Pastebin abusing wankers
A few wankers have been abusing the pastebin at paste.ubuntu-nl.org as host for malicious scripts. I’ve now disabled plain text output to prevent this from happening. The plain text output was very useful though and I’d like to bring it back. Does anyone who reads this have an idea on how to prevent abuse while still allowing plain text output?
Update:
Plain text is available again. I added a “report abuse” button and an interface for quickly deleting posts. Thanks jdong for the suggestion (on irc).
Good luck solving the halting problem ;)
On a more serious note, and without knowing the precise nature of the pastebin abuse, you might want to consider plain text output, but prefix the plain text by a small (but random) number of lines that can be snipped away easily by a human.
Abusers might learn how to do this snipping away automatically, but then they could do the same thing with the HTML output.
It’s probably too simple, but seeing that I don’t know exactly what kinds of malicious code it was: wouldn’t a simple htmlentities() solve it? Or perhaps it’s not even PHP…
Nicolai: I’d rather take a shortcut than even thinking about solving the halting problem ;)
The abuse is php code, used for exploiting broken php sites (such as punbb forums) http://paste.ubuntu-nl.org/37159/ is an example. The plain text output of that was used.
Hmm, maybe I should just look for <? and break it
You can always set a limit of 5 days (or any number of days) for data retention. This won’t solve your specific problem, but probably would be a nice addition.
http://paste.ubuntu-nl.org/37159/ says “malicious code removed”.
Yeah, I removed it before reenabling the plain text output. Wankers shall not win :)
So how can I see an example? ;)