I’m rarely “off the grid” but while away camping over the weekend the pastebin database seems to have suffered a pretty catastrophic failure. For the time being I’ve reset it while I investigate…
Thanks to the (many!) folks who alerted me!
Edit: OK, I’ve restored a backup from a few weeks ago, which means most recent posts are gone. Many apologies for the inconvenience caused, still looking for the root cause (all the pastebin tables were just *gone* 🙁 ).
An SQL injection vulnerability perhaps?
That would seem the most likely. Won’t have much time to have a more detailed look until Monday…
That was my immediete guess when I first saw the error. Particularly as the entrie statement was in the error message – if any error did that it would be very easy to see which tables were which for the injected statement.
Since pastebin is open source, it’s pretty easy to determine the tables and find holes.
pastebin still has problems: I was trying to send a text, it hangs (apparently) after uploading.
Thank you for your work
If it is an SQL injection vunrebility you can probably prevent it by removing the pastebin.com site permissions for things like ‘DROP TABLE’, although that would still leave a security hole for SQL commands needed by the site.
No offense, but pastebin was working just fine until it underwent its recent changes. I understand the need/want to change it, but I wish there was a way to use the old one while the new one is being worked on. There could be different branches of pastebin, like Debian (Stabel,Testing,Unstable). Just my 2 cents.
I understand the frustration, but it’s the sheer load which is causing the problems. I’m looking for a faster dedicated server for it, but the ad revenue doesn’t amount to much which limits the options!
I wonder if anyone would actually pay for an ad-free, highly-available service….?
“I’m looking for a faster dedicated server for it, but the ad revenue doesn’t amount to much which limits the options!”
feature ?
A-Kaser (alias frbayart on your msn)
Pastebin seems to be so slow at the moment, is this anything todo with the changes or problems ?
i was wondering, how much does the current server cost & what are the specs of it?
and slightly off-topic here but if there anychance you would be able to add mIRC & TCL syntax highlighting in future versions? 😀
trix
Still slow as hell and I don’t see any recent items listed.
Did it break again? 🙁
http://www.phpnet.us, free, no ads, PHP (version 4 tho), MySQL, 300MB space, 80GB monthly traffic. is it enough for pastebin? xDD
I dunno how Pastebin handles the subdomain assign/reassign SQL, but I guess you don’t drop the tables. Worth removing permissions for your DB user and perhaps doing a stripslashes() on all GET/POST vars used in SQL queries- simple things like that often get overlooked, but help so much!
As for hosting- I can probably sort something out for you, drop me a line.
sorry for that post. looks like the bug is already fixed in last version, prolly pastecode.com doesn’t have last version yet.
Get your lazy ass back on #php dude 🙂
I wrote a PDO db layer for pastebin so I wouldn’t have to use that poor excuse for a database (mysql). If you’re interested in rolling the changes in, give me a shout.
Paul.
PS. I forgot to mention – I use prepared statements throughout, so it will never suffer an SQL injection attack (as mentioned by others in this thread).
Probaly the overhead of the table.
I maintain a site where records just disapear!
Pactebin.com don’t work some deys…
Could you tell me how can i delete my post? Because some private information gone on the net. Please help!