Reply to post: Re: Uhm.

Pastebin: The remote backdoor server for the cheap and lazy

Michael Wojcik Silver badge

Re: Uhm.

a competitor site to pastebin

What web site isn't? The whole point of HTTP is retrieving data. Depending on payload size, decoder size, and amount of work the attacker wants to go through, the payload could be disguised as nearly anything on nearly any site.

How many abandoned blogs are out there with unmonitored, open comment functions?

Hell, just encode the payload as a GIF or PNG and stash it on an image-sharing site. (Other formats work as well, of course, but GIF and PNG are probably the simplest of the common image formats to work with.)

This is clearly a low-hanging-fruit recommendation, but it does so little to prune the attack tree that it hardly seems worthwhile. I never use Pastebin, and I can't see much value in blocking it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022