When an Archive Became an Attack: archive.today’s DDOS Against a Blogger

When an Archive Became an Attack: archive.today’s DDOS Against a Blogger

Lede: In January 2026 I discovered that archive.today’s CAPTCHA page was causing visitors’ browsers to repeatedly request my blog, effectively using those visitors as proxies to generate heavy traffic. The behavior appears to have started around January 11, 2026 and runs a JavaScript loop that repeatedly issues network requests against my site while the CAPTCHA page remains open. Source: Gyrovague

What happened (summary)

The author explains that a client-side script on archive.today’s CAPTCHA page issues frequent, randomized search requests to gyrovague.com while the CAPTCHA page is open, causing repeated hits on the blog’s search endpoint. The issue was noticed publicly and discussed on security forums and community platforms.

Timeline & response

After the behavior began appearing, it was raised in public forums and the blog host was contacted. A GDPR complaint and email exchanges with the archive’s webmaster are part of the published timeline, and the blog was added to some DNS blocklists used by ad-blockers which blocked the requests for those users.

Why it matters

This episode raises questions about responsibility for third-party scripts, the use of archival services, and how anti-bot/CAPTCHA pages should behave when they risk causing harm to other sites.

Conclusion

The facts are observable and concerning; conversations about remediation and responsible behavior for archival and anti-abuse systems are ongoing. Read the original report (linked below) for screenshots, code snippets, and the full email timeline.

Originally reported by Jani Patokallio — Gyrovague.