Archive.today, DDoS-by-JavaScript, and the Risks of Unchecked Archiving Power
Archive.today, DDoS-by-JavaScript, and the Risks of Unchecked Archiving Power
1. What Was Discovered
According to multiple independent reports, archive.today pages were observed running JavaScript that repeatedly generates outbound requests to a specific blog URL with random query strings. This behavior was documented by the affected site owner and discussed widely on Hacker News and Reddit.
2. How the JavaScript-Based DDoS Works
The reported code uses a repeating timer (setInterval) to generate requests every ~300 milliseconds.
Each request appends a random query string (e.g. ?s=random) to bypass caching and force server processing.
3. Why This Is Especially Concerning
Archive.today is one of the largest web archiving services in the world. Observers argue that running aggressive JavaScript from such a high-traffic platform creates disproportionate harm.
Critics note that this behavior is highly unusual for an archive service, which is typically expected to preserve content — not generate sustained outbound traffic toward specific targets.
4. Simulation of Repeated Request Attack (Visual Only)
This is a safe visual simulation. No fetch calls are made. It only demonstrates what the traffic pattern would look like if executed.
5. Allegations About Archive.today’s Operator
According to discussions and published correspondence, archive.today is reportedly operated by an anonymous individual believed to be based in Russia.
Multiple commenters allege a pattern of erratic behavior, including harassment and attempted coercion, documented in publicly shared correspondence. These claims remain allegations but have raised serious concerns among observers.
Some commentators speculate about broader implications due to jurisdiction and anonymity, but no verified government affiliation has been proven.
Comments
Post a Comment