Archive.today apparently hijacks visitor's browsers to DDoS a blog that tried to uncover the identity of the archive's admin. UBlock helps to stop that script.
this post was submitted on 20 Feb 2026
285 points (98.6% liked)
Technology
81653 readers
4767 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Another example why Unlock Origin should be considered essential security software, not just an "ad-block".
If a tool is demonstrably indispensable to disable some browsers' functionality, is it wise for browsers to have that functionality?
I'm guessing there's just so much money (and power) in that kind of thing that it's simply here to stay.
There may be genuine use cases to run a script, or whatever the attacker used. The problem is the browsers will auto-run stuff, the user isn't aware and there's no way to stop it. All ublock (and others) do is provide the missing security layer called "don't auto run shit from the web".
it won't provide that, everything will still autoorun, but known bad things won't get to run
The NoScript extension will properly do this. The extension blocks domains from running scripts except those you've whitelisted. There's a drop down that displays a list of domains from which the page wishes to run scripts. It makes much of the web a pain to use, though. I sometimes have to go through a loop of whitelisting a subset of domains which want to run followed by a page refresh until the page works. Javascript is often not optional. If you had to live like Richard Stallman professes you should, you'd probably have to join the Amish.
Yeah, you're right. I guess a better way to put it would have been "don't load 3rd party shit that I didn't tell you to load".
Adblockers aren't total security, nothing is, but it's no doubt they are a massive improvement.
I like it being extensible instead, as some adblocks might be opinionated or unresponsive. It's easier to swap adblocks then browsers.
I would be happy to contribute some browser action to ddos some fucking mercenary blog working for tech parasites.
UBlock helps to stop that script.
Would that be by default, or do I need to enable something specific
from the blog in question
On January 21, commit ^bbf70ec (warning: very large) added gyrovague.com to dns-blocklists, used by ad blocking services like uBlock Origin. This is actually beneficial, since if you have an ad blocker installed, the DDOS script’s network requests are now blocked. (It does not stop users from browsing to my blog directly.)
- https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/
can't find anything from a quick look that confirms this list is used by default in ubo
I don't see that particular list, but the same filter is present in EasyPrivacy from EasyList, which is enabled in uBO by default.
nice one, cheers. it's there in line 16607 in EasyPrivacy, same guy runs btdig dot com?
||gyrovague.com^$domain=archive.fo|archive.is|archive.li|archive.md|archive.ph|archive.today|archive.vn|btdig.com
I've read that somewhere else too, could be
It's by default easylist-privacy list is default
from what I heard, the default one is enough. Although I haven't checked it
I don't know more than what the wiki article linked to. It says UBlock blocks it. It doesn't say any more than that.
makes sense, I didn't get it when people started saying it but I don't browse without ublock
An archive site that alters content in the archive is worse than worthless.
The DDoS is just confirmation that the site is actively harmful.
has it been proven that they alter archived content? haven't heard that before
From the article:
There is consensus to immediately deprecate archive.today, and, as soon as practicable, add it to the spam blacklist (or create an edit filter that blocks adding new links) and remove all links to it. There is a strong consensus that Wikipedia should not direct its readers towards a website that hijacks users' computers to run a DDoS attack (see [WP:ELNO#3]). Additionally, evidence has been presented that archive.today's operators have altered the content of archived pages, rendering it unreliable.
Evidence was presented here: https://en.wikipedia.org/wiki/Wikipedia:Requests_for_comment/Archive.is_RFC_5#Evidence_of_altering_snapshots
well, that is sad. thanks for the info
Deeply saddening. Archive.today was a great resource, and stored a vast repository of human knowledge. As the internet turns to slop, we need sites that preserve the history of the web more than ever, and it’s very disappointing that the team at archive.today has failed us so profoundly in our hour of greatest need.
It is not clear to me why archive.today is so important given the continuing existence of archive.org.
Because having one thing is never good. IA goes down then what? Also archive.today captures websites differently which can work in a pinch when IA fails to archive a site.
Altering the content of the archive certainly is different. And is undeniably worse.
It does more to handle client-side rendering than archive.org, so there are pages that could be rendered by today that were not archivable by org. Also, because of differing usage patterns, it has archives of pages that org didn’t, and even for pages that org does have, at times org doesn’t.
So they think archive.today can be replaced with:
Replace the archive link so it points to a different archive with a copy of the source, such as the Wayback Machine at the Internet Archive (https://web.archive.org/), Ghostarchive (https://ghostarchive.org/) or Megalodon (https://megalodon.jp/).
No.
They think that relying on a hostile archive will ultimately harm Wikipedia.
They know the shortcomings of the other options.
i’ve not used the others are they not as good?
i’ll be trying them soon
It's not that they aren't as good, necessarily.
More that the others do less "grey-hat" stuff, and therefore are less likely to cause harm or alter the content they host.
Sounds like the kind of deprecation that can be possibly fixed with an automation. And I can see why is Archive Today considered harmful.
Automation won't do it right. And that's the goal.
Besides, Wikipedia has always been human written for humans. Or at least, that too is the goal.