12 comments

[ 2.6 ms ] story [ 40.3 ms ] thread
How long until an enterprising scumbag tries to use this to communicate with their botnet?

It's already been done with Twitter/Tumblr[1] -- anyone know if it's been done with pastebin or any other login-free online note app not protected by a decent CAPTCHA? I'm genuinely curious!

[1]http://ddos.arbornetworks.com/2009/08/twitter-based-botnet-c...

I hadn't really thought about it. Threw this together in an evening.

Right now I'm not concerned just because it's not very popular. May have to think about adding some kind of check in the future.

I guess you could use a CAPTCHA in lieu of a login when someone first creates a note.
Not really a fan of CAPTCHA. May have some kind of "How many kittens are in the picture"
Oh I doubt you'll have to worry about it, it just got me thinking. Botnet operators will likely only experiment with bigger note-app websites that have been around for a while and which have legit traffic to hide their activities.
Looks like pastebin has been abused in such a manner, just Google "pastebin botnet".