Archive.is is being exploited to make honeypots

There was a thread here about two weeks ago from an user claiming there was something fishy about archive.is. He had completed a ton of research on the owner / creator and it turns out he was a spook.

I wish I had screen capped it.

Noscript does not protect against this.

It's a simple img src tag loading the image; thus the embedded image does not rely on a script.

The exploit used to put it onto archive on the first place may have required a script, but that doesn't matter once it's up.

Always screencap, user. ALWAYS.

Fuck fuck fuck does this only happen if you've opened an archive link or do you just need to open a thread with one? I haven't really clicked any.

I'm on my phone so I have no idea if that makes it better or worse.

Saw it, blocked the domain immediately.

Bump for importance

if you click an archive.is link, and get a spinning loady thingy. That's the point at which your browser has requested the image from their server.

the tracking image is www.henley-putnam.edu/Portals/_default/Skins/henley/images/loading.gif
the archive from the post referenced in OP is one. i noticed it earlier too

sorry, I didn't want to wait and let other anons fall for it

idea: anyone know of sites where we can post this image from their server and get some bad info in their logs?

Only if you click the affected link.

Trying to make a new one gets it too. Tried with a twitter post.

archive is/osfU4

This link does that.

No problem.

I'm the guy from the other thread who found the issue.

I wanted to put a few lines of

CONDUCTOR WE HAVE A PROBLEM
CONDUCTOR WE HAVE A PROBLEM
CONDUCTOR WE HAVE A PROBLEM

at the top of the post to make it stand out.

Missed opportunity.

Fuck. Archive was our best way to prove that something was the way it was. Now shit can get memory hole'd.

checked, and confirmed.

le reddit Use a fucking VPN next time

If I recall correctly from the user's old thread. The creator works for or is associated with Henley-Putnam in some way.

dang, maybe we can get it pinned. seems pretty important

here's some of the people we're dealing with:

Founder
Nirmalya Bhowmick, PhD. (h.c.), Founder and Special Advisor to the Board and CEO

Administration
James P. Killin, President
Amy DiMaio, PhD., Provost of Academics
Raymond M. Asad, MBA., Director of Finance
Nancy Reggio, Director of Admissions

Henley-Putnam University Board of Directors
G. Michael Stakias, President, Liberty Partners:
William A. Landman, Chief Investment Officer, CMS Companies:
Tim Foster, CEO, Concorde Career Colleges:
Karen P. Tandy
Michael Hillyard
Walter Burl Huffman
Richard (Tom) Ingram
Peter Bennett

Will tor browser reveal my ip too? or It will just reveal the exit node's ip?

Should we post those links allover to give him false positives?

Archive.is still works just fine for saving real shit.

yes, i would say so.

Tor should not reveal your IP but there are some java script and flash based exploits. That's why those things are disabled by default

I never worry about any of this stuff. Am I fucked?

It would water down the stats that they are looking for, with useless data and normie IPs.

tfw behind 7 proxies

Do you carry? Be on your toes and watch your back.

...

I think it just means someone is harvesting the IP's of people who view archives of pages.

Yea, it'll help the anons who were spoofing their referrer at least

I hate to ask, but can someone crosspost this to cuckchan?

I don't want to talk to cucks, SJWs, and summerfags right now.

i guess they should know too, im banned forever for trying to dox CTR there though

Those links are being actively posted HERE, in threads with phony news stories and fake happenings to encourage clicks.

They are harvesting lists of Holla Forums users, specifically.

Here are some alternatives. They need to be vetted though.

webcitation.org/archive
freezepage.com/

Change your IP and go back to cuckchan, rapefugee.

got a VPN. am i good?

boards.4chan.org/pol/thread/95832746

Someone bump if before it dies

View this poster with skepticism. There has been a rash of subhumans posting for unknown but coordinated purposes recently.

wut?

This is the real deal, we need to spread this link to muddle the IP's

Yea, you good.

thanks fam

The following archives are BAD. Spread them around to muddle ip's
archive.is/dhn3L
archive.is/osfU4
archive.fo/fsnL7
archive.is/72f3y

I have a feeling that 4pol is genuinely dead.

Occasionally, users from here go there to feed them info, and they don't respond to those threads.

The thread about the archive.is exploit is nearly dropped off the last page already, and not a single reply.

Meanwhile, the slide threads are full of replies.

I am convinced that cuck/pol/ is just bots talking to bots now.

I hope moot gets bone cancer.

This. Though you'd need a lot of IP addresses (not VPNs but innocent bystanders) to access these links to saturate it. You could post them on twitter and bait normalfags to click on them.

No links are working currently, in fact archive.is redirects to archive.fo.

This site has always been blocked in China and it's made it impossible for me to view half of the links posted here.

But to add, there's a problem, referrer data. They'll be able to focus on ones of Holla Forums origin. So you'd need a way to bombard it with forged referrer data.

This. The entire thing must be fucked, either maliciously or not.

I scoped it out yesterday because I was curious to see how a certain event was being shilled there.

The place was filled with posts like these

The capitalization errors are the real key. They crop up over and over in the strangest way. They shill various angles in waves so that it is impossible to tell what the true aim of the effort is.

pardon me just testing
whatismyreferer.com/

Maybe a script that constantly changes referrer and user agent that is always loading that gif address?

Does it still get my IP if I have uBlock Origin with all the privacy boxes checked?

Fucking dicks. It's on the main page now.

Entire site just got pwned.

I think I've seen archive.is in this state before, months ago.

Yup, I suggest you spread the link to cober your ass.

If you saw the image, they got you.*

*If you saw the image, but you hide your referrer, you will be kind of hidden going forward after we dilute the links, but they got you.

i only went there once to post dox, not really worth it. maybe its better to let them be honeypotted and get the spooks off our backs

If you can't type like a Nazi, you can't be a Nazi; and if you aren't a Nazi, you need to get the fuck off of Holla Forums.

Main archive.is page is back.

Site still slow as shit.

fucking ban me then, i made this thread asshole

So this is how those fucking bastards are going to shut down archive.is and erase all the evidence of their various crimes against humanity?

I think that's what happens when the website itself is overloaded or whatever.

Stop niggering up your own thread cuckchanner.

Something like that, yeah.

Funny, I didn't see the image at all, just a blank page. Doesn't mean I wasn't affected though as the very act of requesting would have been enough.

seems odd that it would use an image hosted on an intelligence school's website

Fuck. I got one of those. Am i fucked now?

nah you can remove the tracking cookie by deleting system32 folder

they're probably honeypotting to perform metrics on who's looking at what. I doubt it would get you v& or anything

INCORRECT.

The site is likely under attack, but real archived pages still load, albeit slow as shit.

Here's one that was crawled a few months ago.

archive.is/Jcz88

(Also an interesting read about an ancient lulzcow from USENET in the 90's that you kids have probably never heard of)

Archive.is/today has been doing something weird for over six months anyways. Never heard anybody else talk about it.

Basically, if using script blockers blocking even first party, every so many months or so (maybe two months)? It will only load a blank page when trying to load an archived page, script blocker will show no scripts blocked, but if you unblock script/XHR for first party then reload then the page will load. You can then block first party again for whatever amount of time it is until it triggers again and archived pages will still load

tfw archive.is has been a honeypot all this time

Like, you have to allow scripts even though scripts don't necessarily show as even being there. At least once every few months or so run the script to "whitelist" yourself. That's my take

archive.is is already registered*
% This is the ISNIC Whois server.
%
% Rights restricted by copyright.
% See isnic.is/en/about/copyright

domain: archive.is
registrant: DP1659-IS
admin-c: DP36-IS
tech-c: DP36-IS
zone-c: CN25-IS
billing-c: DP36-IS
nserver: anna.ns.cloudflare.com
nserver: ben.ns.cloudflare.com
dnssec: unsigned delegation
created: May 16 2012
expires: May 16 2017
source: ISNIC

person: Denis Petrov
nic-hdl: DP1659-IS
address: B?lkova 16
address: CZ-11000 Prague
phone: +420 775168924
e-mail: [email protected]/* */
created: May 16 2012
source: ISNIC

person: Denis Petrov
nic-hdl: DP36-IS
address: B?lkova 16
address: CZ-11000 Prague
phone: +420 775168924
e-mail: [email protected]/* */
created: May 16 2012
source: ISNIC

Website is owned by a Denis Petrov from Prague, Austria. It's hosted in France. It's been serving the image from Henley-Putnam for months. We need to find out what Petrov's relationship ti Henley-Putnam is. An user researched this two weeks ago and came to the conclusion that he's spoof, but no one screenscapped it and everyone forgot about it.

That he's a spook I mean. Sorry for the typos.

how are they funded?

Just made a pajeet tier script, forgot about the captcha so it's damn near useless. Best bet is gonna be spreading the links manually.

I would not trust anything about archive .is right now, if this was a legitmate attack I doubt they would host the script on a college's server.

I know they shill for donations. I don't know if that's there only or primary source of funding.

I don't know what really goes on here but for fucks sake due to one news story we have mods begging us to thank based stasi/FBI. This entire board is really ridiculous lately

And not that I want to give advertising money to various clickbait sites and whatnot but anybody with some working logic would wonder what is archive.today/is and what benefit it has to continue operation?

Or I guess like every other hard question, just explain it away as "magick"

It's my understanding that until recently they were funded by some sort of private funds or donor. I think recently they've been taking donations.

It is possible that the person using the script is a student, or associate, of the university.

To what end?

I mean how many anons get no knock raids or are denied security clearance based on this stuff.

I am not saying that the government is not watching us, but this seems like data mining is going into some vault for no reason. What are the consequences for us as anons when they do this?

The suspense is killing me

So whoever clicked a broken archive link is fucked?

so how do you make this exploit work? if i want to log IPs for everyone who visits my link to a pro-globalism/pro-communist social network, how would I go about that, friends?

That's a real possibility, actually.

Association with certain groups is grounds for denial of a clearance.

You would just need a server in between the social network and the person clicking on the link that logged IPs. After that you'd just serve a link that redirects to wherever you wanted.

The front page of archive .is is compromised as well, if this was an "attack" it would not be condoned by a university for being illegal. And if a student/associate was responsible why would they tie it to their school for no reason?

Archive is involved somehow.

thank you

unless theyre making ad money (they aren't) the only use they have is to record information (intel). i'm not really worried about this whole thing, cause i'm probably on 6 million lists already and they haven't iced me yet. If hillary somehow gets in, we should probably be more careful

My security clearance was never denied, however I admit I have only had secret, but I still hold it.

RequestPolicy then. You should be using both anyway.

Theoretically the attacker may have put a page up on their own webserver containing code which escapes any sanitizing functions in the archive.is webcrawler. Thus in-effect posting arbitrary data to archive.is. That data being an img-src link, and a google-analytics script.

I agree with that, shill be gigging for frogs as her first executive order

loled

You do realize that the news websites can easily track you with their cookies too, right? Especially sites for kike-right like kikebart, not to mention big black cuck or cnn.

FUCK OFF YOU KANGAROO RAPING PRISON COLONY INHABITANT!

I think there is a massive, multi-front effort to trace the patterns and pathways of nationalism rather than any single nationalist. Every individual piece of the puzzle is so sloppy that it gets found out eventually, right down to the shills that push them, but nothing that is visible compromises the entire picture.

Remember that trashy paper documenting the spread of google=nigger? That sort of intelligence operation at a more competent level.

Somebody should warn the guy who runs the site about this. He's on Twitter.

How to beat this:
spam the links everywhere you can and dilute their data pool.

No, you slimy kike.

Any site can be hacked/compromised, and XSS is a very common vector for such assclownery.

The archive.is requirement was a good idea, but archive.is got hacked.

They need to FIX THEIR SHIT ASAP.

The real problem here is autolinkification of URLS.

A URL posted on Holla Forums should NOT automatically become a clickable link. That is a MASSIVE SECURITY RISK due to http referrals.

Someone already did

twitter com/Another_Human/status/794059808605237248

Dammit I had some important stuff on archive.is. Since the site is fucked, where can I archive now?

You should really be spoofing your referrer already.

They didn't get hacked, they've been doing this since their inception. You faggots only just now noticed.

Alternatives were posted in this thread. Does no one read the thread before replying anymore? Go back to cuckchan you fuckin' nigger.

Highlighting and go to still sends referral. Gotta break it up so they have to copy paste then edit in a '.' or the like to stop that.

Goddammit. How many times must I fucking say it?!?!?!?

Your archived shit STILL WORKS.

You can still archive new shit.

Certain "bad-actors" can make bad archives; that's what is going on here.

tfw all my posts go through a burner phone with the GPS ripped out

go to leftpol

So what archiving site should we use instead of archive.is? And we need to make some memes to spread this shit out to our associates and minions elsewhere.

Nearly every media outlet has endorsed Hillary, meanwhile she's been expanding CTR after they've proven the only effective part of her staff in the recent months. I wouldn't doubt that if she wins, there will be the greatest concerted effort to dilute and destroy all records of their shilling and corruption in the history of mankind.

Read the fuckin' thread you nigger.

I'll fucking say it again, you fucking zika potato.

Archive.is still works and you can still use it.

The problem is that certain "bad-actors" can make bad archives.

Just look at how blatant some of them are. I know shilling has been bad in the past, but it now seems to be reaching some new crescendo.

So what do we use instead of Archive.is?

which ones, like twitter?

Wayback time machine

Don't be so quick to assume, their homepage has also been exploited. Treat Archive.is with caution, backup anything important you have on there. Something very fishy is going on.

I'm sorry you are too fucking retarded to read the thread and determine what s going on.

Here goes:

Someone figured out how to make bad archives that try to make your browser connect to another site, and give them your IP.

Archive.is still works.

You can still archive things.

You can still look at things that have been archived.

If you still don't understand, please go here:
>>>/gaschamber/

That makes sense, see what nationalists do and act so you catch many bad eggs all at once rather then a handful wasting time and money.

Its a passive approach but I can see it a bit easier then I can much else.

Does anyone have a site like archive.is that isn't compromised?

And I replied to the same post twice.

Now I am the retard.

Please don't gas me, einsatzgruppenführer.

Is this what the "honeypot" is?
If so, it's a false alarm. This happens every time they get overburdened. I think it's a Cloudflare page. It's been doing this intermittently all day.

...

WRONG.

No other Cloudflare site does this.

Specific pages on archive.is ALWAYS do this.

Those specific pages are spammed here, along with stories of fake habbenings, to encourage clicks.

The link goes to an intelligence/counterterr. school.

phone's ip*

people are learning about us? In a school?

Dont be daft.

This.

if I had to guess we're being studied to do either counterterrorism or counterpropaganda, the first will be interested in our general profile to do risk assessment, the latter will be interested in our demographics and how to prevent people from getting here

Well if its a school a paper trail exists from a to b with an outflow if information on a large scale.

many forms of learning exist other then school

So we've graduated to being something above an anime shitposting site. Yay.
If they've got this much time and energy to study us, they should go investigate hillary.

Then we fight. What the fuck are you scared of? Death? LOL

ALL ANONS WILL RETURN TO THE EMPIRE UPON DEATH TO THEIR RESPECTIVE POSITIONS AS MEMETIC MONKS AND HIGH CHANCELLORS, DO NOT FEAR THE TRANSITION

I knew something was fucky with that page not loading, and displaying some kind of loading animation that shouldn't exist on archive.is

I don't really care if some fag has my IP address though.

This can be prevented as follows. install github.com/gorhill/uMatrix (you should be using it anyway) and add the following rules:

archive.is * css blockarchive.is * image blockarchive.is archive.is css allowarchive.is archive.is image allow

Death is a natural thing to have, fighting that fear for the greater good is what makes a man white, but realizing that white blood must flow as little as possible for it is valuable.

Fight if you must fight, dont when you can, waist no what is precious and given.

This is how your archive.is dashboard should look like in uMatrix.

Here we see that archive.is uses mail.ru's analytics service, but the ruleset from above blocks it.

So has anyone contacted the owner yet to see if he can fix this exploit?

In my opinion that's not how it should look, although (without studying everything in this thread) it might work for protecting from exploit this thread is about.

You should really when starting out with umatrix, switch scope to "*" and disable first party then save for scope and switch back to regular scope for the site you are on. That way first party scripts are not run by default. It's the only thing that noscript does better by default, basic configuration disallowing first party. There are many reasons why allowing first party scripts by default is a bad idea. You can always allow them for whatever sites you trust and umatrix is still about a trillion times less involved to use than noscript so I recommend it.

Although I still wonder about what I experienced twice as detailed in the below post (both times were months ago, one at least four months ago, the other at least a few)

TBH it may have been not an exploit but something to prevent the site from being used as a generic web host by spammers etc? But I never trusted archive.is much because what do they benefit from being used almost exclusively by "internet nazis" with no obvious revenue stream? Then again I feel the same way about the vols here for different reasons

Also only marginally on-topic but anybody remember the imgur exploit?

I did a little research on some of the pages that linked to those bad archives.

These are the pages that clicked over to that. They look like they could have been made by one of us. Nice work CIA.

Correct. this is only a patch over the default behavior (first party everything enabled / all images and CSS enabled). But this is likely what you'll end up using: manually enabling all content requires too many clicks for casual browsing.

It does make sense to do so in a specialized profile, though (one you'd create solely for 8ch/archive.is/maybe some social media), but expect that any sites outside that will break.

They are looking for the FBI informant, or any other federal agent that's "with us" perhaps?

can you remind us about it?

Privoxy rules to do this?
Still wish we use something else more hidden, and run by us, than archive.is to archive shit

Someone injected code into imgur that caused every page view (millions) to ping Holla Forums and 4chan.

...

I've personally found that with umatrix even with first party scripts disabled by default, that I only have to take manual action for about two days of normal surfing until I've hit all of my regular sites and enabled first party (and in particular cases, other scripts/frames) and then it's nearly hands-off. I frankly love umatrix and think it's ingenious, and categorizes scripts and threats and objects etc much better than noscript which is just a fuckhuge list with no order that makes sense. I mean, you don't know with noscript which scripts depend upon which ones etc etc so it's a crapshoot enabling them to get some specific functionality.

It wasn't the same thing except it was targeted at us, it was interesting though

Privoxy doesn't filter HTTPS, so would be useless for remote images. (You could install a CA and MITM everything, but I would not advise that.)

I guess I'll have to give block everything mode a try. Thanks for the field report, user.

It might be true that some connections still escape, notably WebRTC and Websockets. What do we do about those? There's uBlock Origin Websockets extension but it is not supported by uMatrix. I'm also using "WebRTC Network Limiter", but not sure how effective that is.

Which extensions do you use?

My go to list is: uBlock origin (+ websockets plugin), uMatrix, WebRTC Network Limiter, and HTTPS Everywhere (+ a few userscripts via TamperMonkey). Should I be using anything more?

I couldn't even start to list everything, ublock has something to disable webrtc, https everywhere is good. Then I have hundreds of about:config changes that were important but frankly I'd have to research all over again to give a report worth a damn.

I'm practically stuck on firefox now due to the huge amounts of configuration put in.

SSleuth is also nice for a quick rundown of problems with TLS on sites you visit.

For a long time you couldn't let firefox update without having some new fuckery that needed to be disabled, "pocket" etc

I'm using Chromium here mostly because its sandboxing is top notch. I doubt anyone would waste a 0day here, but Firefox is the go to browser for claiming pwn2owns (en.wikipedia.org/wiki/Pwn2Own)

I really wish it wasn't so: we need a secure browser that's not backed by an ad company.

Also if using firefox I recommend running wireshark, setting your homepage to about:blank beforehand, starting firefox and seeing what connections it makes. There's no reason for it to announce that you just started a browsing session to the sjws at mozilla.

I have about:config changes relevant to stopping this, but fuck it would take some work to find it. If you really care you need to do your own looking at your network traffic.

I expect my OS and browser to not make traffic or activity when doing nothing. I need to revisit this myself

archive.is is fishy as fuck. The owner doesn't say shit, answers few questions on tumblr and says that they are paying the hosting costs out of pocket. They were going to release what are their hosting costs, but didnt.

Not to be trusted but we are fucked they are not based archive services out there. So far archive.is hasn't deleted anything, that we know of, but, they are for sure scraping ips.

Yeah I understand the benefits of chromium/blink but have never been able to trust it or even consider switching after the amount of effort I've put into my own stuff.

There are sandboxing options for firefox (firejail) or even whole OS like Qubes that I've wanted to play with (especially since I finally have a system capable) but haven't gotten around to it

what are the legal issues in setting up one?

There is web.archive.org, but they honor robots.txt. Bookmarklet:
javascript:void(open('web.archive.org/save/' document.location))

It is clever, since that loading gif, goes by so fast. I can confirm that I pull that image as well.

...

That sucks… I wounder if i could get some anons to fork off privoxy and setup blacklisted CAs to install, to replace the defaults. Because really have you seen the default CAs and who it lets in on your tls/ssl? I mean just looking under my /usr/share/ca-certificates/ is giving me spooks right now.

>javascript:void(open('web.archive.org/save/' document.location))

Legal issues are not the problem just the high server costs. An user tried to make an archive of Holla Forums a while back and it cost him too much. That was only 1 site imagine a global archive service.

That's normal, you're seeing the location for the office or whatever that the IP block was registered to. It doesn't stop law enforcement from knowing which address the IP was actually assigned to, given warrant or extralegal access to that info

Like, because you have a dynamic IP you're seeing the physical address that your ISP registered the block of IPs that your IP was temporarily assigned to

Makes sense, alright

block scripts by default everywhere

(checked)
Thanks for the script. Just started using uMatrix recently and it rocks. Is there any value to using uBlock at the same time, or do yall use uMatrix alone?

I even failed to explain it properly there, although it would be close if you replaced the final "to" with "from"

Anyways, for the average home user with dynamic IP (basically most people with DSL or cable etc) when visiting a site, assuming no other fuckery, the site can't determine your home address. They will get an address registered to the ISP. If you did something that got the attention of LEOs, the LEO would contact the ISP with your IP address at the time, a description of your crime (or just the implication of it), a warrant request if needed, and the time of the offense. The ISP would reply back giving the account information associated with the IP at that time. Because when your DSL or cable modem gets the lease for that IP address, it is associated with a username and password (saved on your modem box) that is tied to your account. The ISP must store this associated info. So blah blah anyways with the information your ISP has your activity can be correlated with your physical address (although there are still several caveats).

Hence why people recommend VPN in non-cooperating nations, because then you're hiding your specific internet traffic from your ISP and only cooperation from the VPN company (which may not have legal obligation or even desire to cooperate with requests) could reveal more info. And even then would probably not be able to get down to specific customer/address. Although it can get way way more complicated for a number of technical reasons and it's hard for even full-paranoid user to deal with all of it.

Anoonymoose, and others recommend private internet access for vpn. Mullvad considering how cucked sweden is. I don't think they can be trusted, and well when I used their service, the reliability was bad. Do you vouch for privateinternetaccess? Or should we just stick with some Russian VPN provider?

I've seen that loading shit before, but I'm connecting from a university dorm so the IP they get doesn't really matter as at least 500 other people use it.

I wouldn't worry too much about it anyway, I doubt they can do anything with the IP except collect metrics as other people in this thread have mentioned. IPs change all the time and sometimes if you use a shitty VPN, someone can use you as an exit node.

For that reason, IPs are not a very reliable method of tracking people as they can be easily spoofed, hijacked or muddled.

I can't really say, I don't even bother with that level of paranoia. Don't take my advice about VPN etc because I have what may be a naive view that I still have freedom of speech and if somebody has a problem they can take it up with me at my door.

I use both. uBlock lets you traverse the last mile of the blocking: removing crap that is served under the same domain as the site itself. uMatrix lets either everything from a domain pass or nothing, uBlock will filter by URL/apply cosmetic filters/etc.

For example, some Wikipedia sites benefit from uMatrix passing through requests to meta.wikimedia.org, but I still don't want to see their shilling for donations, so I have:
||meta.wikimedia.org/w/index.php?title=Special:BannerLoader&*

(have that in my uBlock, that is)

see:

they're privately run aka bad guys

that is a likely scenario

thanks, so we know those threads are probably bullshit

u wot

Could this have something to do the pedos saving Holla Forums cp threads/boards on archive last year? If so why would they target Holla Forums, unless it's an attempt to harvest 8anons IPs. Have we found any of the affected URLs posted to sites other than 8ch?

...

Why hasn't this been shooped to read "Racism… It's always acceptable"

It's almost pointless to look any further than Henley-Putnam. What else is there to find? They are closely associated with every alphabet and there are many papers to be found about domestic extremists, every kind of buzzword used to describe the userbse here, etc etc.

Interesting considering all of the pinned "based FBI" threads lately.

attempt has been made

If the Henley-Putnam link is correct it's just data collection regarding "potential domestic extremists" blah blah

how bout you fuckers stop derailing this thread?

not bad, thanks m8

Why would I not point out the subhuman shills in a thread started by a subhuman shill? Or any thread really, but in this case it isn't even derailing from the OP as he is among the guilty.

"Potential domestic extremists"
Because if you're interested in articles that claim that anthony (((penis))) is raping kids, that bernis might hate clinton, or that the bitches that lie about Trump groping them recanted, you're clearly a "potential domestic extremist".

henley-putnam.edu/Portals/_default/Skins/henley/images/loading.gif

They're using dotnetnuke like a skids.
Microsoft-IIS/7.5
ASP.NET 4.0.30319

Login page: http:// www.hen ley-putnam.edu/login.aspx
Mail server: 247501781.mail.outlook.com

Do anybody want to look for credentials in databases?

The code for the .gif is gone now. Did the website owner revert the changes, or did the attacker remove it because they found out what they needed to know?

Also if we say that a large botnet is to visit the links it will ruin their information and data. They can try to hide links but I am now watching.

They found out. They're watching.

It's kind of interesting if you search for the full URL for the loading image, you get a result from reddit from 2015 with a person noting "Oddly enough, the Loading image Isn't on archive.is."

Also some poo-in-loo tutorials for infinite scrolling page coding that just use the url for the loading gif in the tutorials because it's basically a free hotlinkable image.

Well, Holla Forums is already on cloudfare, so your IP is already sent to a third party.

Nah, I think the likely scenario is that this is just some more HBGary type shit where some dumbass thinks they can find info on pol users and package it up for some sweet sweet gov contract money.

XCritcs on fling.com database (related info?)
bi tcoin.stackexchange.com/users/4532/xcritics

h ackinguniversity.in/2013/02/infinite-scroll-blogger-1.html

Is it shitty copy paste or real code?

I got news for those idiots. We are the majority bub, Trump is going to get 70+% of the vote

They or (((they))) keep Holla Forums under surveillance and they found out we know.

Which also suggests we're their main focus of the attack.

Would making a script where all links you click go through a redirector like anonym.to, help?

This why folks everyone should have a VPN and use NoScript while blocking webRTC for good measure.

It's a multi-pronged, ongoing probe. Any link discussed by posters using improper grammar and capitalization is suspect.

For a quick and dirty operation, it doesn't even matter if you say, "This link is compromised," Because just by posting it, a few people will click it. It's a way to maximize short term exposure at the cost of long term efficacy.

>archive is/osfU4

The page loaded fine for me. I will have to agree with the user that said it must be some cloud fire thingy.

Either that or Archive.is is compromised and they rolled back once people started to notice

God what a fucking asshole.

techfag here, basically besides needing to noscript archive.is now, all we can really do is wait for the archive.is owner to fix this

lol

also that link doesn't appear to have the compromised code

Shit, does noone here know what "escape text" is?

EASY BREAKDOWN FOR THE TECH-ILLITERATE
Whenever you type text in a field of a website, that field may or may not be a possible vector of attack. To prevent shit like that, developers write "sanitization" code. To turn shit like "/" into some other text, like "&64" for instance.
This is because frequently, what you wrote will be posted and be part of the webpage returned to you. What would happen if you posted actual code instead of just text?
This is what we call "escape". By using using an escape character (or expression) the text you write in a form starts by declaring "all right, the text ends HERE. The rest is code" and you do all sorts of funny shit.

So what is happening here?
Whenever you archive.is something, imagine there's a fuck huge text box. And everything in the site you're archiving is automatically typed in it.
Now, someone found out that text-field doesn't have proper sanitization and is vulnerable.
So you make your site. You post something about "multiculturalism" or "Hillary killing niggers live". And then, you write a bit of code. The escape code. Followed by whatever payload you want in your attack.

For now, that payload is a simple image tag to log your IP. In the future, it might be a full blown keylogger or something worse.

It's not archive.is doing this anons although the guy running it is weird.
It's people writing sites with this shit, archiving them on purpose and linking them here.
Wouldn't surprise me if this catches on and becomes an anti-archive defense for newssites in the future.

Now if some other motherfuckers keep posting instead of reading the thread, remind them that the source of the attacks ISN'T on the archive.is.
It's on the actual sites being archived.

I'm seeing a lot of (1)'s asking for alternatives, and it seems a lot like someone wants us to ditch archive.is for another service. One that may already be compromised and controlled.

That actually cleared it up, so in response to is there any defense against this and alternative to it?

(checked)
Ctrl+F and read all the posts above about uBlock Origin and uMatrix and learn how to set them up. If you're really concerned about it, be as paranoid as possible and deal with the fact it's a little extra work.

I remember that. They even wrote "Sorry Hotwheelz :(" in the code.

Couldn't we just share those links outside to drown out the IPs they are looking for?

S H U T
H
U
T

I T
T

D O W N
O
W
N

Forgot all about that.
Nice trips btw

They would just ignore the loads of new IPs and any future ones that link catches, while keeping the old IPs.

how the fuck is that racism? i never understood that

Why are you using these cali girl phrases? 'blah blah', 'anyways', 'like'. Are you just a shitskin foreigner that picked up language from rom-coms, a cunt, a preteen, a shill, or a fucking fool. Which one is it? Fuck off back to cuckchan and plebbit with your shitty advice.

Looks like a reddit goy.

Maybe I am a cali girl? Maybe it's just late.

Got a specific problem with the content of my posts rather than the style?

>there are still people on Holla Forums who have not installed requestpolicy continued

Get the fuck out of here.

>there are still people on Holla Forums who have not installed requestpolicy continued

There's no point doing that if they're collecting the referrer info too. They just filter out the IPs from dud referrals (i.e. links clicked from outside /pol).

For what it's worth, I'm the one who created the Clinton sex crimes thread and I'm most assuredly not CIA. The archive.is link was fine at first, but a few hours into the thread it got corrupted and people started complaining. That doesn't mean the TruePundit story is necessarily true, but it does mean that someone from the outside took a perfectly functional archive.is link and fucked it up. I apologize to anyone I may have unwittingly led into a honeypot.

I SAY THAT YESTERDAY !

even some sjw subreddits use archive.is don't panic ,just inform the owners of the site on their twitter

Don't listen to the other idiots about uMatrix and uBlock.
They're well intended (and you should indeed use those things) but they they don't protect against this.

The only solution is not clicking it. We're back to warez days of shady "jenna_jameson_nude.mpeg.exe" links. You click it, you're fucked.

For a more complicated answer, (and uMatrix might give you that option) it's possible to block conections to certain sites/servers/pages.
So if that image tag remains the same, we can block it once, post the "blocklist" here for other anons and stay safe. And if all else fails, editing your hosts file is a last resort that cuts the problem by the root.

The main issue though, is that they can generate new articles, put another server/another image in the tag. They'll archive it, post it here and in the time it takes us to figure out it's a new attempt, some anons will end up clicking it.

We can always jihad it up anyway. Some of us are already on lists. Those can click on archive.is links and screenshot it/confirm it's legit.
Some anons are writing an archive.is extension though. The main purpose was diferent, but we could ask them to put a "verify" link feature. If there's an archive link in a page and it leads to a broken page, it simply warns you or outright refuses to open it.

It's time to call upon /g/, install Gentoo and cross our fingers. We're close, we're winning, and this half-assed attempt to round us up in FEMA camps is a clear display of desperation. Well done anons.

Like I give a shit eitherway, I'm portuguese, they can't do jackshit in here, nor do they care about us.

Is there any active threads with those links?

I'm a broken down wizard with a bad back, let them come. I'm ready.

10/10 assume everything is compromised and work backwards depending on your operational needs

dynamic *chan operations pfsense firewall filter when ?

It wouldn't be surprising if the person doing this had a direct connection to Hillary. They already modeled memetic spread on cuckchan to some extent in the UN (((study))) done earlier. (((George Soros))) probably wants some statistics on what he's dealing with when it comes to communities of people that don't want his pinko commie jew bullshit.

Holla Forumsack persecution if she becomes president?

As long as the rapefugees flood in then they will do all of the violence and dirty work for her.

...

So who do we have to meme out of reality over this?

Since everyone pretty much agrees this was an isolated incident, can we just ask the admins to forbid the posting of the affected archive links?

That putnam address always shows up when archive is down and then vanishes when the site is back up. I don't know what's the deal with it but it's nothing new.
Also stop falling for the honeypot meme and wait for some more info instead of falling into obvious bait like you did with Freech's "reddit spacing" crap.

Seems to be up and working this morning. Just archived some stuff.

So this is basically a man in the middle attack kf you click a bad link?

Is it strictly just IP harvesting or could it be used to load malicious code into your browser? What would that even do; most modern browsers stop you from going to bad domains or downloading without permission? Also, arent IP addresses considered semi public? Does this exploit let them have a live page that will always differ from the archive? (I've seen that you need to rearchive it to update the page)

Asking because i dont know shit, and this seems minor from my point of view

spooky stuff

Goon genocide now.

never change Holla Forums, endless giver of cringe

Let me correct that for you.

Holla Forums here

First of all you guys are overreacting. Whenever a Youtube video is embedded here the exact same thing happens. The thumbnail is loaded from google's servers. That's why you can't embed on our board.

Is someone posting malicious links archive links to track users here? Probably but this is sort of tracking is easily defeated without using an addon.

Second NoScript tracks you as well with the WAN IP protection that's enabled by default, most well known security addons track their users and sell the data. >>>Holla Forums674876 If you're not analyzing your web traffic don't pretend to know what you're doing, most technical sites giving advice are full of shit and paid to lie. And on top of all this NoScript wouldn't stop that picture from loading giving away your IP.

Protecting yourself from this attack is as simple as going into your browser preferences and selecting that only images from the originating server be loaded. By browsing this way most of the web will appear broken thanks to sites using CDNs to reduced bandwidth costs. You'll get used to it.

Well done, you just found my proxy's IP!

Seriously.. use proxies guys. I barely browse Holla Forums without one.

...

You mean TCP UDP connections?
I do that, but what should I look out for? When I started observing I found many google and apple connections without even having their programs installed. They tend to throw some shit in hidden file paths like AppData, or leave files in program files.

Block all connections.. but if things don't connect properly - try to figure out what connection is required.
I've learned A LOT about the files on my computer from doing that.

wouldn't it be pretty simple to have 8ch download the thumbnail and host it as the embed's thumbnail?

People need to use an "all sites are data mining" approach.
I do whatever I can to limit their tracing abilities.

...

He said he didn't know.

And Holla Forums tech threads are a good idea. Assange's '1984' warning warned us it's going to be harder to use Holla Forums etc without putting yourself at risk.
Clearly the corporatocracy is trying to assert it's dominance. Which is funny.. all we do is observe accessible information and shitpost.

Maybe it's Trump, trying to find qualified RWDS members.

wow it's google analytics. it's fucking nothing. also that gif doesn't exist, and that page load error is real because the gif doesn't exist.

calm down faggot

Better safe than sorry.
Train stations are expensive.

Okay reading through this thread, none of it makes sense. Other links to random archived shit also have the spinning thing. The main site is fucked as well. Plus worried about IPs? Seriously this thread is overreaction and misinfo

You have to ask yourself who get's benefited by demonizing archive.is and making Holla Forums (as well as others) to drop it entirely

Actually, it raises concerns about Google.
Google is evil it seems. Why are they exploiting client-side scripting to obtain data?
Yes they say the application requires the client to execute the program - but why is that necessary or allowable?

t. technical puppy

This is ultimate unwarranted self importance. Archives that are innocuous and have never even been posted here are also broken.

actually i take that back the gif exists, but the rest is still google analytics so still nothing.

because it gives the site owner's more data about their users. sometimes that is useful even if you don't like it.

He's got a point, though.
it should at least be looked into.

I have the QuickJava add-on for Firefox + uBlock Origin and I started to see a loading screen on some Archive.is links a few days ago. I've never seen that before so it's a fresh trick / exploit. A page on Archive.is shouldn't have any JavaScript trying to load.

If your browsers don't have an add-on that enables you to completely disable JavaScript & Java go get one today and only turn on JavaScript when necessary.

Also: people shouldn't only post an Archive.is link. The original link should also be posted.

It seems Archive.is has been slow to load these past few days. Maybe there's too many people using it? Yesterday evening I couldn't load any of these pages:

archive.is/http://www.wsj.com/articles/secret-recordings-fueled-fbi-feud-in-clinton-probe-1478135518

But this morning I can without any problem.

Fuck off.
I use Holla Forums and archive.is in a 'business' deal like fashion - aware of their potential conflicts of interest and scrutinizing them to make those conflicts are visible to me.
I largely trust Holla Forums, but not entirely. You should never trust anything on the internet without scrutinizing who you're dealing with.
Otherwise they'd potentially fuck you over or mislead.
I doubt Holla Forums would do that, they've done a lot of good work. So has archive.is.. just making a point about mindless trust on the internet.

.. don't they usually have different URLs than that?

claiming ID ed9a4a, I got disconnected

when the site is having issues and that henley-putnam thing shows up none of the links work, it doesn't affect specific archived links.

there's no reason to post direct links, you can still use archive.org as an emergency alternative

Me too, what was that?

Not requesting from that website anymore?
Cant see anything with RequestPolicy

Maybe just a coincidence, I get dc often because my internet is worse than Zimbabwe's. Their gorillas have better connection than me

It only requests stuff from that site when archives is having problems.

What do you mean by problems?

Straya?

Fucking hell I hate our internet.

This.

What's that? it's in the source code in those links, at the very bottom:

//top-fwz1.mail.ru/js/code.js

&

img src="//top-fwz1.mail.ru/counter?id=2825109;js=na" style="border:0;" height="1" width="1"

it looks like it's in every Archive.is page

So if no links work and sites fucked and "loading" forever, why would it be tracking on every archive link and innocuous stuff? I'm confused here.

Just to be sure, connect to your VPN and look online for an IPV6 leak tester. Always important to know you're not leaking your real IP.

Ebin.

Just install a firewall and check the logs regularly, you seem to be on the right track asides for using Windows. If something doesn't look right investigate it. That's how I found out NoScript was contacting a server in Italy. The deeper you go the more you realize that major browsers spy on users by default.

Every URL you access in Firefox or Chrome is sent to Google under their 'Safe Browsing' initiative. There's also telemetry data to be concerned about.

No, it's technically possible but violates their API. They could block 8ch like they did NicoNico. Tracking where their videos get embedded and how many people see it and either watch or don't watch it is worth money to them. They're not allowing sites to embed as a public service or to promote their brand.

Like when it gets stuck with the spinning thing and prevents you from archiving or reading archived links. I have uMatrix so I noticed every time archive goes tits up that spinning-thing requesting scripts from henley-putnam shows up

I didn't mean posting a direct link to the original source but at least we should know what the source is before we click on an Archive.is link which means posting a broken link to the original source next to the Archive.is link is a good idea. And sometimes people here mask their shitty source / click bait website by just posting the Archive.is link.

I don't know why, maybe some fallback page with leftover script? Maybe used to track how many people where trying to access it when the site goes down?

Most OSs including free OSs are apparently backdoored.

I treat my computer use with more care nowadays. I avoid connecting wireless connectors to my desktop computers and disconnect the internet when doing something important that can't be seen. If it's extremely important and doesn't need a computer - hand-write it.
That being said, I don't really have anything of that level. yet.

No they're not. All it is will be autists spurging out trying to sound smart when they dont understand a god damn thing they're saying. The dunning kruger effect here is massive. Case in point is this very thread.

I always hated clicking on archive.is links, there's no fucking way of knowing what's on the other side.

ISN'T THIS JUST PEOPLE ARCHIVING MALWARE/SPYWARE SITES AND LINKING IT?

Exactly.
It's where real tech nerds tear them to shreds. I take any tech knowledge inaccuracy on the chin. It really helps learning how computers and the internet works.

I suggest the "Privacy Settings" addon for Firefox.

Haven't seen that. Only seen this top-fwz1.mail.ru/js/code.js
which is a shitty tracking script

The loading gif just seems to be a loading gif.
Nothing strange about it, just that it is hosted on another website
t. sysadmin

Not only will that not help, but it's worse.
liltinkerer.surge.sh/noscript.html

So.. Tor is compromised?

Why… would you use either of those browsers over tor?

No.
There are settings in Firefox in about:config that you can use to disable this.
Tor Browser disables it

That sounds strange to me user.

I just checked the source code of that Archive.is page that OP is talking about and I don't see any henley-putnam.edu image or any Google analytics script.

Is it because I have JavaScript disabled by default?

What do we use now?

Go load any news website
I guarantee 5+ tracks scripts and dozens of instances of content loaded from other websites

I rest my case

Bullshit
The code is open source

The malware thing seems to be bs as when I load up the website with a Windows computer, nothing different happens, no banners

The AdBlockPlus thing is inter fighting over competition, nothing particularly super bad about it

Does it not seem strange to anybody that archive.is offers (so far as I can tell) unlimited storage space to document virtually any requested web page, and with no visible ad support? And with how heavily we use it to archive articles, threads, and twitter posts…

If that's correct then we have a far bigger problem than we thought. I doubt those sites simply link to a gif file. Clearly there's something in it for them - that's why they get sites to load data from their site.

Either the masses need to learn about this or it needs to be better regulated.

Not quite, because I bet the person who started it did so with the intention of 'digger's' storing the data. Why would he want that? Because they dig into the tyranny of governments.

That said, unless the guy is wealthy - he aint doing it for free.

reddit.com/r/linux/comments/55n860/noscript_is_harmful_and_promotes_malware/

Everyone should be running NoScript at all times.

...

I take that back, I'm not wealthy and I dig into emails for free as part of a hobby and a stupid sense of duty.
But the guy that made archive.is needs at least a half decent wage to support that site - or many donators.

this is what you get when you visit time dot com (there's probably even more, I have other addons blocking stuff)

I know they've been a tyrant for a long time. Mainly because a lot of politicians are blind to what they do.

most of is used for analytics/user data to sell to advertisers, etc
So yeah, it is a problem
Wonder why these kinds of privacy/security software are created? To stop them, but of course the average user is not aware and does not care

Top comment explains why that's bullshit.

Use Tor.

I am aware

Also found this:
news.ycombinator.com/item?id=12624000
not malware but unwanted software which takes 6 clicks from the original ad on noscript

actually there are plenty more scripts but since no$script blocks most of them they don't show up on umatrix, here's cnn for example

You mean the privacy/security software on our computers?

The issue is if a site requires an application to be open on the client's side.
Wouldn't that potentially render it useless?

Yes, browser addons included

d-daddy spoonfeed me more what does this mean? f-fucking joos!

This is where you really need to know how these scripts are structured and how they work.
And that means studying programming and languages.

btw there's an addon that helps minimizing tracking through cdns

addons.mozilla.org/en-US/firefox/addon/decentraleyes/

github.com/Synzvato/decentraleyes

this way you don't have to connect to google and the like on 80% of sites, since most of them use cdns to keep down hosting costs

You can already get a basic knowledge of how they work without needing programming skills

Posted the thread on Holla Forums, but that board is completely compromised. Later posts in this thread that look extra shilly, that's where it's coming from. They used to just be normal autism.
>>>Holla Forums675465

Stop lying, kike. Go ahead, try to make a new archive, even of a twitter post.

>>>/reddit/

The only sperging is from Holla Forums shills like you.

Why don't you make like a banana and fuck off?

Most of us never learnt to the necessary level in high school because boomer teachers are fucking retarded.

I know.
I use:
uBlock Origin
DecentralEyes
NoScript
RequestPolicy Continued
Privacy Settings
Self-Destructing Cookies
Random Agent Spoofer
and sometimes uMatrix
pretty good list tbh

So fucking teach yourself, cuck.

That's my point. I don't think that's good enough and our education system needs another overhaul.
After we eliminate the subversion.

(((b456f8))) is one of the goon shills from Holla Forums, filter it and move on.

nigger wtf are you doing

What do you think I'm here for?
Asking questions is part of learning.

I'm not just using what anons are posting, I'm looking up various sources about the programs mentioned. I find Holla Forums helpful in steering the ship - but sometimes I need to check the map just in case.

I know, but sometimes replying to shills helps your own thinking. Otherwise they inadvertently condition you by ignoring what they say.

Sure, take it with a pinch of salt, but don't simply ignore it. I've had some good arguments with what seemed to be CTR believe it or not.
They stopped responding when they started to realize something though - that's conditioning for ya!

Holla Forums got overrun by freech and butthurt Null drones last time I checked it

I used to get memory leaks with that until I swapped with umatrix

I came here from front page, lmao. Are your fee-fees being hurt?

Who am I being paid by, pray tell?

A free-thinking, enlightened individual such as yourself should already know this. If you don't know what XSS means, you deserve to suffer the consequences. Not like you're not already vulnerable and being tracked.

It's so funny to see you fucking retards being brought down to earth for once by the realization that no, you can't lift for shit. No, you're not that fucking smart. Sorry, most of you aren't worth more to society than a sandnigger immigrant.

here is //top-fwz1.mail.ru/js/code.js

pastebin.com/g8VkiXjQ

Question anons, was this happening way before the fibby twatter page drop, or does this coincide in anyway?

So you just block any third party connections for archive.is, right?
Swiss here, I don't care that much too, but injecting foreign stuff into my sides isn't pleasant. huehue.
There should be an extension with an attached DHT. I think that we could use the Bittorrent DHT and simply make a hash of each site snapshot and store it into the DHT. Futher, if any IT-fag reads this, look into ipfs and cjdns. IPFS especially could be used to store archive.is-like snapshots and make them available as long as needed. The problem is: All decentralized proposals are chatty. Right now, archive.is sees all, but we don't know who accesses what. IPFS over tor/cjdns works about the same, but each node has some knowledge. And if they set up huge nodes (like in tor today), any big actor can snoop on us.

My approach is try to lay low, reduce your footprint to what's practical, assume you're being tracked.
Clearly you didn't see the posts saying "tech pleb" or "tech puppy".
We know we suck. But we're becoming eager to get gud.
Now you're just being a meanie weenie.

Up to two years ago, before they analyzed who blocks what it was a safe bet to just block any content you did not like - and you weren't any more visible because of that. Any basic knowledge of how the Internet and the www works was sufficient. Now the only thing you can do is to mimic a blind person, because their setup filters A LOT by default. If you just dabble here and there, you are on a list somewhere. And if only as "doesn't like adverts/non-conformist".

upon closer inspection appears to be loading a Shockwave Flash object

oops accidental sage. polite bump

...

Russian?

I don't really blame you guys, because this is shit a normal user doesn't need to know. It's more for the tech wizards and neckbeards that have sex with undefined procs.
But I just wanted to let you know that that sentence hurt to read.
It's okay user, you didn't mean it. But it still hurt.

Ah, yes, laying low by posting from your home over clearnet using google chrome.

No. You're eager to be spoonfed, that's why you're lazing around in this thread. That's also why so many of you faggots are overweight and don't even know it.

You're far from the worst here, but even you believe your own shit.

Delete all archive.is page links here.The enemy is matching the IPs they hacked from the archive.is with the archive.is links posted here.
Dox to come soon.
Your reputations may be at risk!!!!

Do you have anything useful to write? Or even anything funny?

Got no time.
A few weeks ago I noticed archive.is redirecting to .fo

It triggered Firefox unsafe page

Archive.fo is bad bad bad

I am a very active archiver of pol threads but since then I stayed clear for the most part.

On archive.fo if you then go to archive.is it will not redirect back again.

maybe. FQDNs can be assigned to any non-CIDR IP address.

who owns these blocks 217.69.133.* (my DNS is resolving top-fwz1.mail.ru to .145 on that subnet)

Let me guess, tomorrow by this time, you're gonna tell us all about this new site that propped up and is a 10/10 alternative to archive.is, right?

Man, you're either a stupid, tech-illiterate CTR faggot, or you're just stupid and tech-illiterate

Wait a tick..

Hahahah Maybe Clinton might have difficulties taking out the site if it's backed up in Russia.
Not totally sure if that happens using that script - but it sure would be funny

What part of actively going to site and observing the thread is "lazing around"
Just because it's not an official source of information doesn't mean it's not a source of information.
This thread is like training wheels to me.

My shit don't stink I'm perfect.

Official explanation for .fo is something about https not working with .is for some shit reason, and something about having a backup domain if whoever owns .is is a faggot like whoever owns .today.

No
Just us a proxie like me for archive.is

I thought that a tech literate guy loke yourself would know this,so i left it assumed

WE HAVE IDS SHILL

duh.shill

well i just looked up 217.69.133.145 in a few different places and all seem to indicate it is Moscow, Russia and owned by an LLC.

There is no fucking way I'm going to enable Flash and load the obfuscated object in that javascript. Anyone got an air-gapped sandbox to test it out for us?

...

jesus christ why do you tards keep on using terminology you clearly have no understanding of

...

...

WHAT DO WE DO ABOUT ALL THE THOUSANDS OF PAGE LINKS WE’VE ARCHIVED BUT NOW CAN’T GET THE ORIGINALS OF?

I'm still pretty new. Do you have a link or an image about proxies/vpns/other steps that should be taken to aid safety & anonymity?

...

Comcast air-gapped my machine when they suspended my account

So.. they linked a proxy IP to another proxy IP?
Sounds silly.

Oooookay this is getting a bit out of reach for me. Cheers for the help in this thread.

Yep.. I probably should come back after I look some things up.

That wasn't me user..

I used search engines to figure out Tor as it was reasonably straight forward. Holla Forums has alot of guides. Go to catalog and search for 'infograph' or something. I also recommend reading a little bit about how IPs work.

if you're too retarded to figure out how to get the Shockwave Flash object onto an air-gapped machine to test you're too retarded to criticize my suggestion.

Just use a public wifi and a crappy spare computer. There are more practical solutions if you need them user.
That's why people physically destroy hard drives rather than "wipe them clean".

What the shit?

Sorry, here's your (you)

I was just pointing out how astute your observation skills are :^)

I call bullshit. Pic is screenshot of page with all of the data which it loads.

Where is first pic from OP from?

t russian, using jap VPN, IDK about IPs or browser fingerprint

They do that because you never wipe a hard drive clean unless you format your drives and replace every single byte with trash data. Even then, there are pointers that would allow access to some of your "removed" data. Destroying hard drive is the only way to destroy your data. Destroying it thoroughly, of course. You could probably still get a lot of intact pieces from a drive you dropped on the floor or drove a weak magnet through.

What do you mean?

What do you mean?

Or use Tor. We could set up a new archive.is and archive the archive.is pages with that.

I don't think he knows the answer to that question. Nice dubs though.

If you'd bothered reading the thread you'd seen that the extra image was removed shortly after the thread was made exposing the fact.

I am certain the owner of archive . is knows about this and allowed it. He is a cuck of the third degree, some retard who hates borders. He once blocked the archive site from being used or viewed in Finland for over a year because he was triggered that he was stopped on Finlands border when he tried to illegally cross it.

Also I'm not so knowledged about all this to know what this means, so someone explain to me clearly:
I have opened some archive links and two or three times recently it had the loading screen. Is this bad and do I need to do something? Do I have malware now?

Considering my friends used to call me "mr bump" I kinda doubt that.

So why is Holla Forums safe to be on, but not archive?
THat is, what keeps them from finding logs confirming we're all Russians when Deurete personally executes notorious druglord and meme seller Hotwheels?

archive.fo is working for me now

If you guys are interested try megalodon.jp its a good archive service by nips
megalodon.jp/2016-1104-0052-40/https://8ch.net:443/pol/res/8057875.html
gyo.tc/1CvPV

did anybody even tried reaching the archive admin? I once emailed him and he answered within 2 hours

it works the same way as archive.org, as in it deletes stuff on request and doesn't work on pages that specify it on their robots.txt file

Learn to meme.
No one has that amount of balls here, you fucking kidding?

An unknown party may know that your IP accessed the pages with the loading .gif. Make of that what you will.

It's gone now but you might want to add henley-putnam.edu to your uBlock filters in case it comes back.

Wow, so you dumb niggers will post actual links in the future?

fucking degenerates

see: en.wikipedia.org/wiki/Main_Page
it's a fucking link. use it.

Archive.is does not use robots.txt file at all because it has no obligation to do so.

The russian javascript is still there though.

By the way, isn't Archive.is down now? Looks like owner is fixing something.

That's why I was talking about archive.org and megalodon and not archive.is

nah it's still up and the russian javascript is still there

who gives a shit? it's legal to browse 8ch, it's legal to post on 8ch.

if it's illegal to READ "hate speech" i don't give a shit about breaking the law. ideas are NOT illegal, and any law that claims they are will be steadfastly ignored by me.

What would the even try to pin on us? We didn't do anything Illegal, are they just going to try to slander us with "These people are Nahzees!!" Even though all we've done is chat about shit in a politically incorrect way, besides /ourguy/ will be in Office in a few months, so that shit would run off us like water

Probably cause he's a Holla Forums user.
kek.

They won't be ignored by the executive branch of government though.

Have you not read the emails?
They'd lie through their teeth to get rid of people they dislike.

Take screenshots instead of archiving.

I wouldn't do that though.
I'd coerce them into doing something useful. Because I like free speech :^)

In America.

Again, in America. The attackers could be targeting third world cucktries like Germany. With no solid evidence so far, any theory as to the attacker's motive is potentially valid at this point.

I screencapped it when it happened. Oct 18th the redirecting started for me.

That tune is so familiar but I cant place a name on it

how do you force a vpn connection on windows?

Or should I go back to linux mint? If so, how do you force one there?

Best option would be to use qubes os but it's still not as smooth as I would like.

also, I mean force it for ONE browser only.

...

You kidding me?
House of the Rising Sun made commercially successful by The Animals.

Are you able to name every single song you have heard in your life if you hear it again without the name? Ive heard this song at least a hundred times but could not remember the name because this oscilloscope version had no lyrics

It's called having a good memory and not being a drugfag that burns his brain on feel goods.

Actually I have a degree of audiophonic memory. It's not perfect, but it's not bad.
I also have synesthesia and perfect pitch.
It's so perfect I failed a music test because the answer was flat to what was actually played.

Another thing:
(wiki)
>It's about a whorehouse
I find that funny and somewhat accurate.

Wew lad
I don't drink, smoke, or take drugs. I don't even drink coffee. Never have. I live and die for the God Emperor.

You're legitimately an incredibly autistic faggot if you somehow connect not remembering the name of a song with drug use. We'll probably end up having to gas annoying moralists like you in the future as well, otherwise you'll bitch like a woman for decades.

So is this thread worth the sticky or is it just shitposting now?

Fucking HERETIC. I will put in my body anything condoned by the Adeptus Mechanicus. As soon as possible I will replace parts of my body with machinery.

I will stop you.
By doing that first and subsequently enslaving the human race in an AI fashion
MUHAHAHAHAHA

Some shit reason is our russian government which blocks HTTPS for certain sites silently.

t. russian

P.S. By the way, the owner spoke russian when I asked him about network problems.

Good luck enslaving devotees of the Omnissiah Fucking heretics…

archive.is/bm7l6

Archived a random CNN article.

Again. Never really enjoyed warhammer. When you've got perfect pitch - your major hobby is usually music because of it.

You didn't read the thread. An user found a definite link between Petrov and Henley Putnam, so the threat is definitely from archive.is itself.

ohh no they have my ip….so does my isp..and thus every government out there.

whoopity dooo

wew

You didn't strike a nerve, every word I said is truth. Including the part about the world not needing faggots like you. Wouldn't be surprised if you're a homosexual.

Check this out

Yes I know nothings going to happen. Why would our jew masters that are playing 5d chess want to disrupt their opensource intel projects on the internet. They are layering currently and taking out their own bloat.
They are creating a more leaner structure in giving you your facade of hope for 4 or 8 years in the form of Donald Trump. Then whack they have a new enemy. (which they require to have to create consent to be able to do what they want to do-which is take full control of the west).

...

Which page did you find that on?

When did that happen?

A year ago.

WHY AREN'T YOU USING A VPN?

https:// thatoneprivacysite.net/
FIND ONE WITH THIS GUIDE

DO NOT USE FREE VPNs

Holla Forums uses Cloudflare. You're already on a list, faggots.

...

Boo-hoo. One more to add to the collection. Jokes on them- I just like to gain knowledge in my eternal quest to simply wait for death to take me, so tracking me is pointless.

Anyone use any of these to hide referrer on links before? Just curious if they're an option..
https:// href.li/
http:// www.nullrefer.com/

All nihilists should be hanged tbh.

Just because I'm waiting for death doesn't mean I'm a nihilist. Death is certain. It's not like I'm doing NOTHING- I work, I have a house, I do stuff, I try to contribute as much as I can on here. I'm not saying life is pointless, just that death is inevitable and I'm here as I would rather not perish unnaturally from a nuke.

Spooky ID though.

FFS, if this turns out to be the IRL version of TrollTrace dot com…

The effort will be similar to Dick Cheney's document shredding bonanza in the wake of the Iraq war. It's all but certain a paper trail explaining the (((real reasons))) for the invasion of Iraq existed, but there was no way in hell any of those Neocon dickheads was gonna get caught up in a modern day "Pentagon Papers" scandal.

Maybe I need to go back to using Ubuntu. Or is that fucked now too?

FFFFFFFFFFFFFFFFFFFF-

Habit for off topic.

You sound anally ravaged. Maybe you should try not forgetting simple things and lashing out when you get called out on being a retard.

YOUR RED TEXT ISN'T RED ENOUGH, TRY HARDER!

LOL and try to speak english next time

Oh so you finally found how to switch your IP address with your VPN?

No, answer my fucking question.

FUCK, HOW DO YOU KNOW THEY HAVEN'T EXPLOITED YOUR SYSTEM?
I'M PANICKING M80S!

No one's going to load a 500x400px image and make it cover the entire page if they want to use it to log IPs. They're going to use something like pic related.

Fuck off back to Holla Forums, kikes.

Now is not the time to correct anything. Though I will say you are pretty tenacious for a ctr shill. :^)

OK so I read the whole thread and this is my TL;DR

A)
Apparently when Archive.is has problems then for some reason the script OP mentions appears (the henley-putnam.edu image link + the Google Analytics script). It coincides with the whole website slowing down or being temporarily unavailable. Which one came first, the 'problems' with the website or the image + script, we don't know. Then things go back to 'normal' and this image + script disappears.

B)
It looks like there's a JavaScript + a link to an external russian website in the source of code of every Archive.is page (I only checked 4 pages but each time it was there, feel free to check 10+ pages if you want) user here calls it a shitty tracking script and user here says it's "mail.ru's analytics service".

If someone can answer the question "Should we be worried about Mail.ru's analytics service?" it would complete my TL;DR

try Archive.org ?

Here's the problem. I DONT GIVE A SHIT.

If these scum know me I'm actually fucking delighted. They need to fear us and not the other way around. The need to know the citizens our their country hate them.

I will not scatter to the shadows like a fucking cockroach. And I'm disgusted that many of you will. Do scared someone might find out your opinions? The fuck kinda people are you? Spineless.

Hey NSA…FUCK YOU! You betray your country and it's people.

It's an IP fro a VPN gateway. They can have it.
I'm also using a forged referral so they can have that too if they want it.

The mail.ru script is common enough to be on block lists, so probably nothing to worry about.

The mail.ru script is gone now too. Before it was removed it tried to load a script from a remote server if it could or it displayed a 1 pixel transparent gif if it couldn't. It also placed a cookie.

Yeah, we heard of him.

You're a big guy, though. DIA?

Holla Forums shills are going all out in calling Holla Forums "tinfoil" and claiming this is nothing, goyim.

You're a big guy, though. DIA?

So as anyone contacted them? I contacted the owner before for other security matters, I have the email on speed dial.

He's quick to reply, but let's not spam him either. I'll be preparing an email just in case explaining the whole thing.

One way to use archive.is and not worry about being tracked by a 3rd party would be to use curl:

$> curl -i -d "anyway=1&url=#{url}" archive.is/submit/

If that request returns any compromised html — like that henly-putnam image or google analytics script — it won't matter because you're not in a browser which will make those requests automatically.

The response will include the generated archive.is url.

Note: You still have to trust archive.is though, and they'll still get your IP by default just by sending any request, so you should be using a VPN regardless if you don't want to expose your IP to sites like this.

Guys use a VPN and plug in some proxies into your browser

VPN is extremely easy, you can do research to find a good proxy source

my ping is >35ms using both

it is not expensive

Why they do it? Think of archive.is not as an archive site that you visit so you don't give clicks to the original site.

Think of archive.is as this:

Jewish spy makes the site, yourip.is , then a cuck like you uses yourip.is and archives this thread: 8ch.net/pol/res/8057875.html which gives a link:

yourip.is/1488 which you post around the internet and other cucks visit too.

Jew sees IP of the one who archived that, then sees what you archive Holla Forums .. hmm, this is interesting, he will monitor whoever visits yourip.is/1488 and save all the IPs.

Then jew spy gives the list to a bigger kike that does a search for the IPs on facebook, twitter, linkedin, amazon, google, wikipedia and all other jewish owned sites. Once they find an identity, it makes your profile and then sells that information to other spy agencies around the world.

If you are posting with your real IP you might as well be signing your name , with the last 4 digits of your social at the bottom

It's troubling people even attack the idea of using a VPN here. It's like the cost of a cheeseburger per month maybe less than that

That being said, you shouldn't be scared about it, just … it is obviously not a great thing to be doing. Why would you? There's no reason it can simply be avoided , easily.

Holla Forums here.
We've explained what's happening here, but apparently because you are all fucking incompetent and/or mentally ill, you keep shitting up the thread you made on Holla Forums.

archive.is isn't compromised. What's happening is a periodic check for uptime that's using redirects, and hotlinking an image that's not theirs for some reason, but that's what's happening.
blog.archive.is/post/131808179241/private-policy

You can stop shitting up our board now, and your faggot mods can go fuck themselves for being so god damn stupid that they're probably going to choke to death while eating.

Thank you.

Holla Forums

Oh look, another shill.

k lad, have it your way. I'll save these threads for my own and others entertainment, as a history lesson in why Holla Forums, and the incompetent as fuck mods, are fucking stupid.

kill yourself freech.

Dear retard who thinks he represents Holla Forums,

Kill yourself. There is no need to be serve this page (listed in the OP) instead of a simple string of "Archive.is is under maintenance" when people look at an archive. RMS would be disappointed in you.

Singed,
A Holla Forums user.

...

Or you can submit it with your browser and copy the generated URL while it's processing, as it always takes a couple seconds, and obviously close the page right after. Easy to do from any browser, and handier for Windows servers who can't curl.

STILL IF YOU'RE LOOKING FOR SECURITY MAYBE YOU SHOULD FUCKING INSTALL LINUX ALREADY

Seriously at this point there's no reason for any neet in here not to put $40 in a fucking raspberry pi and everything, put Linux and learn how to use it, and then browse the intertubes on it. And then a VPN isn't that expensive. Or you can literally rent a server to some big provider and use it to relay your traffic VPN-like, on top of doing plenty other cool stuff on it, like hosting your own mail server, backup critical data, torrent stuff, whatever.

Vidya has gone to shit anyway, there's no more reason to be on Windows, stop resisting.

Esteemed fucktard,

I'm not the czech who made archive.is
I don't claim to know how how his architecture all fits together. This is an educated, correct, guess.
Considering it's periodic, because I can't reproduce it even after mashing curl for 10 minutes, and it's the whole page, it's probably using 302/301 redirects which explains the "loading" image, and it matches the privacy policy on archive.is "may use google analytics".

Thank you, and back to your regularly scheduled mod dicksucking contest and the nine other stickies.

...

And now shilling for linux.

Get out.

Go back to your fizzbuzz,creating logos and whining about pajet.

This will probably continue happening whether you know it or not, someone just decided to view source when they happened to get hit with what I assume is the periodic uptime check.

You niggers are fucking retarded. Straight up.
And yeah, your mods are retarded as well. They don't know what they're talking about, and throw out buzzwords like 'honeypot' and 'compromised.'

Fuck off, retards. Stop shitposting on Holla Forums.

Shitskin detected.

You're a kike disinfo agent and your board is a miserable pile of autism that couldn't get a job or meaningful existence out of your worship of obese jews if your life depended on it and your parents cut off the gibs and tendies.

Well who would shill for Windows unless they play vidya, use niche software, or don't know how to linux.

these are not the owners of archive.is, these are the nsa or cia bogus university front who are collecting email addersses from the 1st to archive a trapped page and anyone who tries to go to the link he sends them
they WILL be aware of what happens, but you are not cleared to obtain informations about it and you're a very bad goy for asking

You sound really upset over the fact that you're being made fun of for being incompetent.

Not at all, really. This image link has been copy-pasted over the years.
google.com/#q="henley-putnam.edu/Portals/_default/Skins/henley/images/loading.gif"

Oh hey, look here:
reddit.com/r/KotakuInAction/comments/3m6cgs/whoa_archive_today_is_currently_down/#cvcd632

This conspiracy goes deep, goys. The jews are using time machine trickery on us.

lmao
jk you're all fucking retarded

yeah, definitely saving these threads just to show how fucking stupid Holla Forums is

...

just stop you look like a retard

It's stupid but so is hotlinking to any image.
When people would do shit like that in the past it'd tend to be replaced with the goatse.cx image.

This whole fucking thread is filled with retards, yourself included. Which is why it's going to be entertaining to frame and display as a prime example of why Holla Forums, and the fucking retarded mods of this place, are drooling fucktards.

AND WHY IS IT BEING INJECTED INTO ARCHIVE PAGES WITH A GOOGLE ANALYTICS SCRIPT
You are dancing around the actual issue like a true kike.

ID:0b8354
ID:522869
Holyshit look at these two goys.No wonder Holla Forums has so many shills shilling for their products.

Do you understand how stupid you sound when you say the equivalent of

Because it's an ability to check for uptime, and it's mentioned in archive.is's privacy policy. It's been that way for years.

Additionally, the tracking pixel is also periodic. It's using this service:
top.mail.ru/

I've seen the tracking pixel but have yet to reproduce the google analytics uptime check.

You're using a free service and are complaining about the methods the guy uses to quantify uptime and browser statistics of visitors to his site.

If you don't like it, don't use it.

It's not any stupider than drooling retards not knowing what they're talking about, believe me. The thread on Holla Forums is embarassing thanks to kikes like you, and this thread is even more embarassing.

Maybe your dumbfuck mods shouldn't be so fucking stupid and jump to conclusions about "honeypots" and "compromises" when they don't know what you're talking about.

Maybe one day, though, some neurons will light up in your faggots heads.

Godammit its so obvious you are a groid with each post you are making.

...

kek this groid probably got banned by the mods so he is on a tirade.

I'm not a dumb faggot who opines about shit I don't understand while stickying a thread on Holla Forums about it and shitting up multiple boards with my retardation.

You should try bashing your skull against a wall, maybe the remaining brain cells will flicker on before they finally die. Probably your best shot.

No.
Speaking of which, you faggots are dumber than sub-saharan AIDS niggers who fuck babies to cure themselves.
Quite a feat, really.

Holy fuck what has prompted you to become so angry? No shitpost I've ever seen has created such insane anger and key slamming like you're likely doing at this moment. Grow the fuck up you baby.

Your faggot shitposters come to fag up, and when what was actually happening was pointed out they went into a sperg tirade and started shitting up the board in damage control and offense when people started bantering about your shitty mods and the sad state of Holla Forums in general.

Gas yourself.

fag up Holla Forums, rather.

Thanks OP. I noticed this over the last couple of days! Luckily I don't keep my internet connected 24/7 and I do wipe my browser cache every day so I should be alright.

Read:

This has been happening since 2015, probably earlier. Proof:
reddit.com/r/KotakuInAction/comments/3m6cgs/whoa_archive_today_is_currently_down/#cvcd632

If you say so.
Nah, I've never been banned, it's not even worth it to post on Holla Forums, the mods will just scrutinize my posting history whenever I say something they don't like and probably ban me though, I agree.
Definition of a hugbox, btw.

...

It's been happening this whole time, because it's exactly as has been described in this thread.
It's a redirect to check uptime. The tracking pixel is a tracking pixel, using mail.ru services, when you disable javascript.

I am so sorry that you are such a drooling fucktard who hangs on everything your retard mods post that you're unable to rub rocks together, faggot.

It doesn't pan out, kike.

why are you so ruffled user?

Nothing pans out in your retarded world view because "archive.is hotlinked a third-party image on their google analytics redirect page" and "archive.is use a tracking pixel when javascript is disabled to track user-agents and where traffic is coming from" will never be a sufficient answer for an individual who is stupider than AIDS infested, babyfucking, sub-saharan niggers.

I quite enjoy schadenfreude, actually. Not upset at all.

Is the archive.is code base open source or based on some other open source project? Is it possible to easily deploy a work-alike site using existing code?
Putting all the archiving eggs in one basket is a bad idea. Archive.is has been useful but we need alternatives and ultimately a decentralized mechanism for archiving things that's difficult to subvert, destroy, or weaponize.

use IPFS

It's not a sufficient answer because it doesn't explain why it happened and why it's injected by a suspicious third party that just so happens to make the site no longer work you miserable fucking kike.

IPFS could be a potential storage backend, yes. I'm talking about the front end portion and the archiving code that does the heavy lifting.

It has been happening since 2015 because it's a way to check uptime, and the tracking pixel is a way for the admin to glean browser statistics.
If you don't like it, don't use it.
Nothing is being "injected", you retarded sack of shit. Your mods are fucking retarded. You wouldn't even know where to begin when it comes to MITM, if you want to talk about injection, Holla Forums is "injected" all the time with cloudflare bullshit and you take that right up the asshole, because you're a fucking retarded nigger.
However, in this case, nothing is being injected into archive.is. It's intended.

Go ask the IPFS thread, an user had an archive script that could be easily exposed to the web.
And keep your fellow faggots under control. They're seriously insufferable.

...

Not happily, and I'll call out the fucking retarded administration when it's relevant.
At least they're not as bad as the Holla Forums mods, they could've turned the whole place into a hugbox.

...

Why not both?

You should only see the image if the site is down or the redirect doesn't happen, probably. Thus

I'm really done explaining this very simple process to a fucking nigger. You're just going to keep repeating the same thing over and over again "it doesn't add up!!1" "muh university!!!11" "muh dik!!11".

Maybe you shouldn't listen to your retarded faggot mods, they don't always know what they're talking about.

...

So if you don't have javascript enabled, what's the damage?

They get the IP, but don't know the archive visited? What harm would that allow to happen?

Until it's solved, use other archive sites. Going without archives is a much worse problem.

I don't even see a mod post in the thread

This guy sure is salty at the kike mods look at him type the anger,the rage I bet you are off your blood pressure meds.

Why is the tracking pixel being loaded from a domain owned by a suspicious "university" with ties to numerous alphabet agencies?
Google Analytics I can understand. The mail.ru tracker I can also understand. These are very transparent and obvious analytics tools that make no effort to hide what they do and are used by many websites.
However, thus far no one has uncovered a good reason for the way the tracking pixel is configured *aside from nefarious tracking & profiling reasons!*

So what's your role at archive.is?

I'd say being datamined is a much worse problem than not having an archive.

Tracking pixel does not requires JS. They can get your IP, which archive you visited, and the timestamp.
This could be another one of many documented efforts at mapping chan social networks, user behavior, and information dissemination pathways.
It's probably not a precursor to getting V&, but it definitely looks like an effort to observe and study. Even without knowing Holla Forumsacks' real identities, correlating their travels and activity online could be very useful.

The "damage" has been happening since 2015, probably before.
There's no real honeypot, and instead they're hotlinking to a third party image.

A mod edited the post in the thread that lead to this, and they stickied this thread.

The "tracking pixel" is loaded from mail.ru, it's a mail.ru service.
Yeah all that user-agent and nation data.
You're so fucking stupid that you're confusing the two things, so your opinion doesn't really matter.

Let me explain, one tracker (meant to track uptime, presumably if it doesn't redirect) is done with google analytics. The dreaded "university image" is hotlinked from a third party, and that URL is copy-pasted all around the web for years. It's meant to display to the user that the site is "loading." It may never complete, and thus the site is down.

The other is the tracking pixel, which is only enabled if you disabled javascript.

Your mod public banned anyone calling out your fucking retards for their stupidity, I wouldn't be surprised if 522869 is imkampfy himself.

What a sad state Holla Forums is in, truly.

Holy fucking shit you are brain damaged.

Forgot to add: these tracking pixels can also record browser fingerprints. You'd be surprised at how unique certain browser characteristics can be, even things you don't suspect like window dimensions and supported fonts.
If you switch proxies but your browser fingerprint stays the same, your activity can be correlated across IP changes. This is why it's recommended to not resize the Tor browser bundle's window, for example.

It's a public service anyone can use on their site.
It's basically a web counter. Again, top.mail.ru/

this

it's likely a group of shills trying to discredit archive sites.

I don't have a "role" at archive.is, apparently it's just a site run by one fucking vodka nigger, which explains why it's using third-party uptime trackers.

Your mods are a fucking joke, this board is filled with underage shits who don't know their asshole from a hole in the ground, and you faggots don't know shit about technology.

You're downright fucking clueless, and autistic to boot. A terrible combination.

The version of archive.is that is up now also tracks you, and is sending info to

top-fwz1.mail.ru/tracker

js=13;
id=282****;
u=http%3A//archive.is/
r=****;
st=147*24623;
title=Webpage%20archive;
s=1920*1080;
vp=1920*9**;
touch=0;
hds=1;
flash=23.0;
sid=***e5979;
ver=60;_=0.99146841454*

Basically a lot of info that can uniquely identify your computer

The IP for the server belongs is in the RIPE-range

https:// en.wikipedia .org/wiki/RIPE

So while it's basically nothing, it still tracks referrer and some other things…

Why would they use an offsite loading.gif though?

I'm talking about henley putnam image.
Valuable information.
Why would the owner/dev of archive.is stupidly hotlink a loading graphic? The government connections make this even more suspicious.

Nice try. We already know that the NSA (at least) performs social network analysis of sites like this. This is a textbook example of how it could be done: disseminate tracked links and watch them spread, then correlate the data to other online activity. Soon a pattern emerges giving a good indicator of who breaks news on Holla Forums, what sort of content certain users prefer, how fast information spreads, etc.
Why are you getting so flustered about the suggestion that Holla Forums users' activity is being mapped?

(1)

This thread is making my head hurt.

This is half true and half not. Assuming the tracking pixel is just a 1x1 .gif file, the server sending you the file can see:
- all the headers your browser sends in the request, which includes
- the referrer (if you haven't blocked it from being sent by your browser)
- browser user agent (what browser, version, and OS you're using, sometimes down to the processor architecture)
- if HTTPS, the server sees what SSL cipher methods your browser supports

However, a lot of that information isn't enough to actually uniquely fingerprint your browser. Instead, the site trying to fingerprint you needs to run javascript and/or flash code to really pin you down. Using javascript and/or flash you can get:
- the list of browser plugins installed (not entirely true anymore but it used to be a big deal, and older browser versions may still do this)
- get and set browser local storage data, sort of like a more persistent cookie and with larger storage capacity. There are sites that use this legitimately as well - Holla Forums uses js local storage to store your post history so it can add the (You)s locally in your browser - the Holla Forums server itself does not necessarily have that list. Browser local storage is a good thing in this case because it allows your post ID history to remain solely on your browser and not be sent to anybody.
- get browser client area resolution. This is the width and height of the visible area of the webpage, so if you use an uncommon screen resolution or have your browser toolbars sized in a somewhat unique way, that also reduces your entropy.
- canvas element fingerprint, which is a particularly sneaky attack. There's an HTML element called "canvas" that allows js code to draw images inside the browser. There are plenty of legitimate uses - almost all js based browser games use canvas to draw the game graphics. Sites like soundcloud use canvas to load small thumbnail images and upscale them + blur them while the larger full image loads. However, there are ways to issue a consistent set of canvas drawing commands, but based on a variety of factors, each individual browser may draw them slightly differently. These are things like screen resolution, your OSes font rendering preferences, whether your browser supports certain types of canvas graphics well or not, and so forth. Canvas fingerprinting by itself is capable of almost uniquely fingerprinting each internet user, especially in combination with the other factors. Browser plug-ins like CanvasBlocker are very useful in this respect.
- VPN de-anonymization through WebSocket or WebRTC requests. These are methods for javascript code to open a remote connection to another server, sometimes capable of bypassing proxy or VPN protection and causing your private IP address to leak. This can also be used in conjunction with DNS leaks - for example, if a WebRTC request connects to a malicious site like "hotwheelsisdisabled.com" and you're not using a DNS server provided by your VPN provider, the malicious site can log DNS requests and unveil your private IP address. uBlock Origin has a setting that allows you to disable harmful WebRTC requests, but correct VPN configuration goes a long way in mitigating this itself.

Long story short, if you have javascript totally disabled the tracking pixel can only see a little bit of information. It's enough to figure out what site you came from if you're running a vanilla browser with very lax security settings, and know your IP address, but it's not enough to put together a unique browser fingerprint. That requires javascript execution. If you're using something like uBlock Origin + uMatrix, I'd suggest setting your uMatrix prefs to allow only css and images to load from 1st party and forcibly block everything else by default. You can then selectively enable specific sites to load that information, as well as javascript and xhr requests, and effectively whitelist only the sites you trust. A properly configured uMatrix setup would not expose you to a malicious archive.is page whatsoever.

Looks like I really need to write up a proper Holla Forums infosec post since nobody seems to be able to explain this stuff or write up a good howto. Certainly the people that claim they are Holla Forums are very assmad and like to rant about the mods instead of actually helping their fellow anons.

Kinda makes sense. Considering how in any 'event' that compromises an happening we effectively work faster and more accurately than any other intel agency in the world and can backtrace and expose all but the most obscure individuals in a matter of a couple hours. Breaking apart and dissecting information at a speed that makes every one of those agencies heads spin using just what is commonly available.

We likely represent a full cross section of the entire nation in all conceivable demographics and have a significant web of tentacles in all major nations at all hours of the day. We are a motivated and informed population that thinks individually in multi layers and have innate tactical and strategic thinking abilities that organize in the most loose and clouded system of 'control' ever invented by man and manage to conduct operations with a speed and depth that has no rival. We have even managed to either come up with a wholly untouchable system of in group selection bias and somehow collectively manage to uncover and identify all subversive elements in our midst in just a few sentences all while operating in an complete open environment that we know 'they' watch. We openly flaunt our abilities and even strive to teach them how to better understand us in order to obtain a more challenging opponent. We have even somehow provided objective proof of impossible abilities and created an incredible yet nonsensical religion out of it, its proponents are more ardent and faithful in this religion than any others outside of fully brainwashed cults and life long indoctrination.

We clearly flow throughout all layers of society and understand every aspect of it to a degree that is hard to track until it is revealed during our 'happening' posts. Yet our self view is an unabashedly self depreciating system of aggressive outgroup self identity that has turned full tilt into an movement that holds supreme pride in its non standard inclusive nature. Where others desire safety and security, we pursue hardship and pain; and clearly revel in it in a pursuit of truth while wading thru an ocean of information that Huxley couldn't have dreamed up as a distraction. Our networked connection extends across all 'chans' and a vast collection of more standard but obscure websites, yet we flow into thru and around normal venues of communication at will and have demonstrated the ability to wage a significantly advanced level of cultural cyber war. We seem to become a nexus of more security focused cyber warfare expertise as well in our ability to not only collect and collate information but obtain thru unknown channels previously unavailable information and overviews of almost all levels.

We do it all for free too. We do it for an reason that is not in line with normal operational goal minded understanding. We do it all without an central hub of organization and control. We do it all thru an nearly physic hive mind or an advanced level of physiological conditioning that has allowed group organization, decision making, operation selection and task completion in nearly uniform group consensus control. And we are clearly looking for ever more opportunities to undermine, attack and subvert.

They would be wholly remiss in not studying us. All of them, across the world.

We are the final boss of the internet.

True, a lot of the stuff I mentioned requires JS. Thanks for clearing up the finer details (using 8ch on mobile sucks)

Which is copy-pasted around the web for years and years, and was used on archive.is for who knows how long, at least early 2015, on the google analytics redirect page.
No, it's really not. Unless you're in browser statistics.
Believe me, faggot, google does far more fingerprinting than a shitty website counter hosted by mail.ru.
Because it's an easy solution. He'd have to 1. buy another domain and 2. pay for another server. Unless you wanted him to host it on imgur, which is, again, hotlinking. Same situation, except you probably wouldn't sperg out (as much.)
This shit is fucking hilarious, honestly.
The NSA doesn't fucking need archive.is and a shitty for-profit university to "map muh social network." Both sites are MITM'd by cloudflare. Holla Forums is hosted on desktop shitboxes, that are totally unfirewalled with public netblock data, run by a fat fuck who solicits prostitutes in the Philippines.
I'm flustered in response to the stupidity of faggots who have no idea what they're talking about.

So if this is happening why does it matter? What is to be gained from an IP address? Even further than that why would you even care if someone knows who you are? I am fairly open about my convictions, I don't go screaming it in other peoples faces but I am not ashamed of who I am. Sure I don't want to get doxed but what is the possibility of that even happening, I don't use social media. There are a wide variety of ideologies on Holla Forums and the fact that it is one of the only uncensored outlets on the web is what gives it such a big appeal.

lmao

Okay well relative to others sites where they will block anything that doesn't fit their narrative (reddit) if you have any other suggestions for sites, I'm all ears.

Since you honestly sound sincere in your ignorance I will try and explain.

Throughout history when tyrants are at risk of being disposed from power, said tyrants carry out, or at least attempt to carry out purges. Such purges leave dissidents dead. I am being 100% honest with you. Being here, means you are a dissident to all of our systems controllers. Considering how aware we really are, and how impervious we have become to their more standard abilities to discredit and subvert, they are fast approaching the point in which they will feel the need to decide if they will relinquish power, or instead go for broke and clean up problems permanently.

We may all joke and laugh here, kidding around and having a glorious time laughing at it all. We may pretend to be nobodies, and harmless shut ins. But the reality is, each and every one of us here is an existential threat to the system and those in power. Even our shills that come here for pay or under orders, they too will be considered part of the tainted population that has to be culled. Our enemies are not going to roll over, almost never does that happen. And since they have an almost limitless foundation of power under this vast empire, and have repeatedly 'gotten away' with things far worse than dealing with us would entail, they will have very little compunction to not strike at us directly. When words fail, actions abound. That is the true nature of politics, the peaceful resolution of disagreements. The people that hate us, have subverted all political options, and as such have subverted all peaceful options. Their control is in essence complete, but they in their hubris are vain and selfishly narcissistic, and will not abide ones they consider beneath them to laugh openly at them when they flounder. Especially when that floundering seems to be caused by those self same people.

We expose the very core of a corrupt and vile empire of evil. They openly applauded the public execution of a mother in front of her children, a woman whom did nothing but panic when their jackboots escalated an situation beyond any need other than kneejerk response to something disrespecting their authority. They pulled weapons on her for going up the wrong turn off, and when she revered out and fled they chased her down, even as she called the cops asking for help from the deranged men after her. And when they cornered her here on an american street they executed her in broad daylight in front of hundreds without a single fucking question of their 'moral imperative'. And our illustrious leaders heard of the exchange and applauded their thugs and laughed about it on national television live. That is what you are dealing with. That is the force we here speak of. And that is only the smallest opening aspect of how deranged and decrepit this system is.

You apparently do not understand the reality of this game we play. I hope you might begin to see it now. Everyone here, everyone whom ever visited here, is a threat to them. When they decide enough is enough of pretending to kowtow to the illusion of 'rights', they will come for you. If you think I am blowing smoke up your ass, I wish you luck. Luck will be all that is on your side with that view.

why didnt you risten?

screenshots are not a reliable way to get information.

That is rich.

Here's something else to consider:
Notice how much the level of shilling has increased since this was discovered? How many shit, one-liner, cuckchan-tier slide threads were spammed today?

0b8354 (also a tor user) is very likely a D&C troll, working to turn the Holla Forums against the boards, and vise versa. He is obviously trying too hard to express how much he hates pajeet in order to appear to fit in.

…with both Holla Forums and Holla Forums.

For anyone interested in an after action report:
At the time this was discovered, the only known archive links that were collecting user's information were links posted to Holla Forums. Most other archive links were fine. The assumption was made that Holla Forums users were being targeted. As the night progressed more archive links, as well as archive's home page, started loading the same loading screen .gif with the hidden iIP/User Agent/Referrer stealing 'exploit' script.
Looking back, this page was either archive's default loading page when their server was stressed and archive has always ran the hidden script to steal info or an attacker modified their loading page to add the exploit.
Either way archive.is should be treated as compromised until an explanation is found.
Also, shame on any user who doesn't cover their tracks.

The shilling is what makes me think that Holla Forums was the intended target of this exploit.

You know…. we can tell you aint from around here right?

No, I got banned by you, permanently, kampfy. Because you're a fucking faggot who can't handle a little banter.

Whatever helps you justify the fact that your board is dogshit. I called out your faggot mod for being retarded, and he pretty much confirmed everything I'd implied before that.

Just because people aren't as fucking stupid as you on Holla Forums, doesn't mean it's taken over by "DUH SHILLS."
Though I'm sure you'll find some way to justify increased shitposting on Holla Forums, as you always do, you fucking nigger.
Because, really, that's what you faggots are. Stupider than niggers, really. I bet I could explain hotlinking to a sub-saharan AIDS monkey.

You are going to piss off a lot of people that use TOR for legitimate reasons pretty soon, I'm sure.

Are you implying that the archive.is dev is a pajeet-level coder and blindly pasted that hotlink and left it in place for a long time? Seems unlikely.
Putting a tracker on an obscure (let's be honest here) archival tool website used by a very specific segment of the population seems easier than asking Google to cooperate with the feds or a fed contractor.
The "shitty for-profit university" looks like a finishing school for intelligence analysts and is probably a fed contractor too.
A valid point. However, Cloudflare is a much bigger business, like Google. Cloudflare has come out publicly against the NSA. Asking Cloudflare to give up private keys or issue duplicate certs for certain customers would probably raise more suspicion than quietly hotlinking a seemingly-innocent loading spinner on a site used mainly by deplorables.
True, but none of these claims bolster your argument. Subtle and plausibly-deniable attacks are always better than the direct approach. It's the alphabet agency MO.

What min doth dream, min doth mean.

My gut tells me you're arguing with a shill, but you have valid points none the less. This does seem like an almost amateurish attempt to identify Holla Forums members. The timing with the shills is making me wonder if CTR contracted henley-putnam to identify Holla Forums members. They did contract some reddit retard to handle their server setup, maybe they paid a grad student to set up the exploit and like a dumbass he linked it to his own college's server.

Assume your dumb fuck younger sister has a smart phone. Everything you wrote can be abridged with "EULA" and "location services" and "younger sister".

Click on it. Just make your wintel shit PC a little more secure and install Linux, or use a VM.

Yeah, I'm sure you aren't, faggot.

Or, more like he's using something that doesn't require hosting another server at all to be notified for downtime.
archive.is is not all about you, fuckhead. It's his website.
By your retarded argument, he already has the fucking access logs, the referrers, and everything.
Why would he even need to go through the trouble of using a third party? Logs weigh jack shit. You can store decades worth of high traffic, gzipped logs on something the size of a fingernail.

Maybe this will help you understand just how fucking stupid you are. If it doesn't, there's really no hope for you.
When the site is down. Right.
I don't have to have an argument. You're the one claiming hotlinking and analytics are an NSA conspiracy.

Just kill yourself, faggot.

My gut tells me that you are a fucking retard who doesn't know shit about technology, yet opines about it on Holla Forums, while dismissing anyone who calls him out as a "shill", "goon", "freech", "CTR", whatever boogeyman of the month you will hope to embarrass them with and make them go away.

You fucked with the wrong autism, faggot.

I understand that the current state of the world is fucked up, but one of the most limiting factors to change is apathy and a sense of hopelessness which is used so often by various governments perpetrated through the fear mongering media. You realize that if shit really does go down and they are rounding up all the "threats" that a huge portion of the military will defect. There would be civil war and in turn intervention from foreign governments trying to seize power. If you can't openly stand for what you believe in then you might as well just give up on life completely which is a shame cause there is so much to learn and explore on this beautiful planet. Until I end up in the gas chamber [oy vey] I'm not going to let go of my core values nor pretend to be something I'm not regardless of what happens. Learn to enjoy life and don't let pessimism rule your consciousness.

Why do you care if Holla Forums got something right or wrong?

Because you faggots just had to shit up another board in the process of being wrong, while being shit-faced smug when being told how you're wrong.

Just ignore him, if he had a valid point he would have made it by now. His defense of archive.is is not wrong, but what he fails to account for is that a hidden script was sending user data to a 3rd party. Was archive.is behind it? Doubtful. Was archive.is compromised? Probably.

You sound like you have a bit too much faith in this system user. There is nothing pessimistic in my posts, just basic facts detailing risk. Ignore it or listen and vet it. That is your path.

But you best not count on some odd ball concept that other people whom never met you give two shits about you. That is more dangerous than apathy by an order of magnitude at this stage of the game. At least apathy allows faggots to hide in the general population. A luxury you do not have since you come here now, even if you want to stay apathetic to what is happening.

Die in a ditch, or snorting blow off a hookers ass. It is all the same to me. Have a nice day.

None of it is even obfuscated. You're, straight up, stupider than most niggers.
Yes, because 1. Google Analytics is mentioned in their privacy policy. and 2. the mail.ru website counter isn't, but it's less worse than Google Analytics, so who gives a shit?
No, because it's been happening since 2015

Try ditching this shit storm and going backpacking for a week with some close friends in the wilderness try hunting and surviving off the land, it will give you a new perspective on things and help you build character. I'm honestly not saying that to be condescending it really does give you a fresh outlook on life. Go to your local sheriffs office and discuss some of your concerns, see where there values are. It may surprise you that not everyone in power is in on this conspiracy to harm/ control you. There are genuinely good people in a world full of madness.

Calm down kiddo, what possible reason would their be to only put google-analytics on a page that only shows up when the server is stressed. That plus the mail.ru seems like enough for concern.

Because the server is stressed, and is not responding. It's either a) falling over or b) redirecting to. However you want to word it. When archive.is is down, that shows, it displays that hotlinked image to the user, and it probably tries again.
The page counter that gives him aggregate statistics of countries, user-agents, and what not, without storing logs forever, and without paying for more infrastructure to do it himself? Whoop-de-fuckin-do, faggot.

In addition, google analytics is used so he can be informed of how many people are actually reaching that page. It probably alerts him when shit has gone wrong, or reaches a threshold.

Because, not everything requires an intelligence agency using a shitty for-profit university as a front, with the same image being hotlinked for years around the web, to explain. I assure you.

This. Good riddance as far as I'm concerned. Over time I've learned to trust our dear commie overlords for their supreme awareness of five eyes shenanigans. When something does get blocked here, it raises my eyebrows just a tick. Especially if there's no obvious political motivation.

They shit up a single thread that a Holla Forumsack created in order to ask a question. We both know Holla Forums is slow, and if that riled you up and convinced that your safespace was under attack, then go suck Poettering's cock.

You faggots started shitposting in response to being told. In response, you started getting memed on, and got asshurt.
Fuck off.

ding dong who this sauce pls

Yeah, except the page, including the script and the image, only shows up when the server is on fire. To alert the webmaster that the server is on fire.
You retard.

meant to reply to

Read:

Read:

Fuck off, Holla Forums mod. You've already embarrassed yourselves in this thread, no need to do it again..

Prior thread had a bunch of white house visitor logs connecting somebody related to this thing. I can't remember who.

you're right, it would be terrible if someone were to use mailbait.info/ to spam the shit out of these e-mail addresses
[email protected]/* */
[email protected]/* */
[email protected]/* */

let's make sure that doesn't happen ever!

lalexander[at]henley-putnam.edu

News to me, but.. The main purpose of Archive was to kill the clickbait. Given how they have been allowed to run despite that, and with the .is brand reliability (literally 0 coincidences), you should have expected something.

Alternatives? Pastebin is good, but can't handle images.

https:// addons.mozilla.org/en-US/firefox/addon/refcontrol/

Leigh Alexander? As in SJW shithead who got fucked by the GamerGate shit?

You do realize that by hot linking to henry-putnam they can record all the IP's plus referrer information to pin point the less tech savy user's. And you say this is a coincidence?

You can be pinpointed by a simple backtrace without proper protection anyways when you're connected to a site, the point of getting browser and IP address information is fingerprinting.

I'd guess that's what's needed to convict someone but if it were just for tracking purposes a bare IP would be enough. Visiting archive.is by no means illegal.

Do you get your info from CSI? Way to mix up concepts.

backtrace has no meaning

Any site you visit without VPN/proxy could get your IP from their logs (at their leisure, no need to "backtrace" during an active connection). But IP address more than likely gives them limited information about your location or identity, without a court order presented to your ISP.

And browser fingerprinting is a whole nother concept entirely

sourceware.org/gdb/onlinedocs/gdb/Backtrace.html

Way to show your ignorance there user. You should shut up while you're ahead.

If you're really concerned, do a full re-install, and then only browse with a proper operating system like Debian, or QubesOS (What snowden admits to using - although I honestly think he's a CIA deepagent being used to fuck the NSA as leverage / blackmail while the CIA subverts the US government)

That has absolutely no relevance you fucking shill. Take your own advice

Well mailed the owner, here's the reply:

Basically, the little loading.gif file was dirtily hotlinked even though it was hosted elsewhere. Which is now solved, you can go check again, it's hosted on archive.fo/loading.gif instead of the previous www.henley-putnam.edu/Portals/_default/Skins/henley/images/loading.gif

Oh and follow up:

There you go guys, archive fo is safe again.

Scratch that, I got the wrong loading.gif, IT'S NOT SAFE YET

...

4got pix

That's part of a series of commands you can do to trace a route of where a packet of information goes through. There is also other ones like traceroute command in command line. With some simple coding you can plant a script or other code to run the right command and send the information back to you. This is better and more informative then just your IP address exactly where it's going and how long, which can then be used to pinpoint a better area to guesstimate. Combined with the browser fingerprint and adding in some code to the same script (or whatever method you use to get this traced route) to inform you browser information. It also tells you when it's a proxy when it goes through known proxy destinations, but that's only if you know how to read everything yourself.

Of the loading.gifs in all the google images he had to pick that one.

Damn good point about Cloudflare…

You're thinking of traceroute/pathping not "backtrace".

Can't someone on Holla Forums start an archive like site.

what happened last time? did the last new girl get red-pilled?

serious fucking question guys. WHY THE FUCK HAVEN'T WE ATTACKED henley-putnam.edu YET? its not like we don't have the people or will power to do it. so again I ask, WHY THE FUCK HAVEN'T WE BROUGHT DOWN THAT SITE?
if they wanted us to stop all they would have to do is comply with our ransom that "we want them to delete that 'link' from their website and tell us who made it".

how do I do that? can you please give me a guide?

Another gimmick one has to observe. It get's annoying.

Imagine a state planting service workers into your browser and deleting posts. You would only notice when you use a (second) browser which doesn't have this feature (and compare).

When you visit any website (including archive.is), their server gets your IP address, and it totally can send it to anyone they wish if they want, and you (the visitor) cannot even get a smallest hint about whether it's happening or not. The fact that there's no spooky javascript code doesn't in any way make your IP address When you visit any website (including archive.is), their server gets your IP address, and it totally can send it to anyone they wish if they want, and you (the visitor) cannot even get a smallest hint about whether it's happening or not. The fact that there's no spooky javascript code doesn't in any way make your IP address more private

Has Soros made public comments against Trump? If not, then we need to meme him to, so he can pick up the curse.

Sorry, no contribution to thread. It seems there's not much to be done except go paranoid on all fetching. At least don't have a referrer!

is. → Iceland

Considering the lewd sheer dress in the pic, I imagine the last gril found hidden toilet camera porn of herself on there.