Internet Archive and the Wayback Machine Under DDoS Cyberattack

The Internet Archive is "currently in its third day of warding off an intermittent DDoS cyber-attack," writes Chris Freeland, Director of Library Services at Internet Archive, in a blog post. While library staff stress that the archives are safe, access to its services are affected, including the Wayback Machine. From the post: Since the attacks began on Sunday, the DDoS intrusion has been launching tens of thousands of fake information requests per second. The source of the attack is unknown. "Thankfully the collections are safe, but we are sorry that the denial-of-service attack has knocked us offline intermittently during these last three days," explained Brewster Kahle, founder and digital librarian of the Internet Archive. "With the support from others and the hard work of staff we are hardening our defenses to provide more reliable access to our library. What is new is this attack has been sustained, impactful, targeted, adaptive, and importantly, mean." Cyber-attacks are increasingly frequent against libraries and other knowledge institutions, with the British Library, the Solano County Public Library (California), the Berlin Natural History Museum, and Ontario's London Public Library all being recent victims.

In addition to a wave of recent cyber-attacks, the Internet Archive is also being sued by the US book publishing and US recording industries associations, which are claiming copyright infringement and demanding combined damages of hundreds of millions of dollars and diminished services from all libraries. "If our patrons around the globe think this latest situation is upsetting, then they should be very worried about what the publishing and recording industries have in mind," added Kahle. "I think they are trying to destroy this library entirely and hobble all libraries everywhere. But just as we're resisting the DDoS attack, we appreciate all the support in pushing back on this unjust litigation against our library and others."

Good time to donate. Link here.

[MikeDataLink]

Its not the DDoS you should worry about, its their ability to fend off the the music industry and hollywood.

Donate here: https://archive.org/donate [archive.org]

Re:

[Moryath]

There's a coinflip chance that it's someone in the music industry, hollyweird or similar that's funding the DDoS hoping to knock the internet library offline and fuck the preservation of our collective history over.

Re:Good time to donate. Link here.

[AmiMoJo]

As much as I love the Internet Archive, I think Lawful Masses summed it up when he said they were pretty screwed: https://youtu.be/HUx2mbBhjI8 [youtu.be]

The issue is that there is a lot of copyrighted material on there, and the IA doesn't have any mechanism for users to flag it as being e.g. a book that should be part of the lending system. So when a user uploads music, it instantly goes public and can be downloaded by anyone, an unlimited number of times.

You can send the item to the IA for them to scan/rip, but there is a backlog of several years. And you probably aren't getting your item back.

I don't know why they don't just add a "make this lendable" button to their upload form. It may be because the code is a complete mess - it's closed source and I get the impression a nightmare to work on, because they won't let anyone help with it.

Re:

[Anonymous Coward]

Why, so you can pay to move your site behind broken/unsolvable captchas and potential censorship by an untrustworthy company? At this point, I'd not be surprised to learn that Cloudflare is indirectly behind the DDOSs. Even if not, their near monopoly over the Internet "protection" racket is very worrying.

The other likely possibility, is the escalating global war on free speech, and historical records and other knowledge that don't fit the prevailing narratives make them prime target.

Probably AI

[Anonymous Coward]

We had a customer (childrens charity) who experienced a 20000% rise in traffic in a month, they weren't sure what they had done to piss someone off but it dragged them down and so called us for some help, we investigated and it turned out it was all coming from Google Compute (15,000 machines) and Amazon AWS (12,000 machines) crawling them over and over grabbing everything, PDFs, zip files, lectures (mp3), videos, annual statements, you name it if it was accessible it was downloaded, repeatedly (despite having a robots.txt).
if we blocked a single IP they would just retry from Asia, or Ireland or USA or SG, it was just like a criminal DDOS and wackamole with an adversary that had basically infinite bandwidth.

So what was their response ? well, if we fill out a fsking giant form wanting every little personal detail they will forward our PII to the offenders and that was the best they could do, both of them took no responsibility for the abuse at all.

We finally stopped them by writing code to trawl the logs and IP ban every single one of them, ending up with a massive list,
USA needs to get serious with these fskers, this AI frenzy is ridiculous and the sooner they are sued into the dirt the better.

Re:

[TheRealMindChild]

What?

Re:Probably AI

[Seven Spirals]

I recently had the same experience with a consulting client. In their case, it was mostly something called "sqlmap", followed by GoogleBot, PetalBot, Bingbog, and Anthropic's "Claudebot". The customer had a Linux server and they'd written a script like yours to populate some IP tables with attacker IPs. However, there were so many, the firewall filter started to slow down absolutely everything on the system (and it's a type of load that's a bit harder to track than regular processes, but not much). Interesting that IP tables machines would slow down to a crawl but the same ruleset on a *BSD box produced next to zero extra load. Maybe I needed to do a better job structuring the rules on Linux or something.

We noticed that, other than SQLmap (which didn't have more than 100 sock puppet servers), they all populated their USER_AGENT with some kind of unique string. Our solution was to add an Apache redirect so they'd all end up with a "403 Forbidden" error and nothing else. Here's the snippet in case anyone else is interested:


DocumentRoot /var/www/html/
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (sqlmap|bingbot|PetalBot|AhrefsBot|SemrushBot|YandexBot|DotBot|wpbot|magpie-crawler|coccocbot-web|MJ12bot|SeznamBot|Amazonbot|ClaudeBot|yacybot|Bytespider|Barkrowler|ImagesiftBot|Applebot|keys-so-bot|Go-http-client|ZoominfoBot|facebookexternalhit) [NC]
RewriteRule .* - [F,L]

Re:

[sg_oneill]

Big messy routing tables has always been something the BSDs have exceled at, although modern linux is no slouch, configured correctly But theres a reason BSD has been so popular an OS to base router OS's from

Re:

[AmiMoJo]

For smaller sites, sticking Cloudflare in front of them (the free version) seems to be effective. I was getting a low of crawler traffic for a while, but Cloudflare mitigated it.

Re:

[Deal In One]

I wonder if whoever was DDoS'ing your client from Google / Amazon actually paid their bills. I hope not so that Google / Amazon knows that next time their "client" launches an attack on someone, they going to lose a bunch of money if they don't stop it.

Script kiddies and their bot nets....

[Indy1]

I really don't get it. What does anyone have the gain by DDOS'ing archive.org ?

If you're ddos'ing the feds, or some Hollywood studio, or M$, I'd get it (even if its rather pointless in the end), but archive.org ??

Re:

[Moryath]

You'd be amazed how many companies, publishers, etc... might have a hand in it. Archive.org has all sorts of things that are abandonware or public domain, and they HATE that. Could even be a book publisher trying to fuck over their checkout system for digitized out-of-print volumes.

Re:

[karlitoX]

Changing history might be worth it.

"Threat attackers have been observed conducting DDoS attacks to deflect attention away from their intended target and using the opportunity to conduct secondary attacks on other services within a network."
https://www.cisa.gov/sites/def... [cisa.gov]

Similar industry comments:
https://www.cyberdefensemagazi... [cyberdefensemagazine.com]
https://www.cloudflare.com/lea... [cloudflare.com]
https://www.kasada.io/credenti... [kasada.io]

Re:

[geekmux]

I really don't get it. What does anyone have the gain by DDOS'ing archive.org ?

If you're ddos'ing the feds, or some Hollywood studio, or M$, I'd get it (even if its rather pointless in the end), but archive.org ??

In a litigious world ripe for legal discovery, history can easily be used as a weapon.

Perhaps this is why some may have issues with those who literally exist to preserve it.

Re:

[MachineShedFred]

With the prevalence of lying, flip-flopping, and general hypocrisy in politics these days, I have no problem thinking that some particular people might want past comments they've made become "unfindable." And with some of these hypocrites having ties to foreign governments with capabilities of doing such things, this doesn't seem like a very far-fetched thing.

IDF pulling head off babies :o

[Mirnotoriety]

Anonymous Troll [slashdot.org]: “This is retaliation from Israel because the archive is refusing to take down videos of the IDF committing war crimes and genocide. One of the videos in question shows the IDF pulling part of a dead infant from bombed out rubble and proceeding to cut the head off. You won't hear about this on either Fox or NPR.”

Do you have any verifiable citations for that statement?

Re:

[iAmWaySmarterThanYou]

Was this the link you wanted?

https://x.com/AbuAliEnglishB1/... [x.com]

That "child" he's waving around for the camera looks like a doll. Weird how its head could be clean cut off but there's no blood. I guess Palestinian dolls don't bleed.

Re:

[iAmWaySmarterThanYou]

Hunh, weird, that guy has a weird knack for being around when there's a dead "baby" that needs to be waved around in front of cameras....

https://x.com/KingOffX_/status... [x.com]

Re:

[iAmWaySmarterThanYou]

Yeah true, there's no blood when a head pops off.

Unless it's a doll. Dolls have lots of blood.

Oh wait no I have that backwards.

What about all the other "dead kids" this same guy waves in front of cameras? All no blood.

https://x.com/KingOffX_/status... [x.com]

Re:IDF pulling head off babies :o

[FudRucker]

the dead dont bleed, blood soon coagulates after death,

Re:

[AmiMoJo]

Nice attempt to troll. To save everyone else a click, the link goes to a fake recording supposedly of Hamas talking about how the recent massacre in a refugee camp was their fault. Israel always does this after a massacre - blames everyone else, concocts some fake "intercepted phone calls/radio transmissions", and tells the world in English that it is really sorry while telling its own people in Hebrew that it's all part of the plan.

Re:

[iAmWaySmarterThanYou]

Fake? Bullshit. Which of your Hamas terrorist friends says that? You need more than hand wave "I say it's not true" to discount a lengthy url full of data and maps.

The link has detailed maps imagery showing the explosion was outside the designated safe zones
AND
shows the explosion was caused by Hamas weaponry exploding which as usual was stored next to civilians.

This is the same story as the hospital parking lot the Palestinians blew up and antisemites like you ran around calling the Israelis killers over

Re:

[AmiMoJo]

They actually altered the map *after* the massacre to make it look like it wasn't a safe zone: https://x.com/marcowenjones/st... [x.com]

The IDF is really, really bad at lying.

Re:

[iAmWaySmarterThanYou]

Oh shit, things change in a war zone over time. Shocking!

Now then back to the real world where scumbag is in multiple pictures at multiple different times and locations waving "dead babies" (aka "dolls") for the camera. Got an answer for that?

IDF uses smaller precision weapons whenever possible and hasn't had a bomber since the early 70s. How did this huge ass explosion occur? Oh yes, it was the explosive depot Hamas stored in a crowded civilian area which is their standard method of operations, hoping