« Memcached used for Digg session storage The Hamsters Have Landed! »

Pastebin Reset…

Sunday, 11 June 2006, 20:51 | Category : Pastebin

I’m rarely “off the grid” but while away camping over the weekend the pastebin database seems to have suffered a pretty catastrophic failure. For the time being I’ve reset it while I investigate…

Thanks to the (many!) folks who alerted me!

Edit: OK, I’ve restored a backup from a few weeks ago, which means most recent posts are gone. Many apologies for the inconvenience caused, still looking for the root cause (all the pastebin tables were just *gone* :( ).

20 Comments for “Pastebin Reset…”

  1. 1Julian Mehnle

    wrote on 11 June 2006 at 22:20

    An SQL injection vulnerability perhaps?

  2. 2lordelph

    wrote on 11 June 2006 at 23:30

    That would seem the most likely. Won’t have much time to have a more detailed look until Monday…

  3. 3Jonathan Hogg

    wrote on 11 June 2006 at 23:31

    That was my immediete guess when I first saw the error. Particularly as the entrie statement was in the error message – if any error did that it would be very easy to see which tables were which for the injected statement.

  4. 4lordelph

    wrote on 13 June 2006 at 16:07

    Since pastebin is open source, it’s pretty easy to determine the tables and find holes.

  5. 5Paolo

    wrote on 20 June 2006 at 16:54

    pastebin still has problems: I was trying to send a text, it hangs (apparently) after uploading.

    Thank you for your work

  6. 6solemnwarning

    wrote on 21 June 2006 at 10:39

    If it is an SQL injection vunrebility you can probably prevent it by removing the pastebin.com site permissions for things like ‘DROP TABLE’, although that would still leave a security hole for SQL commands needed by the site.

  7. 7Brian

    wrote on 22 June 2006 at 0:05

    No offense, but pastebin was working just fine until it underwent its recent changes. I understand the need/want to change it, but I wish there was a way to use the old one while the new one is being worked on. There could be different branches of pastebin, like Debian (Stabel,Testing,Unstable). Just my 2 cents.

  8. 8lordelph

    wrote on 22 June 2006 at 7:54

    I understand the frustration, but it’s the sheer load which is causing the problems. I’m looking for a faster dedicated server for it, but the ad revenue doesn’t amount to much which limits the options!

    I wonder if anyone would actually pay for an ad-free, highly-available service….?

  9. 9A-Kaser

    wrote on 26 June 2006 at 11:34

    “I’m looking for a faster dedicated server for it, but the ad revenue doesn’t amount to much which limits the options!”

    feature ?

    A-Kaser (alias frbayart on your msn)

  10. 10Tom Taylor

    wrote on 28 June 2006 at 15:24

    Pastebin seems to be so slow at the moment, is this anything todo with the changes or problems ?

  11. 11trix

    wrote on 2 July 2006 at 19:05

    i was wondering, how much does the current server cost & what are the specs of it?

    and slightly off-topic here but if there anychance you would be able to add mIRC & TCL syntax highlighting in future versions? :D

    trix

  12. 12Viper007Bond

    wrote on 4 July 2006 at 3:34

    Still slow as hell and I don’t see any recent items listed.

    Did it break again? :(

  13. 13PovAddict

    wrote on 4 July 2006 at 16:40

    http://www.phpnet.us, free, no ads, PHP (version 4 tho), MySQL, 300MB space, 80GB monthly traffic. is it enough for pastebin? xDD

  14. 14JamesHarrison

    wrote on 5 July 2006 at 23:08

    I dunno how Pastebin handles the subdomain assign/reassign SQL, but I guess you don’t drop the tables. Worth removing permissions for your DB user and perhaps doing a stripslashes() on all GET/POST vars used in SQL queries- simple things like that often get overlooked, but help so much!

    As for hosting- I can probably sort something out for you, drop me a line.

  15. 15stefys

    wrote on 6 July 2006 at 0:04

    sorry for that post. looks like the bug is already fixed in last version, prolly pastecode.com doesn’t have last version yet.

  16. 16Qube

    wrote on 28 August 2006 at 20:10

    Get your lazy ass back on #php dude :-)

    I wrote a PDO db layer for pastebin so I wouldn’t have to use that poor excuse for a database (mysql). If you’re interested in rolling the changes in, give me a shout.

    Paul.

  17. 17Qube

    wrote on 28 August 2006 at 20:11

    PS. I forgot to mention – I use prepared statements throughout, so it will never suffer an SQL injection attack (as mentioned by others in this thread).

  18. 18Cas

    wrote on 8 September 2006 at 16:26

    Probaly the overhead of the table.

    I maintain a site where records just disapear!

  19. 19Ragnaar

    wrote on 8 December 2006 at 8:36

    Pactebin.com don’t work some deys…

  20. 20Adam Iulian

    wrote on 12 November 2008 at 20:54

    Could you tell me how can i delete my post? Because some private information gone on the net. Please help!

Leave a comment