Inside the archive.today Incident — Simulation, Evidence & What Site Owners Should Do

Inside the archive.today Incident — Simulation & Technical Walkthrough

A step-by-step visualization of the reported JavaScript pattern, why it can create DDoS-level load on small sites, and what was discussed in public sources. Claims are presented as reported/alleged and attributed below.

Suggested permalink:

inside-archive-today-incident-simulation-evidence

Simulation of Repeated Request Attack

This visual demo shows the request pattern reported in community sources. NO network requests are performed by this page.

Interval (ms)

300 ms

Requests/sec

0.00

Total requests

0

Open pages (sim)

1

Visual stream (each dot = simulated request)

Tip: move the interval slider to show how volume changes — lower = more requests.

Simulated request log

[Simulated log — safe visual output only]

// Observed pattern (for explanation only — do NOT run):
// setInterval(function() {
//   fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2), { referrerPolicy:"no-referrer", mode:"no-cors" });
// }, 300);

Step-by-Step: How the Reported Code Produces DDoS-Style Load

1. Timer starts: The code uses setInterval(), which runs a callback repeatedly on the client while the page is open.
2. Each tick builds a unique request: The snippet appends a randomized query (e.g. ?s=abc123) so responses aren't cached by browsers or CDNs.
3. Requests continue while the tab remains open: A single visitor who leaves the tab open effectively becomes a sustained request source.
4. Many visitors = many concurrent request streams: If many people open the archive CAPTCHA page, the number of generated requests multiplies.
5. Small servers suffer: Personal blogs and low-tier hosting can be overwhelmed by sustained CPU/database/bandwidth demands — functionally causing outages similar to DDoS attacks.

Reminder: The code pattern above and the impacts described are what community researchers and the original investigation observed and reported. This article attributes those claims to the sources listed below; it does not assert intent or criminal guilt.

Context: Why People Are Alarmed

archive.today (a widely used web-archiving site) is prominent and used by researchers, journalists, and the public. The fact that the reported code runs on its CAPTCHA page — and that the requests target external blogs — raised alarm in multiple communities (Hacker News, Reddit, Lobsters).

Publicly shared correspondence (linked below) contains allegations about the operator's conduct. These allegations include threatening or coercive messages published in a chat log; they are presented here as reports made public via that correspondence and community threads.

Important: individual-level claims are sensitive. Reporting here sticks to "according to public sources" phrasing and provides links so readers can evaluate the documents themselves.

Video Walkthroughs & Demonstrations

Community members recorded walkthroughs that show the script and behavior—these are embedded for convenience.

Primary Sources & Public Threads (read them yourself)

Gyrovague — Detailed investigation (code, screenshots, timeline) Hacker News discussion (thread) Lobsters thread Reddit (r/DataHoarder) Public correspondence / chat log (published paste)

These sources contain the code sample, screenshots, community analysis, and the published correspondence. Please read them directly for full context.

Recommended Mitigations for Site Owners

• Rate-limit search endpoints and expensive queries (return 429/503 when under heavy load).
• Cache common responses and treat very short random queries as low-cost cached hits.
• Use CDN or WAF to detect and block repetitive client-side request patterns.
• Monitor logs for repeated similar requests and save sample headers for abuse reporting.
• Consider temporary blocking of the archive domain in server-side rules while investigating.