archive.today is directing a DDOS attack against my blog

Related Ars article:
Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site

And here is the Wikipedia request for comment page:
https://en.wikipedia.org/wiki/Wikipedia:Requests_for_comment/Archive.is_RFC_5

Background

Archive.today, also known as archive.is, is an archiving service similar to sites like the Internet Archive. Archive.today uses advanced scraping methods, and is generally considered more reliable than the Internet Archive. Due to concerns about botnets, linkspamming, and how the site is run, the community decided to blacklist it in 2013. In 2016, the decision was overturned, and archive.today was removed from the spam blacklist. Over 400,000 pages currently contain over 695,000 links to Archive.today

In January 2026, the maintainers of Archive.today injected malicious code in order to perform a distributed denial of service attack against a person they were in dispute with. Every time a user encounters the CAPTCHA page, their internet connection is used to attack a certain individual's blog. This obviously raises significant concerns for readers' safety, as well as the long-term stability and integrity of the service. The Javascript code which causes this is still live on the website. However, a significant amount of people also think that mass-removing links to Archive.today may harm verifiability, and that the service is harder to censor than certain other archiving sites. As of 12:31, 9 February 2026 (UTC), the malicious code remains active. Please do not visit the archive without blocking network requests to gyrovague.com to avoid being part of the attack!

Edit: Here is a response from WMF's Eric Mill:

I’m Eric Mill, I lead the Product Safety and Integrity team here at WMF. Given the scale and severity of this issue, I wanted to ring in here with a note from WMF to explain our approach, as the English Wikipedia community considers what to do with archive.today and its mirrors.

To cover the facts first, the RFC summary and discussion do a good job of describing the problem: archive.today, a very useful and highly relied-upon archiving service that has helped Wikipedia content be more verifiable and understandable to readers, is using visitor browsers and network bandwidth to carry out a DDoS attack as part of a dispute with another website owner.

Despite the publicity their actions have stirred up, Archive.today’s owner has not been deterred from continuing the ongoing DDoS. Their official blog (a redirect from blog.archive.today) has only dug in further, acknowledging the reporting but neither denying nor apologizing for it. As discussed on this RFC, the site’s owner has previously displayed questionable behavior and violated Wikipedia policies; their use of sockpuppets led to archive.today being blacklisted on English Wikipedia for a time, from 2013 to 2016.

The RFC summary notes the impact of ~400K articles to archive.today, though that doesn’t include the mirrors. For example, archive.is is linked in another 86K articles, archive.ph in another 10K. And this is global and bigger than just English Wikipedia. For example, eswiki, dewiki, jawiki, ptwiki, frwiki are each in the 5 digits of article counts for archive.today (not even counting the other mirrors).

Our view is that the value to verifiability that the site provides must be weighed against the security risks and violation of the trust of the people who click these links. We (WMF) encourage the English Wikipedia community to carefully weigh the situation before making a decision on this unusual case. For readers to remain relaxed and trusting while using Wikipedia, they should be able to reasonably expect that links on Wikipedia to potentially dangerous websites are rare, and that those that do exist are dealt with quickly once spotted.

Further, the same actions that make archive.today unsafe may also reduce its usefulness for verifying content on Wikipedia. If the owners are willing to abuse their position to further their goals through malicious code, then it also raises questions about the integrity of the archive it hosts.

To be clear, our view here isn’t based on who the site owner is, where they’re located, or that they operate pseudonymously. Wikipedia links to both big public institutions and private individuals all the time, routinely extending them that trust as a good-faith participant on the web. For the web to work in that way, it also means reconsidering whether it’s necessary to withdraw trust when it is violated. In our judgment, using unsuspecting site visitors to carry out a DDoS is a violation of that trust.

We expect that when WMF comments on an RFC like this one expressing real concerns, community members will wonder whether we are saying we’re going to take our own actions. The candid answer to that is that we don’t know yet, and have not made that kind of a decision: given the scale of the issue across multiple wikis, we will learn from the result of this RFC and outreach to other communities that might be impacted. We know that WMF intervention is a big deal, but we also have not ruled it out, given the seriousness of the security concern for people who click the links that appear across many wikis.

Right now, we just want to get our view – that the utility of these links for verifiability must be weighed against the violation of the trust of people who click these links – out here for the record, and encourage the community to see this issue as seriously as we do.

https://en.wikipedia.org/wiki/Wikipedia:Requests_for_comment/Archive.is_RFC_5#WMF_note