[Wingman4l7]

How long until an enterprising scumbag tries to use this to communicate with their botnet?

It's already been done with Twitter/Tumblr[1] -- anyone know if it's been done with pastebin or any other login-free online note app not protected by a decent CAPTCHA? I'm genuinely curious!

[1]http://ddos.arbornetworks.com/2009/08/twitter-based-botnet-c...

[skylarsch]

I hadn't really thought about it. Threw this together in an evening.

Right now I'm not concerned just because it's not very popular. May have to think about adding some kind of check in the future.

[Wingman4l7]

Oh I doubt you'll have to worry about it, it just got me thinking. Botnet operators will likely only experiment with bigger note-app websites that have been around for a while and which have legit traffic to hide their activities.

[crowdis]

I guess you could use a CAPTCHA in lieu of a login when someone first creates a note.

[skylarsch]

Not really a fan of CAPTCHA. May have some kind of "How many kittens are in the picture"

[Wingman4l7]

That would be http://research.microsoft.com/en-us/um/redmond/projects/asir...

There is also one where you assemble a puzzle: https://www.keycaptcha.com/

They have varying levels of handicapped accessibility though.

[skylarsch]

Thanks. Honestly I'm not that concerned about it. If there is a sudden mysterious spike in traffic I may look into it.

[Wingman4l7]

Looks like pastebin has been abused in such a manner, just Google "pastebin botnet".