Incident

A Blog Under Siege: archive.today’s CAPTCHA Turning Visitors Into DDoS Proxies

February 2026 · analysis · tags: archive.today, DDoS, web-archives

TL;DR: Multiple reports show archive.today’s CAPTCHA page executed a small JavaScript loop that repeatedly requested a blog’s search endpoint roughly every 300ms — effectively creating DDoS-like traffic while the CAPTCHA was open. Read the technical details and community discussion below.

What was observed: the CAPTCHA contained a `setInterval` loop that called a site’s search URL with a randomized query string about every 300 milliseconds — preventing caching and maintaining a steady stream of requests while the page was open. The code snippet is included below and was reproduced in reporting.

setInterval(function() {
fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
referrerPolicy: "no-referrer",
mode: "no-cors"
});
}, 300);

Source material includes the original first‑person report with screenshots and code, plus discussion on Hacker News and Reddit. Links at the bottom point to the full write‑up.

Why this matters

Client‑side code that repeatedly issues network requests can unintentionally turn ordinary visitors into traffic generators. For small blogs and low‑capacity hosts, sustained requests every 0.3s can consume bandwidth and CPU, causing slowdowns or outages.

Quick mitigation steps

Rate‑limit search and high‑cost endpoints (return HTTP 429 for excessive requests).
Use CDN/WAF rules to block abnormal request patterns and protect origin servers.
Ignore obviously random short search queries server‑side or respond with lightweight cached content.
Collect request logs (timestamps, headers, user agents) for abuse reports and forensics.

Gallery

Community discussion & sources

See the full reporting and community threads for screenshots, code, and the author's timeline:

Search This Blog

👉 A Blog Under Siege: archive.today and a DDoS Attack