archive.today is directing a DDOS attack against my blog (and more)

Disclaimer: This is not technically a privacy matter for the reader, but I believe it is adjacent and important enough for this community.

Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript: setInterval(function() { fetch("https://gyrovague.com/?s=” + Math.random().toString(36).substring(2, 3 + Math.random() * 8), { referrerPolicy: “no-referrer”,…

Far too many netizens still try to ignore this or even come up with reasons why gyrovague is the bad guy here.

Alternative archive pages:

archive.org
ghostarchive.org
archivebox.io (self-hosted)

But how else to bypass a paywall?

I’ve read relevant articles and clicked old links - they all seem to be history. The only ones that still work just look for the article in various archives - the subject of this post always amongst them. The same applies to this article, but there’s still some good tips.

Here is the original article from 2023: https://gyrovague.com/2023/08/05/archive-today-on-the-trail-of-the-mysterious-guerrilla-archivist-of-the-internet/ and what Patakallio has to say about it today:

The post mentions three names/aliases linked to the site, but all of them had been dug up by previous sleuths and the blog post also concludes that they are all most likely aliases, so as far as “doxxing” goes, this wasn’t terribly effective.

Here is a relevant ArsTechnica article: https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-archive-today-after-site-executed-ddos-and-altered-web-captures/

Wikipedia editors discovered that the archive site altered snapshots of webpages to insert the name of the blogger who was targeted by the DDoS.

archive.today (.ph, .is, .md, .fo, .li, .vn) also loads a pixel and javascript from mail.ru. The script mentions lamoda.ru, kommersant.ru, dzen.ru, ad.mail.ru, vk.com, vkontakte.ru, ok.ru, odnoklasseniki.ru. I haven’t researched this further, but I think one can assume that your IP address will be spread across all relevant Russian websites. 10 years ago I would have said “so what? The Russians have social media too” but today you can safely assume that all this data is available to the government itself and is actively contributing to the hybrid war.

All in all, archive.today has always been in the “too good to be true” category. Call me suspicious.

And once again because it’s important:

The Wikipedia guidance points out that the Internet Archive and its website, Archive.org, are “uninvolved with and entirely separate from archive.today.”