Archive.today apparently hijacks visitor’s browsers to DDoS a blog that tried to uncover the identity of the archive’s admin. UBlock helps to stop that script.
There may be genuine use cases to run a script, or whatever the attacker used. The problem is the browsers will auto-run stuff, the user isn’t aware and there’s no way to stop it.
All unlock does is provide the missing security layer called “don’t auto run shit from the web”.
The NoScript extension will properly do this. The extension blocks domains from running scripts except those you’ve whitelisted. There’s a drop down that displays a list of domains from which the page wishes to run scripts. It makes much of the web a pain to use, though. I sometimes have to go through a loop of whitelisting a subset of domains which want to run followed by a page refresh until the page works. Javascript is often not optional. If you had to live like Richard Stallman professes you should, you’d probably have to join the Amish.
On January 21, commit ^bbf70ec (warning: very large) added gyrovague.com to dns-blocklists, used by ad blocking services like uBlock Origin. This is actually beneficial, since if you have an ad blocker installed, the DDOS script’s network requests are now blocked. (It does not stop users from browsing to my blog directly.)
Archive.today apparently hijacks visitor’s browsers to DDoS a blog that tried to uncover the identity of the archive’s admin. UBlock helps to stop that script.
Another example why Unlock Origin should be considered essential security software, not just an “ad-block”.
If a tool is demonstrably indispensable to disable some browsers’ functionality, is it wise for browsers to have that functionality?
I like it being extensible instead, as some adblocks might be opinionated or unresponsive. It’s easier to swap adblocks then browsers.
There may be genuine use cases to run a script, or whatever the attacker used. The problem is the browsers will auto-run stuff, the user isn’t aware and there’s no way to stop it. All unlock does is provide the missing security layer called “don’t auto run shit from the web”.
it won’t provide that, everything will still autoorun, but known bad things won’t get to run
The NoScript extension will properly do this. The extension blocks domains from running scripts except those you’ve whitelisted. There’s a drop down that displays a list of domains from which the page wishes to run scripts. It makes much of the web a pain to use, though. I sometimes have to go through a loop of whitelisting a subset of domains which want to run followed by a page refresh until the page works. Javascript is often not optional. If you had to live like Richard Stallman professes you should, you’d probably have to join the Amish.
I would be happy to contribute some browser action to ddos some fucking mercenary blog working for tech parasites.
makes sense, I didn’t get it when people started saying it but I don’t browse without ublock
Would that be by default, or do I need to enable something specific
It’s by default easylist-privacy list is default
from what I heard, the default one is enough. Although I haven’t checked it
from the blog in question
- https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/
can’t find anything from a quick look that confirms this list is used by default in ubo
I don’t see that particular list, but the same filter is present in EasyPrivacy from EasyList, which is enabled in uBO by default.
nice one, cheers. it’s there in line 16607 in EasyPrivacy, same guy runs btdig dot com?
||gyrovague.com^$domain=archive.fo|archive.is|archive.li|archive.md|archive.ph|archive.today|archive.vn|btdig.comI don’t know more than what the wiki article linked to. It says UBlock blocks it. It doesn’t say any more than that.