Rendered at 07:06:34 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
stuffoverflow 2 hours ago [-]
Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.
winkelmann 56 minutes ago [-]
I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.
I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?
43 minutes ago [-]
JasonADrury 37 minutes ago [-]
The blog is still online and only exists as a part of a harassment campaign targeting archive.today
Do you also offer stormfront and the daily stormer tips on DDoS mitigation?
throwingcookies 23 minutes ago [-]
> The blog is still online and only exists as a part of a harassment campaign targeting archive.today
The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?
JasonADrury 15 minutes ago [-]
Because all the content in the past 4+ years is about archive.today?
There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards the site's creator.
winkelmann 10 minutes ago [-]
> all the content in the past 4+ years is about archive.today
Okay, there's one filler post I missed. I'm sure it took a lot of time to write the 16739382nd post explaining what the various things on a boarding pass mean.
throwingcookies 35 minutes ago [-]
Why is archive today attacking that website?
nailer 32 minutes ago [-]
The linked blog contains a story about who funds archive today and they presumably don’t like being exposed.
VERIRoot 3 minutes ago [-]
well that exposing is hurting more than 2 for sure
throwingcookies 22 minutes ago [-]
Thanks. I am so confused by this social drama, I feel like I am getting too old for this.
winkelmann 3 hours ago [-]
"archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling"
Ditto for their other domains like archive.is and archive.ph
Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.
longislandguido 5 minutes ago [-]
Breach of trust by a site whose primary purpose is bypassing paywalls and ripping off content?
20 years ago during the P2P heyday this was assumed to come with the territory. Play with fire and you could get burned.
rdevilla 1 hours ago [-]
[flagged]
winkelmann 1 hours ago [-]
Call me naive, but I still believe that people generally disapprove of their internet connection being abused to conduct cyber-attacks.
rdevilla 1 hours ago [-]
There are many things people disapprove of that others will unilaterally visit upon them anyway. This is the world of 2026. It's not a normative claim but a descriptive one of the reality we live in today.
andor 4 minutes ago [-]
Bulletproof hosting service not happy that someone is running their C&C infrastructure elsewhere
razingeden 3 hours ago [-]
Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.
The c&c/botnet designation would seem to be new though.
winkelmann 2 hours ago [-]
As far as I am aware, all previous issues with archive.today and Cloudflare were on account of archive.today taking measures to stop Cloudflare's DNS from correctly resolving their domains, not the other way around.
The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.
Hamuko 22 minutes ago [-]
Sounds a bit like when "Finland geoblocked archive.today". In all actuality, there was no geoblocking of the site in Finland by any authorities or ISPs, but rather it was the website owner blocking all Finnish IPs after some undisclosed dispute with Finnish border agents. When something bad happens, people seem a bit too willing to give archive.today the benefit of the doubt.
akerl_ 2 hours ago [-]
Have they? The thing I remember previously was archive.is, and it wasn’t a block, archive.is was serving intentionally wrong responses to queries from cloudflare’s resolvers.
This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.
Intentionally, I believe? archive.today iirc has explicitly blocking Cloudflare from resolving them at various times over the years due to Cloudflare DNS withholding requesting-user PII (ip address) in DNS lookups.
Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.
36 minutes ago [-]
charcircuit 2 hours ago [-]
When the heat dies down, hopefully this flag gets removed.
dydgbxx 2 hours ago [-]
Why? It’s accurate and if the owner has chosen to do this for months now, why should we ever trust they won’t again? Nobody should ever use that site and every optional filter should block them.
winkelmann 1 hours ago [-]
There's probably a worthwhile discussion to be had about what it takes for a site in this situation to be removed from blocklists. An apology? Surrender to authorities? Halting the malicious activity for a certain period of time?
Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.
I suppose “evidence that the site’s leadership has permanently changed” would convince me. Whoever decided to put in the code that causes visitors to DDOS someone should never be running a web site again.
quotemstr 57 minutes ago [-]
Because it's not the place of a DNS resolver to police the internet.
qzzi 20 minutes ago [-]
1.1.1.1 is simply a free DNS, 1.1.1.2 blocks malware, and 1.1.1.3 blocks both malware and adult content. It's a service that does exactly what it's supposed to do.
ryandrake 37 minutes ago [-]
If I specifically choose a DNS server that promises to not resolve sites that will use my computer in a botnet, then it is that DNS resolver’s place to do that.
dqh 41 minutes ago [-]
This particular revolver is an opt-in service for users that want Cloudflare to block anything that Cloudflare designates as malware.
JasonADrury 1 hours ago [-]
[flagged]
charcircuit 1 hours ago [-]
>Why?
Because once the problematic content is removed it should no longer be blocked.
>It's accurate
It is neither a C&C server for a botnet, nor any other server related to a botnet. I would not call it accurate.
>Nobody should ever use that site
It has a good reputation for archiving sites, has stead the test of time, and doesn't censor pages like archive.org does allowing you to actually see the history of news articles instead of them being deleted like archive.org does on occasion.
3eb7988a1663 53 minutes ago [-]
The site started doctoring archived versions as part of the petty feud. That is, what was supposed to be a historical record, suddenly had content manipulated so as to feed into this fight[0]. There is no redemption. You want to be an archive, you keep it sacrosanct. Put an obvious hosting-site banner overlay if you must, but manipulating the archive is a red-line that was crossed.
...On 20 February 2026, English Wikipedia banned links to archive.today, citing the DDoS attack and evidence that archived content was tampered with to insert Patokallio's name.[19] The decision was made despite concerns over maintaining content verifiability[19] while removing and replacing the second-largest archiving service used across the Wikimedia Foundation's projects.[20] The Wikimedia Foundation had stated its readiness to take action regardless of the community verdict.[19][20]
If archive.today was known to be run by a woman, would you still describe the stalking and harassment by Jani Patokallio as a "petty feud"?
At least in my social circles, this kind of behavior is viewed in an extremely negative light. Stalkers are about as universally disliked as pedophiles.
tredre3 22 minutes ago [-]
If archive.today was known to be run by God himself, I would still describe what he is doing as a DDoS and breaching the trust of its users by abusing their browser and bandwidth to conduct his battles.
JasonADrury 14 minutes ago [-]
I think you replied to the wrong comment? That doesn't address what I wrote in any way whatsoever.
Unless you're arguing that the response by archive.today retroactively justifies the behaviour of Jani Patokallio, which would be a bizarre take.
gbear605 60 minutes ago [-]
It is in fact a botnet - they’ve been hijacking user browsers to act as a botnet to DDoS.
InsideOutSanta 51 minutes ago [-]
It's not just problematic content, it's criminal behavior. And the site has a bad reputation for archival, given that the owner altered the content of archived articles.
I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?
Do you also offer stormfront and the daily stormer tips on DDoS mitigation?
The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?
There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards the site's creator.
But it's not? This was published between the two posts about archive.today: https://gyrovague.com/2025/02/23/anatomy-of-a-boarding-pass-...
Ditto for their other domains like archive.is and archive.ph
Example DoH request:
$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]}
---
Relevant HN discussions:
https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"
https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"
https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack
Wikipedia page on deprecating and replacing archive.today links:
https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...
20 years ago during the P2P heyday this was assumed to come with the territory. Play with fire and you could get burned.
The c&c/botnet designation would seem to be new though.
The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.
This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.
https://news.ycombinator.com/item?id=19828702
Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.
Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.
[1] https://news.ycombinator.com/item?id=47474777
Because once the problematic content is removed it should no longer be blocked.
>It's accurate
It is neither a C&C server for a botnet, nor any other server related to a botnet. I would not call it accurate.
>Nobody should ever use that site
It has a good reputation for archiving sites, has stead the test of time, and doesn't censor pages like archive.org does allowing you to actually see the history of news articles instead of them being deleted like archive.org does on occasion.
At least in my social circles, this kind of behavior is viewed in an extremely negative light. Stalkers are about as universally disliked as pedophiles.
Unless you're arguing that the response by archive.today retroactively justifies the behaviour of Jani Patokallio, which would be a bizarre take.