Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2 (opens in new tab)

dddgghhbbfblk3d ago

>It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.

I would say the opposite... The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever.

I honestly cannot fathom defending using your popular website as a tool to DDoS someone you have personal beef with, without the consent of the DDoSing participants.

Aurornis3d ago

> It's weird to see people getting fixated on the DDoS,

The weird part to me is that some people are seemingly trying to downplay a popular website abusing visitors to DDoS someone.

How does your information (two angles) change anything at all about that fact? Normally if any website was caught abusing visitors to DDoS another website there would be no debate about why this is a bad thing. What about your other angles was supposed to matter in deciding if this was a bad thing for a website to do?

Two wrongs don’t make a right. Feeling wronged by someone doesn’t give you freedom to abuse every visitor to your website to DDoS someone else.

KronisLV4d ago

> It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.

Why even do that, then? Why not just make a public post of theirs like: "Hey, here's someone trying to doxx me, and here's the unfair and fictitious bullshit the lying government is trying to pin on me. Here's all the facts, decide for yourselves."

Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?

That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.

I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.

dgxyz4d ago

I'm wondering if Jani is possibly going to walk into the wrong party here and get burned. I did some public archival stuff about a decade ago and it was state sponsored and for the intelligence community. I'm not suggesting this is but it'll be very much of interest to competing intelligence services as it's an information control point. None of those are the sort of people you start pissing off by sticking your dick in it. FBI is likely just one of the actors here.

refulgentis3d ago

> Or are we just looking at an unhinged fan stalking their favorite online celebrity?

In this case, question is recursive. I have no idea who Jani Patokallio or gyrovague.com are, and the way Jason Drury shifts from “tried to dox” to “doxx’d” makes me wonder if this is astroturfing by Jani or Jason or a 3rd party. Who knows!

pasquinelli3d ago

it's weird to see the term "doxx" be abused until it doesn't mean anything.

woopsn3d ago

As of now the site is in-fact a C&C/botnet. Cloudflare naturally fixates on such risks, not speech (generally). The basic purpose of 1.1.1.2 is to not wind up part of botnet.

https://jarv.is/notes/cloudflare-dns-archive-is-blocked

eipi10_hn3d ago

Don't use my computer to DDoS others please. That's nastier than the shallow post of that article.

viktoresku3d ago

It is not "doxxing" but something weirder, "bulling" may be a better word, or as you said "stalking their favorite online celebrity".

The quality of investigation is too poor to be "doxxable", even Jani (in his reply here) accepts it, and no sensitive info is disclosured, but the blog post and its promotion here and there spread dangerous rumors like:

"AT is connected to Russia"

"AT is connected to Israel"

"AT is connected to Hackers"

"AT is wanted by FBI"

"AT does not like Nazis"

...

This is what Jani does.

Hamuko4d ago

So the two angles are that archive.today is doing something illegal and also being investigated by American law enforcement?

expedition324d ago

I suppose an argument can be made that archive infringes copyright.

Hell I use it to circumvent paywalls.

windexh8er3d ago

So, if that's the case we can get all frontier provider sites marked as such as well?

f-serif4d ago

A bit context if you are confused why Public DNS server blocking websites. 1.1.1.2 is Malware blocking DNS server similar to AdBlock DNS server. It is not 1.1.1.1 and 1.0.0.1

Here is the DDoS context https://gyrovague.com

apaprocki3d ago

And for parents: 1.1.1.3 blocks adult content :)

TacticalCoder3d ago

Yeah I only ever use 1.1.1.3. Of note is that 1.1.1.3 is like 1.1.1.2 but with know adult sites also blocked, in addition to malware.

swrobel3d ago

For some reason I thought 1.1.1.1/1.0.0.1 already wouldn’t resolve archive.[today|is|ph] anyway

roywiggins3d ago

Sort of:

stuffoverflow4d ago

Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.

winkelmannOP4d ago

I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.

I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?

sheept4d ago

You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response.

However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search.

bawolff4d ago

> I know there are a number of headers used to control cross-site access to websites

Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.

(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)

This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)

dawnerd3d ago

I get the endless captcha with a Southern California ip. Something emus either very broken or malicious.

throwingcookies4d ago

Why is archive today attacking that website?

nailer4d ago

The linked blog contains a story about who funds archive today and they presumably don’t like being exposed.

https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...

zahlman3d ago

To be clear, if I have JavaScript blocked for archive.today (which is my default with NoScript; and really there is no site functionality that really needs JS on the user's end), then I don't participate in the DDOS, right?

Anonyneko3d ago

I've been getting the endless captcha on my Finnish residential IPs, but I've also been getting that (or outright timeouts) when using VPNs, so I cannot use the site altogether. I wish there were alternatives.

riedel4d ago

While you article is insightful. Can the blog author please redact the actual names and nicks from your orginal blog post (including the exact places where to find the information). As this was discussed below. While I think you had good intentions, but it might be good to also reflect on the rights of that person not be identified.

Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS.

1vuio0pswjnm73d ago

Some time ago, probably at least a year, likely more, I read a blog post by someone working for Google in Europe who loved using Archive.today and out of curiosity tried to determine who was running it. In the end he gave up, offered to buy the operator a beer or something like that, but if I recall correctly he went to even greater lengths in his research than the blogger discussed in this thread

I wish I could find it

sillysaurusx3d ago

Sparked a controversial subthread elsewhere here. I don’t think this counts as doxxing, but some people apparently see it that way. It was an entertaining read though.

PeterStuer4d ago

Otoh, without archive.today a substantial % of HN posts would be unreadable for nearly all of the audience.

henearkr4d ago

I doubt it.

You may have mixed it up with archive.org.

JasonADrury4d ago

I suggest you double-check that. Archive.today/archive.is is the one which bypasses paywalls and makes unreadable content readable, not archive.org

kmfrk3d ago

What a crazy timeline this has been.

(1) May 04 2019: "Tell HN: Archive.is inaccessible via Cloudflare DNS (1.1.1.1)" [https://news.ycombinator.com/item?id=19828317]

    eastdakota on May 4, 2019 on: Tell HN: Archive.is inaccessible via Cloudflare DNS...

    [Via https://news.ycombinator.com/item?id=19828702]
    
    We don’t block archive.is or any other domain via 1.1.1.1. Doing so, we believe, would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
   
    Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
   
    The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
    
    EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results. For a relatively small operator like archive.is, there would be no loss in geo load balancing fidelity relying on the location of the Cloudflare PoP in lieu of EDNS IP subnets.
    
    We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. If archive.is has suggestions along these lines, we’d be happy to consider them.

(2) Sep 11 2021: "Does Cloudflare's 1.1.1.1 DNS Block Archive.is? (2019) (jarv.is)" [https://news.ycombinator.com/item?id=28495204]

zamadatix3d ago

The 1.1.1.1 referred to in the above is Cloudflare's main resolver, 1.1.1.2 & 1.1.1.3 are for those intentionally looking for malware and content blocking.

razingeden4d ago

Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.

The c&c/botnet designation would seem to be new though.

winkelmannOP4d ago

As far as I am aware, all previous issues with archive.today and Cloudflare were on account of archive.today taking measures to stop Cloudflare's DNS from correctly resolving their domains, not the other way around.

The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.

Hamuko4d ago

Sounds a bit like when "Finland geoblocked archive.today". In all actuality, there was no geoblocking of the site in Finland by any authorities or ISPs, but rather it was the website owner blocking all Finnish IPs after some undisclosed dispute with Finnish border agents. When something bad happens, people seem a bit too willing to give archive.today the benefit of the doubt.

kmeisthax3d ago

For context, archive.today is angry that Cloudflare won't pass through EDNS - which includes things like your IP address, which archive.today explicitly wants for DNS-based geographical routing. The obvious problem with this is that it would deanonymize all 1.1.1.1 users, at least down to their ISP and probably down to the individual subscriber.

https://news.ycombinator.com/item?id=19828702

akerl_4d ago

Have they? The thing I remember previously was archive.is, and it wasn’t a block, archive.is was serving intentionally wrong responses to queries from cloudflare’s resolvers.

This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.

razingeden3d ago

Thank you. And all. It’s too late to edit my comment but the ones in this vein checked out and I stand corrected

altairprime4d ago

Intentionally, I believe? archive.today iirc has explicitly blocking Cloudflare from resolving them at various times over the years due to Cloudflare DNS withholding requesting-user PII (ip address) in DNS lookups.

Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.

vachina4d ago

> Cloudflare dns has gone back and forth.

Just tells me they are an unreliable resolver. Instead of being a neutral web infra, they actively participate in political agendas and censor things they "think" is wrong.

akerl_4d ago

1. As noted in prior comments, Cloudflare wasn’t blocking this site previously. The site operator chose to make their site unresolvable by Cloudflare.

2. 1.1.1.2, the resolver being discussed in this post, is explicitly Cloudflare’s malware-filtered DNS host. 1.1.1.1 does not filter this site.

hrmtst938374d ago

If you want "neutral" DNS now, run your own resolver and hope upstreams don't backstab you ltaer, because outsourced trust never come free.

breppp4d ago

While I fully support this instance, I wonder what else Cloudflare has set to "Censored", apart for the obvious CSAM

Kwpolska4d ago

1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. If you want an unfiltered DNS, use 1.1.1.1 - which resolves archive.today just fine, although archive.today itself refuses to work on Cloudlfare DNS.

sgbeal4d ago

> 1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. ...

TIL, thank you. Time to go tweak my pi-hole server...

surgical_fire4d ago

I have no idea why anyone would use Cloudflare DNS, much less trust their more filtered versions.

Hamuko4d ago

The "censored" part of archive.today seems unrelated to the filtering itself. 1.1.1.3 flags Pornhub.com as "EDE(17): Filtered" but archive.today is "EDE(16): Censored".

Supposedly it should be an external party that's requiring Cloudflare not to publish the DNS record. https://www.rfc-editor.org/rfc/rfc8914.html#name-extended-dn...

bunbun694d ago

Good. What archive.today is doing is illegal

croes4d ago

Two wrong don’t make a right.

Cytobit4d ago

True, but not relevant.

https://quad9.net/service/service-addresses-and-features/

GTP3d ago

I reported the miscalssification, you can do it as well from the linked page.

Edit: reading some comments here seems that I was too fast, and that the story is much more complicated. Having just the Cloudflare page as a context, I assumed the news were a miscalssification. Could someone share more context on what is going on here?

coretx3d ago

Cloudflare is a clandestine intelligence operation run by a rogue nation. Just like spamhaus and many other firms that have ridiculous amounts of illegitimate and unchecked power.

sc68cal3d ago

Spamhaus only has this power because administrators opt-in to their service. It is useful, so people use it.

ck23d ago

quad9 dnscrypt for the win

       Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled

       IPv4
       9.9.9.11
       149.112.112.11
       IPv6
       2620:fe::11
       2620:fe::fe:11
       HTTPS
       https://dns11.quad9.net/dns-query
       TLS
       tls://dns11.quad9.net

_moof4d ago

Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.

longislandguido4d ago

Breach of trust by a site whose unstated primary purpose is bypassing paywalls and ripping off content?

20 years ago during the P2P heyday this was assumed to come with the territory. Play with fire and you could get burned.

If you walk into a seedy brothel in the developing world, your first thought should be "I might get drugged and robbed here" and not what you're going to type in the Yelp review later about their lack of ethics.

bawolff4d ago

Well if we are going to use this analogy, 20 years ago virus scanners also flagged malicious stuff from p2p as a virus, and people still thought putting malicious content on p2p was a shitty thing for someone to do (even if it was somewhat expected).

Nobody was shedding any tears 20 years ago for the virus makers who had their viruses flagged by virus scanners.

kay_o4d ago

Given they are retroactively tampering with past archives it's not exactly trustworhy in the first place

Nuzzerino4d ago

I always thought that mainstream media sites with paywalls were pretty far down there in the tier list of websites though. Not sure if this analogy lands unless irony was the goal.

[1] https://news.ycombinator.com/item?id=47474777

fckmodsyesu3d ago

This involves nation state actors, you can't trust anything said here.

1o1o1o1o11d ago

Clever way to deplatform a site they don't like.

pamcake3d ago

Looks like there are several fresh data points for those tracking personas related to .today operations on display in this very thread...

It's either sockpuppets or evidence of larger op

acejam3d ago

It amazes me that people still use and recommend Cloudflare's DNS servers for resolution. Cloudflare DNS does not support EDNS Client Subnet. As a result, DNS queries resolved by their service are likely to return IP addresses for many CDNs that are physically farther away from you, leading to a slower internet browsing and viewing experience.

Sacrificing performance for a faster lookup time makes no sense in 2026. This is the one area where I continue to use Google DNS as it just works. Use anything but Cloudflare in this case, please.

Parent pro-tip: Next time the iPad is having Bluey episode playback issues, check to see if you're actually using Cloudflare DNS.

tredre33d ago

Without ECS, the CDN will default to the closest one to the resolver, and cloudflare has resolvers in all major cities.

Given that the vast majority of us live in or near a major city, it means that your vaguely gloom and doom commentary doesn't apply.

If you live in the boondocks or if CDN matching misbehaves for some reason, by all means run benchmarks!

But all other things being equal, Cloudflare's privacy policy is better than Google's.

acejam2d ago

I'm near a major city. Your comments unfortunately do not align with my experience, nor the experience of several people that I know. Testing has confirmed this.

charcircuit4d ago

When the heat dies down, hopefully this flag gets removed.

dydgbxx4d ago

Why? It’s accurate and if the owner has chosen to do this for months now, why should we ever trust they won’t again? Nobody should ever use that site and every optional filter should block them.

winkelmannOP4d ago

There's probably a worthwhile discussion to be had about what it takes for a site in this situation to be removed from blocklists. An apology? Surrender to authorities? Halting the malicious activity for a certain period of time?

Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.

leonidasv4d ago

Also, they were caught tampering saved webpages as well, so the website cannot be trusted to fulfill it's main purpose anymore: https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-a...

charcircuit4d ago

>Why?

Because once the problematic content is removed it should no longer be blocked.

>It's accurate

It is neither a C&C server for a botnet, nor any other server related to a botnet. I would not call it accurate.

>Nobody should ever use that site

It has a good reputation for archiving sites, has stead the test of time, and doesn't censor pages like archive.org does allowing you to actually see the history of news articles instead of them being deleted like archive.org does on occasion.

quotemstr4d ago

Because it's not the place of a DNS resolver to police the internet.

https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...

bawolff4d ago

Unlikely unless their behaviour changes.

They arent being flagged because of the attention.

heraldgeezer3d ago

Of course, they want to shut down the only good archive site. See, if you can save things it prevents editing and can bypass paywalls.

Cant have that.

Now, show me your ID to login to your Linux box.

Permit3d ago

The owner of archive.is modifies contents of articles already so I hope you’re not actually depending on it as an archive. It’s a paywall escape hatch not an archive site.

lagniappe3d ago

Cloudflare considered harmful

landr0id3d ago

They aren’t wrong. They’re literally using scripts on their site in an attempt to DDoS a blog which (partially?) de-anonymized the archive.today operator.

anonym293d ago

I, for one, completely trust Cloudflare on this one. The guys running a MiTM attack on a substantial chunk of all global internet traffic, and working tirelessly to ensure billions of people behind CGNAT in the global south can't access the free and open web are the premiere experts on malicious, predatory, harmful internet-scale network behavior, after all.

j / k navigate · click thread line to collapse

297 comments

winkelmannOP4d ago

"archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling"

Ditto for their other domains like archive.is and archive.ph

Example DoH request:

$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"

---

Relevant HN discussions:

https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"

https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"

https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack

Wikipedia page on deprecating and replacing archive.today links:

simonw3d ago

Thanks for that, I didn't know about that API - which it turns out has open CORS headers so you can call it from JavaScript.

I now have my dream DNS lookup web tool! https://tools.simonwillison.net/dns#d=news.ycombinator.com&t...

ignoramous3d ago

https://dohjs.org/ is pretty nifty.

Also: https://dnscheck.tools/

rollulus4d ago

[1]: https://arstechnica.com/tech-policy/2025/11/fbi-subpoena-tri...

[2]: https://adguard-dns.io/en/blog/archive-today-adguard-dns-blo...

JasonADrury4d ago

Jani Patokallio who runs gyrovague.com published a blog post attempting to dox the owner of archive.today.

Jani justifies his doxing as follows "I found it curious that we know so little about this widely-used service, so I dug into it" [1]

[1]: https://gyrovague.com/2026/02/01/archive-today-is-directing-...

Or are we just looking at an unhinged fan stalking their favorite online celebrity?

People were critical of the Banksy piece, but this is much nastier. At least Banksy is a huge business, archive.today does not even make money.

gyrovague-com4d ago

[1] https://webapps.stackexchange.com/questions/145817/who-owns-...

9 more replies

Mogzol4d ago

From my perspective at least, archive.today seems like the unhinged one, not Patokallio.

[1] https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-a...

dddgghhbbfblk3d ago

>It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.

I would say the opposite... The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever.

I honestly cannot fathom defending using your popular website as a tool to DDoS someone you have personal beef with, without the consent of the DDoSing participants.

Aurornis3d ago

> It's weird to see people getting fixated on the DDoS,

The weird part to me is that some people are seemingly trying to downplay a popular website abusing visitors to DDoS someone.

Two wrongs don’t make a right. Feeling wronged by someone doesn’t give you freedom to abuse every visitor to your website to DDoS someone else.

KronisLV4d ago

> It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.

Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?

That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.

I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.

dgxyz4d ago

refulgentis3d ago

> Or are we just looking at an unhinged fan stalking their favorite online celebrity?

pasquinelli3d ago

it's weird to see the term "doxx" be abused until it doesn't mean anything.

woopsn3d ago

As of now the site is in-fact a C&C/botnet. Cloudflare naturally fixates on such risks, not speech (generally). The basic purpose of 1.1.1.2 is to not wind up part of botnet.

https://jarv.is/notes/cloudflare-dns-archive-is-blocked

eipi10_hn3d ago

Don't use my computer to DDoS others please. That's nastier than the shallow post of that article.

viktoresku3d ago

It is not "doxxing" but something weirder, "bulling" may be a better word, or as you said "stalking their favorite online celebrity".

"AT is connected to Russia"

"AT is connected to Israel"

"AT is connected to Hackers"

"AT is wanted by FBI"

"AT does not like Nazis"

...

This is what Jani does.

Hamuko4d ago

So the two angles are that archive.today is doing something illegal and also being investigated by American law enforcement?

expedition324d ago

I suppose an argument can be made that archive infringes copyright.

Hell I use it to circumvent paywalls.

windexh8er3d ago

So, if that's the case we can get all frontier provider sites marked as such as well?

f-serif4d ago

A bit context if you are confused why Public DNS server blocking websites. 1.1.1.2 is Malware blocking DNS server similar to AdBlock DNS server. It is not 1.1.1.1 and 1.0.0.1

Here is the DDoS context https://gyrovague.com

apaprocki3d ago

And for parents: 1.1.1.3 blocks adult content :)

TacticalCoder3d ago

Yeah I only ever use 1.1.1.3. Of note is that 1.1.1.3 is like 1.1.1.2 but with know adult sites also blocked, in addition to malware.

swrobel3d ago

For some reason I thought 1.1.1.1/1.0.0.1 already wouldn’t resolve archive.[today|is|ph] anyway

roywiggins3d ago

Sort of:

stuffoverflow4d ago

winkelmannOP4d ago

I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.

sheept4d ago

You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response.

bawolff4d ago

> I know there are a number of headers used to control cross-site access to websites

Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.

(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)

This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)

dawnerd3d ago

I get the endless captcha with a Southern California ip. Something emus either very broken or malicious.

throwingcookies4d ago

Why is archive today attacking that website?

nailer4d ago

The linked blog contains a story about who funds archive today and they presumably don’t like being exposed.

https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...

zahlman3d ago

Anonyneko3d ago

riedel4d ago

Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS.

1vuio0pswjnm73d ago

I wish I could find it

sillysaurusx3d ago

Sparked a controversial subthread elsewhere here. I don’t think this counts as doxxing, but some people apparently see it that way. It was an entertaining read though.

PeterStuer4d ago

Otoh, without archive.today a substantial % of HN posts would be unreadable for nearly all of the audience.

henearkr4d ago

I doubt it.

You may have mixed it up with archive.org.

JasonADrury4d ago

I suggest you double-check that. Archive.today/archive.is is the one which bypasses paywalls and makes unreadable content readable, not archive.org

kmfrk3d ago

What a crazy timeline this has been.

(1) May 04 2019: "Tell HN: Archive.is inaccessible via Cloudflare DNS (1.1.1.1)" [https://news.ycombinator.com/item?id=19828317]

    eastdakota on May 4, 2019 on: Tell HN: Archive.is inaccessible via Cloudflare DNS...

    [Via https://news.ycombinator.com/item?id=19828702]
    
    We don’t block archive.is or any other domain via 1.1.1.1. Doing so, we believe, would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
   
    Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
   
    The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
    
    EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results. For a relatively small operator like archive.is, there would be no loss in geo load balancing fidelity relying on the location of the Cloudflare PoP in lieu of EDNS IP subnets.
    
    We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. If archive.is has suggestions along these lines, we’d be happy to consider them.

(2) Sep 11 2021: "Does Cloudflare's 1.1.1.1 DNS Block Archive.is? (2019) (jarv.is)" [https://news.ycombinator.com/item?id=28495204]

zamadatix3d ago

The 1.1.1.1 referred to in the above is Cloudflare's main resolver, 1.1.1.2 & 1.1.1.3 are for those intentionally looking for malware and content blocking.

razingeden4d ago

Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.

The c&c/botnet designation would seem to be new though.

winkelmannOP4d ago

Hamuko4d ago

kmeisthax3d ago

https://news.ycombinator.com/item?id=19828702

akerl_4d ago

Have they? The thing I remember previously was archive.is, and it wasn’t a block, archive.is was serving intentionally wrong responses to queries from cloudflare’s resolvers.

This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.

razingeden3d ago

Thank you. And all. It’s too late to edit my comment but the ones in this vein checked out and I stand corrected

altairprime4d ago

Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.

vachina4d ago

> Cloudflare dns has gone back and forth.

Just tells me they are an unreliable resolver. Instead of being a neutral web infra, they actively participate in political agendas and censor things they "think" is wrong.

akerl_4d ago

1. As noted in prior comments, Cloudflare wasn’t blocking this site previously. The site operator chose to make their site unresolvable by Cloudflare.

2. 1.1.1.2, the resolver being discussed in this post, is explicitly Cloudflare’s malware-filtered DNS host. 1.1.1.1 does not filter this site.

hrmtst938374d ago

If you want "neutral" DNS now, run your own resolver and hope upstreams don't backstab you ltaer, because outsourced trust never come free.

breppp4d ago

While I fully support this instance, I wonder what else Cloudflare has set to "Censored", apart for the obvious CSAM

Kwpolska4d ago

sgbeal4d ago

> 1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. ...

TIL, thank you. Time to go tweak my pi-hole server...

surgical_fire4d ago

I have no idea why anyone would use Cloudflare DNS, much less trust their more filtered versions.

Hamuko4d ago

The "censored" part of archive.today seems unrelated to the filtering itself. 1.1.1.3 flags Pornhub.com as "EDE(17): Filtered" but archive.today is "EDE(16): Censored".

Supposedly it should be an external party that's requiring Cloudflare not to publish the DNS record. https://www.rfc-editor.org/rfc/rfc8914.html#name-extended-dn...

bunbun694d ago

Good. What archive.today is doing is illegal

croes4d ago

Two wrong don’t make a right.

Cytobit4d ago

True, but not relevant.

https://quad9.net/service/service-addresses-and-features/

GTP3d ago

I reported the miscalssification, you can do it as well from the linked page.

coretx3d ago

Cloudflare is a clandestine intelligence operation run by a rogue nation. Just like spamhaus and many other firms that have ridiculous amounts of illegitimate and unchecked power.

sc68cal3d ago

Spamhaus only has this power because administrators opt-in to their service. It is useful, so people use it.

ck23d ago

quad9 dnscrypt for the win

       Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled

       IPv4
       9.9.9.11
       149.112.112.11
       IPv6
       2620:fe::11
       2620:fe::fe:11
       HTTPS
       https://dns11.quad9.net/dns-query
       TLS
       tls://dns11.quad9.net

_moof4d ago

Good. You don't get to use my computer for a DDoS. I don't care why the DDoS was happening. I wasn't asked, and that's a serious breach of trust.

longislandguido4d ago

Breach of trust by a site whose unstated primary purpose is bypassing paywalls and ripping off content?

20 years ago during the P2P heyday this was assumed to come with the territory. Play with fire and you could get burned.

bawolff4d ago

Nobody was shedding any tears 20 years ago for the virus makers who had their viruses flagged by virus scanners.

kay_o4d ago

Given they are retroactively tampering with past archives it's not exactly trustworhy in the first place

Nuzzerino4d ago

I always thought that mainstream media sites with paywalls were pretty far down there in the tier list of websites though. Not sure if this analogy lands unless irony was the goal.

[1] https://news.ycombinator.com/item?id=47474777

fckmodsyesu3d ago

This involves nation state actors, you can't trust anything said here.

1o1o1o1o11d ago

Clever way to deplatform a site they don't like.

pamcake3d ago

Looks like there are several fresh data points for those tracking personas related to .today operations on display in this very thread...

It's either sockpuppets or evidence of larger op

acejam3d ago

Sacrificing performance for a faster lookup time makes no sense in 2026. This is the one area where I continue to use Google DNS as it just works. Use anything but Cloudflare in this case, please.

Parent pro-tip: Next time the iPad is having Bluey episode playback issues, check to see if you're actually using Cloudflare DNS.

tredre33d ago

Without ECS, the CDN will default to the closest one to the resolver, and cloudflare has resolvers in all major cities.

Given that the vast majority of us live in or near a major city, it means that your vaguely gloom and doom commentary doesn't apply.

If you live in the boondocks or if CDN matching misbehaves for some reason, by all means run benchmarks!

But all other things being equal, Cloudflare's privacy policy is better than Google's.

acejam2d ago

I'm near a major city. Your comments unfortunately do not align with my experience, nor the experience of several people that I know. Testing has confirmed this.

charcircuit4d ago

When the heat dies down, hopefully this flag gets removed.

dydgbxx4d ago

Why? It’s accurate and if the owner has chosen to do this for months now, why should we ever trust they won’t again? Nobody should ever use that site and every optional filter should block them.

winkelmannOP4d ago

Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.

leonidasv4d ago

Also, they were caught tampering saved webpages as well, so the website cannot be trusted to fulfill it's main purpose anymore: https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-a...

charcircuit4d ago

>Why?

Because once the problematic content is removed it should no longer be blocked.

>It's accurate

It is neither a C&C server for a botnet, nor any other server related to a botnet. I would not call it accurate.

>Nobody should ever use that site

quotemstr4d ago

Because it's not the place of a DNS resolver to police the internet.