@GossiTheDog
It still provides a layer of security, provided the threat actor isn't one of the governments Microsoft cooperates with, can't hack Microsoft's servers, can't impersonate law enforcement, and can't hack your Microsoft account (if I recall correctly, getting a recovery key requires password + SMS token, both of which are easy to steal).

In other words, a lock made of papier-mâché.

@eb Their email responses were all pretty much 1/2 sentence(s) long.
I posted verbatim quotes here: https://infosec.exchange/@iampytest1/115905846553756281
But if you are curious, I can post/share the full exchange.

They did respond very quickly, sometimes within a minute.

@eb I just emailed webmaster@archive.ph, which is the email listed on their website, and they responded using norapuchreiner@cofed.com.

@liquidparasyte No, it hasn't been that way for the last 5 years.
The blog post which seemingly sparked this came out 3 years ago, and the malicious code was only added a few days ago.

And also, reCAPTCHA is not the source of the malicious code. There is just a small script at the bottom of the page, added by the owner and separate from reCAPTCHA, which performs the DDoS.

@eb I can't answer #2 and #3, but I emailed the owner and asked why they waiting 3 years, and they gave the fairly strange response that since the person/people mentioned in the article recently became EU citizens, the blog post now violated GDPR.
Even taking that at face value, it doesn't really explain why they chose to launch a DDoS attack.

https://infosec.exchange/@iampytest1/115905994565109535

Just out of curiosity, do you know Jani Patokallio?

@eb while that is a good guess, and may be part of the reason, the owner told me they only put it on the CAPTCHA page because:

We do not want to ddos them to death, just attract attention and increase their hosting bill

Read that as you will.

@lufthans JavaScript.
The code is here: https://social.coop/@eb/115902412468711646

As someone pointed out in the comments, this is not limited to archive[.]ph. Other archive.today domains have the malicious code.
I don't want to update the initial post as that will send a ping to every single person who liked or boosted it.

@creaturr Both of them have the malicious script.

@tapafon I did not, but I did inform the maintainers of some very popular ad-blocking lists, and one (AdGuard) has added a filter to protect their users.

@kitten It is a small blocklist I created and maintain of malware, phishing, scams, and other threats.

https://github.com/iam-py-test/my_filters_001/blob/main/antimalware.txt

@Bette that is very strange. I'm not sure what that is.
Would you mind taking a screenshot of it?

@Bette what kind of popup?

The malicious code on archive[.]today runs within your browser; it doesn't infect your computer with malware.

I have posted about this on BlueSky and X.

https://bsky.app/profile/did:plc:ysz3jltsuhnyrqrskrcbcz2s/post/3mcj75vyiec2u

https://x.com/iam_py_test/status/2012010781622353950

I have also blocklisted it in Imre's malware list.

Despite times call for despite measures. It isn't often a popular website starts DDoSing somebody.

I have also informed members of the content filtering community though a red phone on my desk.

I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.

Behind CloudFlare: https://tria.ge/260116-d3jafadj81/behavioral1

Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.

Original source:
https://social.coop/@eb/115902323900229756

An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).

And yes, this is a real problem, see i.e. https://github.com/AdguardTeam/AdguardFilters/issues/220039

I know I have said this before, but if your website or app breaks because it can't load Google Analytics, then it is just poorly designed and that is your fault.

Your website/app shouldn't break when failing to load anything non-essential, let alone something users have a good reason to block.