English Wikipedia deprecates archive.today after DDoS against blog, altered content

Technology report

English Wikipedia deprecates archive.today after DDoS against blog, altered content

For further Signpost content on this topic, see previous Signpost coverage, and coverage in this issue's In the media and News and notes sections.

After the website archive.today launched a DDoS campaign against a small blog in January 2026, a request for comment was started. After the discovery of tampered archives, consensus was reached to deprecate the site used almost 700 thousand times on the English Wikipedia.^[1]

Note: archive.today is not to be confused with archive.org, which is the domain of the unaffiliated Internet Archive.

DDoS attack discovered, discussion begins

An archive website is used to store webpages, to prevent them from becoming lost media.

On February 5, a suspicious script, added to archive.today's CAPTCHA page, was mentioned at Village Pump (Technical) by a Wikipedian, after it had been previously reported on Hacker News in January. This developed into a request for comment on February 7 over what to do about the site, as addressing the widespread use of the site could lead to significant disruption. With archived web pages being used to verify information across the wiki, concerns were raised about the impact of deprecation or blacklisting. Other Wikipedians raised safety concerns over linking to a website which is running malicious code in user browsers, and some argued that it was a breach of trust, and brought up previous discussions over the sites practices.

archive.today has been cited almost 690 thousand times on Wikipedia, and the main objection to deprecation was on the grounds of losing access to many sources exclusively archived there. While the RFC was still ongoing, several editors began discussing ways to "deprecate without losing verifiability" by creating archives on the Wikipedia platform, using a tool that would fetch content from the archive.today site and remove Javascript.^[2]

Flowchart showing how a user's computer may be caught up in the attack

Alternative archiving websites, such as the unrelated Internet Archive (archive.org), Megalodon, and Ghost Archive were also brought up several times in discussions. Editors also brought up the four previous RFC's,^[3] and the consensus to blacklist the site in 2013, because of concerns over linkspamming, the operations of the site, and the use of unauthorised bots linking to the sites archives. This was later overturned in 2016.

The process was monitored by the Wikimedia Product Safety and Integrity team, who left a note explaining their approach and their view, and encouraged the community to "carefully weigh the situation before making a decision on this unusual case."

Evidence of tampering leads to RFC closure

“

This is scary stuff. I don't know what to make of it.

”

— Wikipedia (archive.is RFC 5)

On February 18, evidence emerged that some archived pages had been modified by the webmaster, where an alias of the webmaster was replaced with the name of the owner of the blog.^[4] This led to the RFC being closed February 20 with a consensus to deprecate the source, remove links to the site, and eventually add it to the Spam blacklist.

“

There is consensus to immediately deprecate archive.today, and, as soon as practicable, add it to the spam blacklist (or create an edit filter that blocks adding new links), and to forthwith remove all links to it. There is a strong consensus that Wikipedia should not direct its readers towards a website that hijacks users' computers to run a DDoS attack (see WP:ELNO#3). Additionally, evidence has been presented that archive.today's operators have altered the content of archived pages, rendering it unreliable. Those in favor of maintaining the status quo rested their arguments primarily on the utility of archive.today for verifiability. However, an analysis of existing links has shown that most of its uses can be replaced. Several editors started to work out implementation details during this RfC and the community should figure out how to efficiently remove links to archive.today.

”

Community members develop guidance

Several members of the community have created guidance to editors on how to proceed with the removal of links to the archive, and have provided resources to aid and direct the process, such as a list of high traffic articles linking to the archive, instructions for users who need to visit the site, and a CSS script which highlights references linking to the domain or any of its mirror sites.

“

It seems to me that we would be well advised to follow the example of English Wikipedia, even if removing links to archive.today and other associated sites (archive.is, etc.) will require quite a bit of work.

”

— French Wikipedia, Le Bistro/21 février 2026. Translated from French with Google Translate.

Discussions are ongoing on other Wikimedia projects, and an index has been created on Meta-Wiki. The French Wikipedia followed the English language edition, with the service added to their spam blacklist.^[5] Over on Meta-Wiki, an administrator declined a request to globally blacklist the archive, as "There are too many usages on too many wikis. [English Wikipedia's] consensus alone isn't going to be sufficient to blacklist this domain globally." They added that "the next step would be to open a global RfC."

The incident has drawn widespread attention, with the RFC having over 200 participating editors, 30 thousand pageviews, and more than one thousand total edits. Additionally, the guidance page has had over 13 thousand views, and the archive.today article peaking at 9093 views on February 21, a day after the site was deprecated. Several media outlets including Ars Technica and The Times of India also produced news coverage of the decision; see this issue's In the media for further information.

Footnotes

^ Brodkin, Jon (2026-02-21). "Wikipedia blacklists Archive.today, starts removing 695,000 archive links". Ars Technica.
^ See WP:NOMOREARCHIVETODAY#Migrating or cloning archives and #Sanitized proxy.
^ Previous RFC's: 1, 2, 3 and 4
^ see Wikipedia:Requests for comment/Archive.is RFC 5#Evidence of altering snapshots
^ see the blacklist request and relevant discussion

← Previous "Technology report"

In this issue

10 March 2026 (all comments)

+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.

I'm not sure why we were using an archiver so many times in articles as sources, but I'm not surprised, especially when it's being run by one person. TheTechie^[she/they] | talk? 05:12, 10 March 2026 (UTC)[reply]

Have we used archive.today many times as source? Using it as archive-url isn't using it as source, the source is whatever's being archived, and people used because they knew about it and it was quite practical. Gråbergs Gråa Sång (talk) 06:11, 10 March 2026 (UTC)[reply]

I have seen a very few cases of an archived page being added as a new citation to cite a web page that is no longer available. The overwhelming number of cases of citations linking to an archived page were linked to the original page first, and then switched to link to an archived copy of the page when the original was no longer available (see WP:Link rot). Linking to archived copies of no longer available web pages that have been used as sources is recommended and desirable to maintain verifiability. Donald Albury 15:14, 10 March 2026 (UTC)[reply]

I presume many people were using archive.today to get around paywalls. I prefer to add cites to non-paywalled sources when possible, though I know that's not required. Funcrunch (talk) 17:26, 10 March 2026 (UTC)[reply]

Obligatory shoutout to Wikipedia:WikiProject Resource Exchange/Resource Request, for assistance accessing sections of paywalled/harder to find dead tree media. GreenLipstickLesbian 💌🧸 18:42, 10 March 2026 (UTC)[reply]

I think the issue here is not access (archive.today remains active) but verifiability, ensured through archiving of a full-text copy of a newspaper source. It is a long-term issue and an important protection against the proliferation of fake claims in today's internet. The trustworthiness of Wikipedia increases when readers are able to follow the link and consult the original source on a key point or when in doubt. VampaVampa (talk) 06:45, 14 March 2026 (UTC)[reply]

I agree with you that reliable archives, when we know the site operator is not going to go and illicitly tamper with/forge archived content, are useful. And I agree that linking to archives which allow the reader to consult an unadulterated copy of the original source only increases the trustworthiness of Wikipedia.

That's why I voted to deprecate and blacklist an archive which we know, for a fact, has no issue tampering with said archives. GreenLipstickLesbian 💌🧸 07:27, 14 March 2026 (UTC)[reply]

How do we know archive.today "has no issue tampering with said archives" in general, beyond the single case that apparently made hell freeze? It is certainly noteworthy in a community that values reliable sourcing and verification of special claims with special evidence, not to mention NPOV, that the RfC was closed just over seven hours after the report that some snapshots may have been tampered with. VampaVampa (talk) 07:32, 14 March 2026 (UTC)[reply]

'How do we know that somebody might do X, putting aside all previous incidents where they have done X?" I don't know - if you ignore the evidence, you can get to any conclusion you want.

If you'd like to see evidence of the tampered screenshots, you can note where I posted archived links to the tampered pages in the discussion. GreenLipstickLesbian 💌🧸 07:38, 14 March 2026 (UTC)[reply]

What are those "all previous cases"? I have only heard about one, and its circumstances are not ordinary. VampaVampa (talk) 07:51, 14 March 2026 (UTC)[reply]

See Archive.is Requests for comment: 1, which resulted in it being blacklisted: A bot called RotlinkBot, created by User:Rotlink, has recently begun linking Wikipedia articles to the new Archive.is service. This bot was not approved, and was therefore subsequently blocked. [...] These IPs, and User:Rotlink, self-identified as the owner of archive.is, were subsequently blocked; 2, 3, 4, and 5, the latest one. Alongside the tampering and the DDoS, the webmaster already had an established history of engaging in malicious practices. Mitchsavl (talk) 11:19, 14 March 2026 (UTC)[reply]

I also do not think it is a good idea for me as a Wikipedia editor to form my judgment based on primary sources that require interpretation. VampaVampa (talk) 07:57, 14 March 2026 (UTC)[reply]

Typo? unafilliated > unaffiliated jengod (talk) 19:26, 10 March 2026 (UTC)[reply]

Thanks! I’ve fixed it. Mitchsavl (talk) 20:38, 10 March 2026 (UTC)[reply]

Wikimedia should roll their own archiver. Take some of those megamillions from contributors which are now gathering dust, and create a proper, ethical archiving service. There's a need. Marcus Markup (talk) 20:00, 10 March 2026 (UTC)[reply]

Hear, hear. --_{Piotr Konieczny aka Prokonsul Piotrus| reply here} 03:41, 12 March 2026 (UTC)[reply]

I have just learned about the Archive.fo/Archive.toda*y (the filter prevents me from even naming it) thing by reading this article. Here is my two-cent opinion for what it's worth.

How about internet pages that are only saved on this archiver (example)?

Why should we care about the personal life and beef of a blogger? Where do we stop, should we stop using web pages that are used to mine cryptocurrencies, or are linked to whatever political opinions?

I see multiple discourses in favour of "internet preservation" and whatnot all the time online (see also 2025 United States government online resource removals), I believe blacklisting Archive.fo/Archive.toda*y is a terrible idea as well as a form of WP:CENSORSHIP and textbook WP:RIGHTGREATWRONGS. This would not be the first time the woes of specific individuals are used (weaponized?) to censor WP (see Kiwi Farms and its 'Frequently asked questions' on the talk page, and also the fact it was decided by RFC the WP article would not display the website's URL while for example the WP articles of the Islamic Revolutionary Guard Corps and those of its branches, or of 4chan.org/pol/, have their URLs displayed). Despite being from 2009, Wikipedia:Censorship issue is still very relevant. Veverve (talk) 22:51, 10 March 2026 (UTC)[reply]

Trust is a major concern raised by the actions of the webmaster of archive.today, as if they are willing to modify archives and launch an attack against a small blog they are in a dispute with, then how are we to trust them not to attack more sources or modify large swathes of their archive (through the use of an automated tool)? Verifiability ultimately relies on the trust we have in that source that the information on it is correct, and this is especially true when relying on a single source for that information; when trust is void, so is any reason reliant on that trust.WP:RIGHTGREATWRONGS also is for the article content, not links from the article content, the relevant bit of community guidelines here is WP:ELNO, which states that: Except for a link to an official page of the article's subject, one should generally avoid providing external links to: [...] 3. Sites containing malware, malicious scripts, trojan exploits, or content that is illegal to access in the United States.

As for why the 4chan and IRGC links are still there while Kiwi Farms had its link removed is because Kiwi Farms has community consensus to remove the links, but nobody has challenged the links challenged.

Mitchsavl (talk) 05:42, 11 March 2026 (UTC)[reply]

Keep up with The Signpost on Twitter, Facebook or Mastodon.

Home

About