archive.today is directing a DDOS attack against my blog
Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript: setInterval(function() { fetch(“https://gyrovague.com/?s=” + Math.random().toString(36).substring(2, 3 + Math.random() * 8), { referrerPolicy: “no-referrer”, mode: “no-cors” }); }, 300); Every 300 milliseconds, as long as the CAPTCHA page is open, this makes a request to the search function of my blog using a random string, ensuring the response cannot be cached and thus consumes resources. You can validate this yourself by checking the source code and network requests; if you’re…
