Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2

Original Article ↗ Hacker News Discussion ↗

Cloudflare’s Classification Change

  • Cloudflare’s malware-filtered resolver 1.1.1.2 now returns 0.0.0.0 for archive.today/.is/.ph with an error code indicating “Censored” and categories including “Command and Control & Botnet” and “DNS Tunneling.”
  • The unfiltered resolver 1.1.1.1 still resolves these domains; 1.1.1.2 and 1.1.1.3 are explicitly opt‑in filtered services.
  • Some see this as a justified security response; others view it as DNS censorship and argue a resolver should remain neutral.

DDoS and Botnet Debate

  • Multiple commenters reference earlier reports that archive.today injects JavaScript which causes visitors’ browsers to repeatedly query a critic’s blog, effectively DDoSing it; the attack is claimed to still be ongoing.
  • Many argue this makes archive.today functionally a browser‑based botnet and fits a C&C classification: the site instructs connected clients to attack a specific target without their consent.
  • Others push back on the terminology, arguing that JS on a page is not a traditional botnet/C&C (no persistent control, users must be on the site), though they generally agree the behavior is unethical and possibly illegal.

Archive Integrity and Trust

  • Serious concern is raised about reports that archive.today modified existing archived pages (e.g., changing names inside stored articles) as part of the same feud.
  • Several participants argue that an archive that alters its historical record loses all credibility and is beyond redemption.
  • Others counter that some content manipulation is inherent to paywall‑bypassing archives and that alternative archives (e.g., archive.org) also allow deletions or implicit changes via live JavaScript, so the relative trustworthiness is debated.

Doxxing vs Anonymity

  • A blog post attempting to uncover who runs archive.today is central to the dispute.
  • One side characterizes this as doxxing or stalking, arguing it endangers the operator of a risky, legally exposed service.
  • The other side says the post mostly aggregates prior public information and aliases, calling it normal investigative work about a widely used but opaque site.

DNS Filtering, Neutrality, and Alternatives

  • Some accept Cloudflare’s action as exactly what a malware‑blocking resolver should do and suggest affected users switch to 1.1.1.1 if they want unfiltered access.
  • Others distrust Cloudflare’s role as gatekeeper and recommend alternatives (Quad9, AdGuard, NextDNS, or self‑hosted resolvers), citing privacy, jurisdiction, and past resolution issues.