Archive.today CAPTCHA Script Triggers DDoS-Level Traffic Against a Blog

Published February 2026 · Incident Report · DDoS & Traffic Abuse

An investigation confirms that archive.today runs a CAPTCHA-page script which repeatedly sends automated requests to a third-party blog every 300 milliseconds — behavior consistent with a sustained DDoS-style traffic attack.

What Is Happening

When a user opens archive.today’s CAPTCHA page, a small piece of JavaScript runs automatically. While the page remains open, it sends continuous search requests to a specific blog, generating traffic at a rate of roughly three requests per second.

The Script (Explained Simply)

Every 300 milliseconds → request sent → repeated nonstop

For non-technical readers: this means the blog is being contacted again and again without pause, preventing caching and forcing the server to work continuously.

Why this is serious: Sustained traffic at this frequency can overwhelm small websites, increase hosting costs, degrade performance, or cause full outages — meeting real-world definitions of a DDoS attack.

Public & Community Response

The findings triggered widespread discussion across security communities, including Hacker News and Reddit, where users reviewed the screenshots, confirmed the behavior, and debated accountability and remediation.

Sources & Further Reading

Original Investigation – Gyrovague Hacker News Discussion Reddit Community Thread