Open supakeen opened 4 years ago
tritium21
commented
4 years ago Devil's advocate: Debugging web server configuration is a very reasonable, possibly common, legitimate usecase for a pastebin, and server logs contain hundreds, if not thousands of URLs
supakeen
commented
4 years ago Hah, I hadn't thought about the fact that people do share access logs directly, this needs some more thought in that case. Perhaps if it's a configuration option that can be set per-instance the impact is somewhat more limited.
Forza-tng
commented
3 years ago Perhaps set up rate limiting on the submission form in your webserver software. Apache has mod_qos as one option.
supakeen
commented
3 years ago This is again relevant as another hoster encountered an issue with their pastebin being spammed.
mweinelt
commented
3 years ago Maybe we can identify some ratio between links and overall text and penalize the IP address in question in relation to that ratio, so the more links they post the more they have to wait before posting again, which could in fact increase exponentionally.
It was my setup that was being spammed. The bots came in 3-5 minute intervals from 4-5 different IP addresses.
I know this is a hotly debated topic but some sort of scoring for spam that can optionally be enabled in the configuration would be a good thing to have.
At bpaste there are a lot of spambots that create pastes with many links in them, an initial implementation could score based on the link count available.