Archive.today is directing a DDoS attack against my blog?
gyrovague.comSee also https://archive-is.tumblr.com/post/806832066465497088/ladies...
also Archive.today: on the trail of mysterious guerrilla archivists of the Internet - https://news.ycombinator.com/item?id=37009598 August 2023
There are several other posts made recently on the archive.is blog as well, some of which appear to be quite nonsensical or are otherwise irrelevant to the discourse at hand. They all appear to be LLM-generated. It's all very confusing.
Interestingly, theres an account in that thread claiming to be from Gyrovague, but its not the same one thats in this thread, which has been confirmed to be legit as it is mentioned by name in this latest Gyrovague article.
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
OP gyrovague-com here. Yes, I can confirm that I was also "gyrovague" on HN, but embarrassingly I've lost/typoed the password.
You can just email hn@ycombinator.com to get help. They can reset your password if there's someway for them to verify that you were the owner of the account.
hey pal u need to take action your adversary has deployed the big guns:
>And I will not write "an OSINT investigation" on your Nazi grandfather, will not vibecode a gyrovague.gay dating app, etc
this guy means business lol
Password managers are great for that.
there is also `japatokal`:
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
It is very possible that `gyrovague` is not `japatokal` but an impersonator.
Macroexpanded: Ask HN: Weird archive.today behavior? - https://news.ycombinator.com/item?id=46624740 - Jan 2026 (69 comments)
I cannot make head or tail of this but it's more fascinating than the usual internecine bloodbath.
also previously from the owner of archive.is/today: https://archive-is.tumblr.com/tagged/patokallio
Is it somehow related to this comment? <https://news.ycombinator.com/item?id=46867686>
It is academically very interesting to think about this in light of their long-standing dispute with Cloudflare (https://community.cloudflare.com/t/archive-is-error-1001/182...) over EDNS, which could have privacy implications attached.
I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.
It's definitely interesting to see this roll around since the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services (knowingly or not).
P.S. Shout-out to dang for dropping the flags. I have a small suspicion that their may be some foul play, given the contents...
> the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services
I don't think this is true. I run my own recursive DNS resolver, and get a CAPTCHA when visiting archive.today.
I use my ISP's default DNS servers and have consistently gotten the CAPTCHA page for weeks now. The CAPTCHA seems to be broken too, rendering archive.today entirely inaccessible.
Someone has suggested that CAPTCHA is broken for everyone in Finland.
Not surprising considering the service is operated by Russia.
Seems to be the case in Estonia as well.
I see the captcha all the time for the Tor onion website as well.
This likely means nothing, but the .is webmaster seems to have some sort of existing issue with Finland (where gyrovague is from), see https://news.ycombinator.com/item?id=37011955. I thought I would point it out.
Also, as someone interested in OPSEC and OSINT as a hobby, I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing. I spent about an hour looking into the Nora Puchreiner persona and all the accounts registered to it that I could find. It appears that "Tomas Poder" is another alter-ego used by the .is administrator. Nora also seems to have a sister: "Sara Puchreiner". Again, all very interesting and I can't seem to make a clear picture of the situation.
There are multiple reports of these archive.something sites redirecting users to Russian sites. Personally, I stopped using them after I saw one connection attempt to yandex dot ru
In UK, was redirected to russia today. Cannot recall which domain(s).
> I find the measures taken by the .is webmaster, especially the dedication to setting up countless fake accounts for each persona, to be very intriguing.
This seems like a smart thing to do if you had exposed your real name somewhere and wanted to cover it up.
> Finland (where gyrovague is from)
They should probably review existing case around how Finnish courts treat the journalistic exception in the context of citizen's journalism (as he relied on that at least as one of the reasons): https://tuomioistuimet.fi/hovioikeudet/ita-suomenhovioikeus/...
Of course facts are different, but at least two Finnish court seem to require a lot more reasoning from the controller in the context of citizen journalism compared to traditional media when they want to invoke the journalistic exception. No clue which side this would fall into.
It's a puzzling situation:
- The DDoS was certainly unethical and unneeded
- Although the blog post only shows an extremely one-sided version of the story by skipping straight to the threats, there are reasons to think that diplomacy has also failed terribly
- The website owner has all eyes of the "thought police" on them, and given the current political situation in Russia, it's more than likely they reside somewhere where it has real power; realistically speaking, who wouldn't be losing it?
- The blog post is preserving information that could aid further investigations even if purged from the original sources, and reveals non-OSINT information in the follow ups
- At the same time, it's, to say the least, hypocritical of the archive.today owner to attempt forcefully taking the original post down, when archive.today itself is an OSINT tool
I don't think there's a way to fairly untangle this mess anymore.
Hence, I'd focus on the possible outcomes: do we want archive.today taken down over this? Who would lose and who would benefit the most from this takedown?
Gyrovague here. As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
As for outcomes, I'm very much a bit player/spectator in this drama, nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
> As linked in the blog entry, you can view both sides of the email correspondence here: https://pastes.io/correspond
Thanks, I must have missed this.
> [...] nobody's going to be "taking them down" over DDOSing an obscure nerd blog.
> If they do go down, it'll be the FBI or equivalent, and it will be publicly justified as some combination of "protecting the children" (cf. WAAD) and/or copyright violations.
Yes, this is exactly what I fear. That we might be playing into the hands of the greater evil by escalating a small, personal conflict.
> Do we want archive.today taken down over this?
I don't think that's on the table. I would say use this as your incentive to support archive.org, who has proven much more accountable. Archive.Today is weaponizing their traffic, and reducing traffic is the best way to deal with it. Vote with your feet.
I don't think these two are exactly equivalent.
Internet Archive is a registered non-profit organization. It is more trustworthy and accountable, but it cannot realistically stand against government-imposed censorship. We've seen this unfold before with Twitter and Meta, partly with Telegram.
Archive.today may be similar on the surface, but if you take a closer look, it's actually an underground "evil twin" that has all the right tools to publish information the governments and the largest of companies want silenced.
Ideally, there would be no such information in the first place. However, the reality is that this classification has only been broadened to cover more content since the invention of the Internet, regardless of which political parties are in power. The fact that the owner of Archive.today is chased by the FBI even though the website already blocks archival of the kinds of content all of us would unanimously find disturbing speaks for itself.
Internet Archive's trustworthiness took a hit when they waded into fact checking - https://blog.archive.org/2020/10/30/fact-checks-and-context-... and wiping content they disapproved of - https://news.ycombinator.com/item?id=32743325
If you don't like Archive.org use something else, there's plenty of ways to archive something. I think the idea that the world's most powerful organizations are trying and failing to pursue this makes "Should we shut it down?" all the more ludicrous a question.
There is a perception that the use of the archive by the HN community has some positive value for the archive.
But in fact:
1. HN uses a free service that someone else pays for.
2. HN abuses its paywall bypass function, which is not its main function, is not advertised (unlike 12ft).
3. HN creates legal problems for the archive by highlighting and framing the archive as a paywall-circumvention tool first.
4. HN promotes doxing.
Who would be more motivated in reducing traffic here?
> 4. HN promotes doxing.
Source:
taking this very post from flagged trash can and posting again - is definitively a such act
archive.org supports DMCA. If you don't like some information in the Wayback Machine, you just have to send a form email and it will be removed from the Waybaeck machine.
archive.today/is/ph is adversarial. It archives things that don't want to be archived. That's why Trump's FBI is trying to unmask it.
Archive.today does not seem to have worked for people connecting from Finland since mid-January, it just gives an endless captcha loop. Is this related to whatever this drama is?
I would assume so. I can see from my browser history that i succesfully submitted captures to archive.today on 7th of January, but failed to do so starting from 12th of January. IIRC they contacted gyrovague around the 10th so seems unlikely to be a coincidence. Applies to VPNs as well. Tried first with a VPN located in Finland and it gets endless captcha loop, then with a Swedish VPN which let me through to the front page after solving one captcha.
It seems that the website has been blocked in Finland since at least August of 2023, see https://news.ycombinator.com/item?id=37011955.
I definitely used it from Finland last year. It was blocked some time in th past since the owner was mad at Finnish authorities, but at some point that was revoked.
Even the post you linked acknowledges this:
>he blocked the entire site in Finland, although later he lifted the block
My apologies, I clearly missed that. If I could edit my post, I'd change it to "It seems that the website has been blocked in Finland in the past, though the block was later lifted."
I’d give it a high probability, especially when the CAPTCHA loop is the bit of the site that causes the DDoS and the fact that the admin seems to consider all Finns nazis.
… seems like we the HN community should find a new site to mirror with.
There isn't one. As far as I know, no one really knows for sure how they bypass all these paywalls. (Most credible theory I heard: They actually just pay for the subscriptions.)
Many sites including Bloomberg have evolved such that even archive.today don’t have the full text of any articles. They’re doing no giveaways whatsoever.
Ghostarchive does a decent job for the same sites in my experience: https://ghostarchive.org/
Update: hmm seems like they're involved in this whole thing too somehow, how strange:
Most paywalls just allow search engines to read their content just fine. Because they do want discoverability, they want their cake and eat it.
There's a few publications that don't even do that though and archive.is is very good at bypassing them so I do imagine they use logins for those, but for the masses of sites it's not currently necessary.
You can't impersonate Google. Sites check the source IP and they don't overlap with Google Cloud.
Google isn't the only search engine in the world of course. It probably is pretty much the only one that matters in America but the world is not just America either.
It's the only one websites don't block. That's one reason it's so hard to make another search engine.
You can for sites that can't afford the cost of keeping up-to-date with the Google IP list without which they can lose timely indexing. That is many.
What do you mean by “afford the cost”? The list is free of charge (https://support.google.com/a/answer/10026322?hl=en-GB) and maintenance can be fully automated.
I mean cost of server setup and execution.
The server that is providing the content exists already. That's a sunk cost.
"setup and execution".
What serious operator of a service isn't budgeting time to implement and operate critical maintenance functions?
Me for one. Adding an auto-updating IP address blocker to my personal blog site would probably cost more than setting up the whole site did in the first place.
Have you actually priced it, or are you just guessing?
Are you doing regular patching? Automated restarts? Watching for security breaches? Or just praying it stays up forever?
Otherwise, respectfully, I would not classify you as a "serious operator." Your site could live or die, and it would be all the same to you. Or, you've handed it to a third party for management and they don't offer much in the way of resilience or stability.
We're talking about sites that make their living via subscriptions. They should have a great interest at blocking archive.is, which is, by the way, the only service that can reliably bypass many paywalls. Clearly whatever they're doing is not easily replicated.
> We're talking about sites that make their living via subscriptions.
Sorry, but I wasn't. I thought that was clear from "can't afford the cost of keeping up-to-date with the Google IP list".
> They should have a great interest at blocking archive.is
Agreed, and many should have a budget to suit. So I conclude archive.is has put a lot of effort and cost into its defence. And all for free to us, the users.
Then why hasn't anyone built a client-side browser addon that impersonates a suitable search engine?
They have. It's called bypass-paywalls-clean . It works pretty ok.
It just keeps getting banned from the addon catalogs because of complaints from media. The Firefox one was taken down by a french newspaper. So you have to sideload it, which is hard to do on Android.
Edit: it looks like even the github was taken down now: https://github.com/iamadamdev/bypass-paywalls-firefox
But yes it exists. And it works for most sites. It's just hard to get it now.
It's on gitflic.ru now.
Hmm yeah but their adversaries did achieve their goal by pushing it away from the mainstream sites. Now we're into this situation of "how much do I trust this vague Russian site with my browsing activity".
At least the addon declares the sites it's for and ignores the rest but still I'm a lot less comfortable with it. It's more something I'd install in a container now, limiting its usefulness :(
In practice I just use archive.today now.
What's your problem with that theory?
Has people's ability to read messages and formulate sensible replies been going down of late? I see this kind of meaningless replies more and more often these days.
Yes, there's a global intelligence crisis, due to tiktok instagram et al
Meaningless? Its a clear question.
You're accusing him of having a problem with it, which his comment does not imply.
None
I think there are multiple hurdles that make a new competitor very unlikely.
The first one is money. You need lots of it to run such an operation (servers, IPs, paying to bypass all these paywalls, etc.).
The second one is the legality, as no one wants to be hunted by the FBI, especially not for running a website that is also losing money.
Why is this flagged?
Given the content, I find this suspicious.
I didnt flag the article, but anecdotally, I was initially unable to load the article at all. It mentions how it ended up in an adblock list. The article makes it sound like this is a good thing, as it stops the DDOS, but it isn't preventing people from loading the page directly. That may be true for people using an adblocking extension, but my adblocking DNS seems to be blocking it based on that same list. I had to manually tweak my dns-based adblocker to allow the domain in order to read the article.
I looked at the flags and they seem to be legit flags from legit users. My guess is that they thought this was below-the-radar drama that wasn't on topic for HN. (I could make a "people who flagged X also flagged" list a la https://news.ycombinator.com/item?id=46771900 to support the point, but it's a time-consuming pain so I'd rather not!)
Edit: after looking at this more closely, I have a counterintuitive (to me at least) take: I think this is interesting enough to transcend the usual categories. That is, we'd normally downweight this kind of post off the frontpage - but in this case there are so many unusual variables that the usual rules don't apply.
I say this despite having zero clue what's going on here. We do have a nose for what the HN community might find interesting (we'd bloody well better after doing this job for so long), so let's override the flags and see what happens.
But without relitigating WWII please.
This is definitely interesting and HN-worthy. If nothing else, archive.today links are posted on tons of HN submissions, so it's topical.
I agree - it's clear that archive.is / archive.ph / archive.today / who-knows-what-else has been a lubricant in many HN threads, letting people read things they otherwise couldn't, and that increases the interest of the topic.
I suppose I should add that we prefer archive.org links when they're available, but often they aren't.
Edit: I suppose I should also re-add that we have no knowledge of or opinion about what's going on in the dispute at hand.
> we prefer archive.org links when they're available
Interesting. May we know why?
Archive.org is run by a registered nonprofit instead of what’s likely a sole maintainer, who while I personally appreciate, does seem to go a little unhinged sometimes (like the dispute with Cloudflare DNS).
I assume that answer is not official, since there's nothing more unhinged than archive.org facilitating the page's originator to make alterations after the snapshot.
This also makes it susceptible to government pressure. It's easy to get a page taken down from archive.org and it won't archive anything paywalled.
Government pressure is the least of the problem. Anyone gaining control of a domain can delete all archives of it.
Because the government pressures them to obey this
Perhaps because the admins of archive.org don't go around DDoSing random blogs I'd reckon.
Instead they execute source page JS and allow it to doctor the archive copy.
It is imperative to look at the every side of the story before one makes harsh judgements. [1] [2] [3]
[1] https://archive-is.tumblr.com/post/806832066465497088/ladies...
[2] https://archive-is.tumblr.com/post/807369905134518272/the-fi...
Archive sites are very important for freedom due to many different entities out there attacking sites and getting them taken down.
Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
>Unfortunately Archive.today complies with these attack requests in some situations, but is still usually better than others.
Use Onion version :D
Thanks so much for the tip.
Placing the link for others:
archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion
Fingers crossed that it works!
My tinfoil guess is archive.today is compromised by a state actor. Simply shutting it down would cause too much drama. Instead turn it into villain, and then take it down.
Stupid question, but CORS is designed explicitly to defend against this type of side-surf attack. Adding a strict cors policy should fix this, or am I missing something?
Not here, though. The exact code:
"no-cors" means the request will not be preflighted, but also that JS will be denied access to the body. But the body doesn't matter here — the attack only requires the request be sent.fetch("https://gyrovague.com/?s="+Math.random().toString(36).substring(2,3+Math.random()*8),{ referrerPolicy:"no-referrer",mode:"no-cors" });But more to the point, so long as the request meets the requirements of a "simple request", CORS won't preflight it. GETs qualify as a simple request so long as no non-CORS-safelisted headers are sent; since the sent headers are attacker-controlled, we can just assume that to be the case. In a non-preflighted request, the CORS "yes, let JS do this" are just on the response headers of the actual request itself.
Since GETs are idempotent, the browser assumes it safe to make the request. CORS could/would be used to deny JS access to the response.
Things are this way b/c there are, essentially, a myriad of other ways to make the same request. E.g.,
in the document would, for all intents and purposes, emit the same request, and browsers can't ban such requests, or at least, such a ban would be huge breaking change in browsers.<img src="https://gyrovague.com/?s=…">
Regardless, archive.today does fine with some sites that blocks archive.org archiver somehow.
Thank you for keeping this up, whoever you are.
> somehow
robots.txt. It is that simple.
Interestingly, this website exists in badmojr-1Hosts-master-Pro-adblock list
That's explained in the article itself
Why does this say it's been posted 8 hours ago but on hn.algolia.com is archived 2 days ago, also I'm sure I already saw it yesterday.
This is a regular HN feature where admins resurrect old posts that did not get the attention they maybe deserved.
... and the resurrection falsly associates the timestamp of the admin's action with the originator's posting. Needs attention.
I'm pretty sure that's intentional because the timestamp used to calculate where the article shows up on the front page.
My greater faith in the integrity of the admins tells me they do not intend this false association. Its a misrep that can seriously mislead.
They intend it. It was explained by dang at some point
I will look out for that.
Whatever is going on here, is so magnificently complicated: sockpuppeting, doxxing, ddosing, psyops, pirating, FBI, cyberpunk capitalists, Russian hackers and Finnish activists. Somehow it does feel like in the middle of information war.
When I read the original article it doesn't really feel like the Finnish guy is even an activist. He seems to be just a curious nerd who wrote one article about this topic (who's behind this big site that everyone uses) and about a whole load of completely unrelated and non-activist topics like why did Japan stop building subway lines. Then his blog gained some traction because of the reporting around the FBI threats.
The article is also really appreciative of archive.today. It doesn't feel like a hit piece at all.
Temporarily see if you can put the blog behind a cloudflare or something using their DNS service.
I reported a few times to the owner of archive.is/archive.today that he was hosting dox of a friend and he never cared. So, too fucking bad that he's the one getting doxxed now. A bit of karma.
Yep, I have heard of many such cases and I know someone affected personally. For someone who refuses to take down the personal information of others this is extremely hypocritical.
Why were you trying to dox the archive owner?
This is misrepresentative of the situation, and an unloaded version of the question being asked here is answered within the article itself.
How is it misrepresentative of the situation?
Because none of the names are real and they were all already posted publicly previously. This is covered in the article.
We don't know that none of the names are real. And even if they aren't, the article is still showcasing his failed attempt at doxing the owner of archive.today and providing a starting point for anyone else wanting to try.
> they were all already posted publicly previously
Doxing very often consists of nothing more than collecting data from a bunch of public sources
> Doxing very often consists of nothing more than collecting data from a bunch of public sources
I simply don't agree that this looks like doxing. No addresses or even any private information were reported. It's just a Google using WhoIs data and, in one case, the person said, in a public forum, that archive.is is "my website." Why would they have said that if they were worried about people finding out who it belongs to?
If they'd have stumbled upon an address to a private residence and reported that, sure, that would look like doxing. I just don't see it here.
Call it what you will, this activity is hardly defensible.
Is it only doxxing if the organisation is digital only? Should we have no right to know who controls a large media organisation?
Whether you have a right to know, according to your personal value system, is orthogonal to whether it's doxing.
Rights don’t emanate from one’s subjective personal beliefs. Sure, there are “natural rights” espoused by political philosophers, but in the real world, rights are enshrined in constitutions and codified in laws that we are all subject to.
Again, irrelevant to the question of whether it's doxing.
It's absolutely relevant. Some activities break the law; others don't. Why should we care about and assign a negative appellation like "doxxing" to lawful investigative activity?
Whether you care about somebody getting doxed is orthogonal to whether they've been doxed. Whether you care or not is entirely up to you, it has no relevance.
This kills the organisation
> Well, I wish I had one, but at this stage I really don’t. The most charitable interpretation would be that the investigative heat is starting to get to the webmaster and they’re lashing out in misguided self-defense.
I don't think they're lashing out in self-defense. This is a harmless way for them to get attention, which is what they're desparate for because the FBI is after them at the behest of Bezos and other billionaires who control the paywalled media and don't like archive.today's role in making them accessible. The only thing that could possibly save them (though it almost certainly won't), is gathering as many eyeballs as possible from the people who like the service. HN having a super high concentration of those. Almost every paywalled post here has an archive.today link in the comments.
That's also why they posted about it on HN, explicitly under that name. To get HN eyeballs.
It's intentionally harmless because, as you confirmed, it's not costing you any money or resources.
I feel bad for the archive.is guy/girl.
It's clear the doxxing attempts are getting closer now to his/her real identity. On the other hand, they do something that's really useful to so many, and it will be sad if it's gone.
Isn't that the same hand twice?
gyrovague-com: posted this thread, claims to own the blog
gyrovague: claimed to own the blog in the last thread
rabinovich: posted last thread linking to gyrovague.com, identifying the owner as... well... "Masha Rabinovich"
I believe these accounts are all connected.
OP here. As the blog publicly states, this account is Gyrovague, and so is HN "gyrovague".
I have nothing to do with "rabinovich" but I also have no way of proving a negative.
You could specify that you wrote it on the last line of the post, so it clears up any basic speculation.
<https://gyrovague.com/2026/02/01/archive-today-is-directing-...>
From now on you rabies will sign off here and the blog with PGP or you're bullshitting.
I do believe the opposite, although I feel that rabinovich is somehow tied to other personas.
This thing is blurry, shady and I hope it will draw some more OSINT eyes on it. I am now curious.