logoalt Hacker News

Ask HN: Weird archive.today behavior?

113 pointsby rabinovichyesterday at 10:30 PM39 commentsview on HN

archive.today has recently (I noticed this, like, 3 days ago) started automatically making requests to someone's personal blog on their CAPTCHA page. Here's a screenshot of what I'm talking about: https://files.catbox.moe/20jsle.png

The relevant JS is:

   setInterval(function() {
     fetch("https://gyrovague.com/?s=" + Math.round(new Date().getTime() % 10000000), {
       referrerPolicy: "no-referrer",
       mode: "no-cors"
     });
   }, 300);
Looking at this blog, there seems to be exactly one article mentioning archive.today - "archive.today: On the trail of the mysterious guerrilla archivist of the Internet" (https://gyrovague.com/2023/08/05/archive-today-on-the-trail-of-the-mysterious-guerrilla-archivist-of-the-internet/), where the person running the blog digs up some information about archive's owner.

So perhaps this is some kind of revenge/DOS attack attempt/deliberately wasting their bandwidth in response to this article? Maybe an attempt to silence them and force to delete their article? But if it is, then I have so many questions. Like, why would the owner of the archive do that 2.5 years after the article was published? Or why would they even do that in the first place, do they not know about Streisand effect?

I'm confused.

Comments

mastermedotoday at 7:39 AM

What my pattern-matching eyes immediately spotted is that the hn username that posted this is rabinovich. The linked article speaks about Masha Rabinovich. Maybe a coincidence.

> in a 2012 F-Secure forum post, a “masharabinovich” complains about “my website http://archive.is/” being blacklisted. They pop up on Wikipedia as well getting told off for adding too many links to archive.is, including a mention that they’re using the Czech ISP fiber.cz

fhubtoday at 8:17 AM

This feels like the start of treasure hunt like game. Between username of rabinovich (as others have pointed out) and the prior submission by rabinovich of an archive.today like tool 3 months ago - https://ghostarchive.org/. When you click into the search query examples for ghostarchive such as this one https://ghostarchive.org/search?term=https://docs.google.com. Many of the documents are very weird indeed.

raframtoday at 5:10 AM

Remember when Archive.is/today used to send Cloudflare DNS users into an endless captcha loop because the creator had some kind of philosophical disagreement with Cloudflare? Not the first time they’ve done something petty like this.

show 1 reply
dunder_cattoday at 4:25 AM

Hmm. If it is an attempt at DDoS attacks, it's probably not very fruitful:

  >$ resolvectl query gyrovague.com

  gyrovague.com: 192.0.78.25                     -- link: eno1
                 192.0.78.24                     -- link: eno1
Viewing the first IP address on https://bgp.he.net/ip/192.0.78.25 shows AS2635 (https://bgp.he.net/AS2635) is announcing 192.0.78.0/24. AS2635 is owned by https://automattic.com aka wordpress.com. I assume that for a managed environment at their scale, this is just another Wednesday for them.
show 3 replies
elitoday at 5:31 AM

Well that is a very silly way to punish the author of an article you don’t want people to know about.

show 1 reply
aendruktoday at 7:17 AM

OP frames this like they just stumbled across the blog post but they created an account matching the name discussed within it three months ago?

I’m confused.

show 1 reply
ideaspheretoday at 5:39 AM

https://news.ycombinator.com/item?id=45922875

“Behind the complaints: Our investigation into the suspicious pressure on Archive.today”

sbdamantoday at 4:36 AM

Given it's set to generate random pages on the site, is there even any possible explanation for this that isn't sketchy?

show 1 reply
internettertoday at 5:11 AM

There's really no interpretation of this which isn't malicious, although, not to defend this behaviour whatsoever, I'm not entirely surprised by it. The only real value of archive.is is its paywall bypassing abilities and, presumably, large swaths of residential proxies that allow it to archive sites that archive.org can't. Only somebody with some degree of lawlessness would operate such a project.

show 2 replies
mediumdeviationtoday at 4:25 AM

Pretty sure that blog is hosted on Wordpress.com infrastructure so it's not like the blog owner would even notice unless it generates so much traffic that WP itself notices.

That said I don't think there's many non-malicious explanation for this, I would suggest writing to HN and see about blocking submissions from the domain [email protected]

show 1 reply
nativeittoday at 4:57 AM

I just tried in my browser (Firefox on Ubuntu) and got the same result. Deeply curious.

Barbingtoday at 5:26 AM

Worth blocking the URL for users of that Archive site then, avoid extra burden?

gyrovaguetoday at 8:03 AM

Gyrovague here, author of the targeted blog post:

https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...

In the past week or so, I have received a GDPR takedown attempt of the archive.today blog post (which my hosting provider rightly rejected), a politely worded request to take it down (which was sadly eaten by my spam filter), and now this (thanks to the HN reader who tipped me off).

Given that the proverbial cat has been out of the bag for 2.5 years at this point, I'm genuinely puzzled as to what they're hoping to achieve, but this does not seem like a very good way of going about it.

show 1 reply
ventegusyesterday at 11:16 PM

They might need to tweak a single word. Streisand readers won’t have a clue which.

Save the page now and compare a week later.

self_awarenesstoday at 6:38 AM

And that's how advertising works, folks. If someone wants a website dead, I want to know more about it.

g-b-rtoday at 8:32 AM

https://news.ycombinator.com/item?id=46628734 makes some good points, it shouldn't have been downvoted do death

russian_archivetoday at 6:17 AM

[dead]