Archive.today CAPTCHA Script Triggers DDoS-Level Traffic: Technical Breakdown

Archive.today CAPTCHA Script Triggers DDoS-Level Traffic: Technical Breakdown

Published · Investigation · archive.today · DDoS

An investigation shows that archive.today’s CAPTCHA page executes a client-side script that repeatedly sends automated requests to a third-party blog every 300 milliseconds — behavior consistent with sustained DDoS-level traffic.

What Was Observed

While visiting archive.today, its CAPTCHA page was found running JavaScript that automatically issues repeated search requests to a specific blog URL. These requests continue as long as the CAPTCHA page remains open in a browser tab.

The Script Explained (Plain English)

setInterval(function() {
  fetch("https://targetsite.com/?s=random");
}, 300);

For non-technical readers: this means the page sends roughly three automated requests per second to the same site. The random search terms prevent caching, forcing the server to work every time.

Why this matters: Continuous traffic at this rate can overload small websites, increase hosting costs, degrade performance, or cause outages — effects commonly associated with DDoS attacks.

Public Discussion & Verification

The findings triggered widespread discussion on Hacker News and Reddit, where users reviewed screenshots, verified the behavior, and debated the responsibilities of web archive operators.

Sources

Original Investigation – Gyrovague Hacker News Discussion Reddit Community Thread

Comments

Post a Comment