Wikipedia May Blacklist Archive.today After DDoS Attack

A Hidden Script Turned Every Visitor Into an Unwitting Attacker

Wikipedia editors are locked in a heated debate over whether to purge more than 695,000 links to Archive.today after the web archiving service was caught weaponizing its own visitors to launch a distributed denial-of-service (DDoS) attack against a personal blog. The revelation has sent shockwaves through the open-source encyclopedia community and raised urgent questions about the trustworthiness of one of the internet's most widely used archiving tools.

The attack, first discovered around January 11, 2026, targeted Gyrovague, a blog run by Jani Patokallio. According to Patokallio's own analysis, a hidden JavaScript embedded in Archive.today's CAPTCHA verification page was silently directing every visitor's browser to send requests to his blog's search function every 300 milliseconds. The script was carefully crafted to ensure responses could not be cached, thereby maximizing the resource drain on the target server.

The apparent motive traces back nearly three years to a blog post in which Patokallio attempted to unmask the anonymous operator behind Archive.today, suggesting the site is likely run by a single individual using the alias "Denis Petrov" who may be based in Russia. The DDoS attack appears to be direct retaliation for that investigation.

Wikipedia Faces an Impossible Choice

The scale of Archive.today's integration into Wikipedia makes any response enormously consequential. More than 695,000 links to the archiving service are scattered across roughly 400,000 Wikipedia pages, where they serve as citations to preserved versions of web content that might otherwise disappear. Archive.today has been particularly popular among editors for its ability to bypass news paywalls, making it an invaluable tool for verifying sources.

In a formal request for comment, Wikipedia editors were presented with three options:

Option A: Remove all Archive.today links and add the domain to the spam blacklist, effectively banning the site from Wikipedia entirely.
Option B: Maintain the status quo while monitoring the situation, preserving existing links but discouraging new ones.
Option C: A middle-ground approach that would restrict new links while keeping existing citations intact.

The debate has exposed deep divisions within the editor community. Some argue that the security threat is simply too severe to ignore. Others counter that mass-removing links to Archive.today would fundamentally harm Wikipedia's verifiability, and that the service is harder to censor than competing archiving platforms — a quality some editors consider a feature, not a bug.

Wikimedia Foundation Signals It May Intervene

Perhaps the most significant development is the Wikimedia Foundation's indication that it could override whatever decision volunteer editors reach. The Foundation, which operates the infrastructure underlying Wikipedia, issued a striking statement acknowledging that intervention would be extraordinary but not off the table.

"We know that WMF intervention is a big deal, but we also have not ruled it out, given the seriousness of the security concern for people who click the links that appear across many wikis," the Foundation stated, according to reports from Ars Technica.

The core security concern is straightforward: anyone clicking an Archive.today link from Wikipedia could unknowingly have their browser conscripted into an active cyberattack. With Wikipedia attracting billions of pageviews monthly, the potential attack surface is staggering.

Broader Implications for Web Archiving

The incident highlights a growing vulnerability in the internet's preservation infrastructure. Archive.today operates with almost no transparency about its ownership, funding, or operational practices. Unlike the Internet Archive, which operates as a registered nonprofit with public leadership, Archive.today's anonymous structure has long raised questions that are now proving prescient.

Security researchers at Cybernews confirmed that the DDoS mechanism was embedded directly into Archive.today's CAPTCHA page, meaning it affected every visitor attempting to access any archived page on the platform. The attack was not limited to a specific subset of users or pages.

For Wikipedia, the stakes extend beyond a single security incident. The encyclopedia's credibility depends on its ability to link to reliable, archived sources. If Archive.today is blacklisted, editors will need to find and replace hundreds of thousands of citations — a monumental undertaking that could take months or years to complete. Whatever the outcome, the episode serves as a stark reminder that the tools the internet relies upon for preservation can themselves become weapons.

Wikipedia Weighs Blacklisting Archive.today After Site Weaponizes Visitors in Brazen DDoS Attack

A Hidden Script Turned Every Visitor Into an Unwitting Attacker

Wikipedia Faces an Impossible Choice

Wikimedia Foundation Signals It May Intervene

Broader Implications for Web Archiving

Related Articles

Wildlight Entertainment Lays Off Most Staff Just Weeks After Highguard Launch

Comments (0)

Pad 39A Gets Another Makeover as SpaceX Removes Dragon Crew Arm to Clear Path for Starship

Windows Secure Boot Certs Expire in June: What You Must Do

Google's New Safety Tools Find and Remove Your Personal Info