February 2, 2026
Cache me outside?
Archive.today is directing a DDoS attack against my blog
Hacker News splits: smear campaign, prank, or rogue CAPTCHA gone wild
TLDR: A blogger claims Archive.today’s CAPTCHA makes visitors ping his site every 0.3 seconds, creating a crowd-powered DDoS. Comments erupt: some call him a doxxer, others suspect a self-own, while privacy and Cloudflare disputes loom—raising big questions about archivist ethics and weaponizing users.
Archive.today is accused of turning its CAPTCHA page into a mini attack machine, blasting a small blog with nonstop pings every 300 milliseconds. The post’s receipts—code snippets, screenshots, and a timeline—set Hacker News ablaze. Instantly, the comment war broke out: is the blogger a crusading researcher, or a doxxer who poked the bear? One bold voice grumbled, “It’s a shame the DDoS isn’t working.” Another cried, “Why is this flagged? I find this suspicious.” Conspiracy caps on: some wonder if this is a self‑inflicted spectacle to muddy the waters.
Others pulled the debate into nerd lore, citing a long‑running Cloudflare dispute with potential privacy angles, but the non‑tech crowd kept asking, “Wait, so the CAPTCHA makes my browser attack someone?” Meanwhile, the article’s “Score one for AI” moment—using Gemini to rebut a shaky GDPR complaint—sparked jokes about hiring chatbots as paralegals. Users linked the previous thread, swapped uBlock tips, and rolled eyes at “turn off your ad blocker to see the behavior.”
With FBI interest reported, a French anti‑abuse group pressing DNS providers, and Archive.today’s polite “please take it down” email in the mix, the crowd split hard between archivist‑hero worship and alarm over weaponizing users. The vibe: popcorn‑out drama, ethics‑on‑fire, and zero agreement on who’s the villain.
Key Points
- •The author alleges archive.today’s CAPTCHA page served JavaScript that repeatedly requests the author’s blog search endpoint every 300 ms with randomized queries, preventing caching and consuming resources.
- •The behavior can be validated via page source and network requests; the author notes uBlock Origin prevents the requests from executing.
- •The author’s August 5, 2023 post investigated archive.today’s operations using open-source research and received ~10,000 views and limited discussion.
- •Heise Online reported on November 5, 2025 that the FBI subpoenaed registrar Tucows regarding archive.today; Ars Technica and Heise linked to the author’s post.
- •In January 2026, the blog’s host (Automattic/WordPress.com) relayed a GDPR complaint; the author responded (using Gemini) and the host kept the post up. An email from archive.today’s webmaster requested temporary removal; a January 14 Hacker News post noted the unusual behavior.