was a keylog of someone changing their password after their Facebook account was flagged for suspicious activity. Obviously, they've got bigger problems.
Question: should I contact this person and tell them what happened?
(Thinking about it, it would be trivial to write a script that monitors for this kind of stuff, and e-mails the victim, or sends them a facebook message, explaining what happened. But, uh, seems like it might expose me to liability at worst, and angry reply emails at best.)
Welcome to the internet, this is pretty old news. You want to see more interesting stuff? Next time you stumble upon an owned computer, try to follow where the network stack is leading to and you'll sometimes find IRC channels with really interesting mechanics and things in them to control these computers.
Interesting, do you know of any blog posts or articles that discusses these rooms, or more on how to do this? And I may be showing my out-of-touchness with black-hat culture, but I assume by "owned" computer, you mean one that's a botnet node?
Tip: botnet hunting is a perfect example of something you should not learn from a set of instructions on someones blog. To do so would be a criminal sacrifice of an opportunity for joyous discovery and autodidacticism.
It's called botnet hunting for a reason. The thrill of the chase.
I'm really glad that I was 13 before the era where you could just go and get detailed instructions on every possible piece of knowledge, and before there were places like stackexchange where people scramble to answer your every question in seconds. Instead I had to spend hours days and weeks doing this stuff from scratch, and without that, I doubt if I'd be paying the rent with computers right now.
Sorry if this sounds a bit condesending, I'm just trying to help people get the maximum utility from their time skulking around in virtual alleyways chasing criminals. Surely a noble aim? ;)
I'd say a good way to get started would be to install Windows XP on a machine, start downloading and installing pirated warez, then watch `netstat` or install Wireshark.
I would suggest two modifications to your plan: Using a VM (easier and fairly safe, very few viruses can break out of a VM), and getting the viruses some other way (I don't see that many in pirated material). One way that works is to follow the links next time a spambot hits a large IRC channel you're in.
Here is a description on what service pastebin provides: "Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time."
It doesn't make pastebin abused just because some internet individual thinks it is only for interesting source code.
Judging by the comments on the linked article, I'd say quite a few black-hats and crackers/etc are upset he's bringing this to light for those of us who were unaware.
This has been the case for a while. Anything you paste there will be seen by everyone + google. I did a simple pastebin for myself a while back that doesnt have a public directory - http://tinypaste.com - Also has code compilation built in, via codepad
There's a discussion in Cory Doctorow's "For The Win" (excellent novel, btw, download it today) of how to coordinate groups of anonymous activists online. A favorite tactic of the fictional activists in the book was to take over the comment thread of some arbitrary old blog post for a short period of time, using it as a chat channel.
Have you tried searching for "site:pastebin.com mysql_connect" ? That's even scarier. There's people that do post their database password and username publicly.
That is unlikely to matter - mysql and postsql doesn't allow connections from outside of localhost by default on Ubuntu (and properly other unixes as well).
So really, yeah if you already have local access you can pwn the box, but you have pretty much done that already.
Seems like a logical step to me, especially for dodgy automated tools. Making your programs paste the illegal info in pastebin makes a lot of sense from a plausible deniability standpoint. "No sir, I didn't plant the bug there, I just found this log on a public website."
Pastebin's owner seems to not mind automated tools using the site ( http://stackoverflow.com/questions/833887/pastebin-api , comment on question ), so the only solution I see is a "report public paste" feature. But that would be near useless against the volume of computer generated content created. And worse yet, the address that pasted it is just another victim, so there's little hope going against it.
Though I really hope I'm wrong, pastebin is a great website.
I forked the code in this article and made it parse a Pastebin site hosted on the I2P Darknet (http://i2p2.de).
Expected to find alot of more stuff like this in a completly anonymous enviroment like I2P. But no, the anonymous people on I2P seems like a nice bunch.
I'm surprised they don't use asymmetric encryption to hide their tracks. It seems obvious to encrypt the contents using a public key before sending it to pastebin, so that only the attacker (or attackers) can decrypt it.
This is why you always must remember to set good expiration settings and edit out any confidential content (like passwords or identifying chunks of code) when you use a pastebin.
Why is this news, hasn't this been the case since the very start? Any time I see a link to a pastebin site I always take a look at the public shares just to see what's up there and it's always filled with this stuff.
Thought this was going to be about the posting of the full version of that paywalled Wall Street Journal article on Iran's plans for its own internet. Thank god that's still okay.
http://paste.pocoo.org/
http://gist.github.com/
http://dpaste.org/
http://fpaste.org/
http://codepad.org/
and http://rafb.net/paste/ before it was shut down