Pastebin: The remote backdoor server for the cheap and lazy Malware writers are using the Pastebin web clipboard to host backdoor code, researcher Denis Sinegubko suggests. The code-sharing site was used to store code that was later tapped in attacks against websites running a vulnerable instance of the popular RevSlider plugin. Sinegubko, a Sucuri staffer known for his whitehat …
I've used pastebin for a lot of legitimate reasons
Last week one of my apps was somehow tripping out my API with a new request, so just pointing the app to pastbin instead let me look at the (non-confidential) json code inside as it arrived so i could see exactly what the API saw without trawling through lots of server-side logs
it's not just for anonymous to release statements on..
Speaking as the owner of a competitor site to pastebin, I've never heard so much trash in all my days.
Blacklist pastebin isn't the answer to any sort of problem.
Firstly you'll note wordpress is the actual issue here (as described) - if you want to be worried about something be worried about the insecurity of your actual app. What happened there might not be relevant to your problems (it's extremely likely it isn't).
Secondly what we're really talking about is the ability to both upload content and then fetch it from somewhere. Good luck with that particular game of whack-a-mole. What you're essentially saying is don't allow internet access of any sort. That might be a reality depending on the systems involved but there's no sensible half measures with this problem.
Firstly you'll note wordpress is the actual issue here (as described) - if you want to be worried about something be worried about the insecurity of your actual app. What happened there might not be relevant to your problems (it's extremely likely it isn't)
Does seem odd doesn't it? The attacker has managed to execute arbitrary code in order to retrieve some other arbitrary code and execute it and the solution is block pastebin?
There may be some logic to blocking it if you've absolutely no need for it - as it's (apparently) currently being commonly used as a low tech C&C you do at least block that route, but if enough people do block pastebin it's use as a C&C will drop and the blocking becomes worthless.
a competitor site to pastebin
What web site isn't? The whole point of HTTP is retrieving data. Depending on payload size, decoder size, and amount of work the attacker wants to go through, the payload could be disguised as nearly anything on nearly any site.
How many abandoned blogs are out there with unmonitored, open comment functions?
Hell, just encode the payload as a GIF or PNG and stash it on an image-sharing site. (Other formats work as well, of course, but GIF and PNG are probably the simplest of the common image formats to work with.)
This is clearly a low-hanging-fruit recommendation, but it does so little to prune the attack tree that it hardly seems worthwhile. I never use Pastebin, and I can't see much value in blocking it.
Yes , there are legitimate uses for pastebin specially when one's debugging and using IRC to chat with knowledgeable folks .. pasting 100 lines on an IRC channel is not the right idea , you post where people ( not just one ) but where a wide number of people can read and check ( error logs , crash dumps etc ) and that would be on pastebin and similar.
Trying to kill their site is not the right idea . It will only make things worse for the lot of legitimate users and programmers that try to solve complex problems.
But then again .. follow the money trail ..
Firstly, to temper any dev who takes this the wrong way, blacklisting pastebin is sad state of affairs, HOWEVER, even the dev communities understand piss poor coding is a problem and that not enough diligence has been done for secure coding.
So looking at this from a InfoSec perspective, the question I would put to an organization is, Are you confident in the quality of your apps to prevent this type of attack, and if not, this is a risk, and it can be mitigated by blocking pastebin.
We all have ideas of how things should be, from context of addressing this problem now, if you're susceptible to attack from pastebin codes, I'd say reducing that risk immediately by block pastebin is not a bad idea.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
