Re: Err, not yet.
I'm perfectly OK with you wanting to avoid our sites because you somehow feel slighted that we block Tor traffic for simple business security reasons. Just keep using Tor and there is no risk of you ever having even accidental acces to our sites. Easy.
I don't feel slighted because I don't use TOR (bar for the odd test from "outside" my network).
Why I wish to avoid any sites you maintain is your approach to security. As I said, if you cannot beat off the attacks from TOR, you cannot beat of other attacks. And while you're pissing your panties over the "obvious" attack attempts from one source, you're completely oblivious to attacks from others.
A couple of years back my systems fought off a significant (for us) and sustained attack (lasted over a week, 24/7). I was in contact with a number of ISP's and services like Amazon AWS when there were significant numbers coming from their IPs (one AWS IP says little, a couple of hundred however...). Several hundred hits on each of the services on each of the servers every hour (web, email etc machines were on different IP's and in different locations). Non-published services (eg our email server also had a backup copy of the websites we managed just in case) were targeted just as much as the front door. Lots of attempts to get in through other closed doors, eg telnet (which didn't have anything to answer it). I was nervous the whole time, but nothing got through - although I did waste a lot of time on it. A compare of files from backups confirmed that nothing had been changed in /etc or elsewhere, and checks with tools such as rkhunter and others (names don't come to mind) confirmed it.
Of the literally millions of attempts to gain entry, not one got in. And of the literally millions of attempts to gain entry, I did not see one single one that appeared to come from a TOR exit node. Most were from home machines that were part of a botnet I suspect, given the repetitiveness of each attempt (eg trying the same 3 usernames on SSH before Fail2Ban or DenyHosts kicked the IP out).
Yes, systems with much better security than mine do get broken for various reasons. By the grace of God mine didn't - some of that was finding the right tools.
Blocking TOR is nothing with the millions of infected security cameras and other devices out there - devices that will attack your servers from within the IP ranges of your target demographic. If I want to attack your system from somewhere NOT my home IP then I have options - take over someone else's machine (via direct hacking or drive-by website), find some place with free WiFi (any public library, any CBD, any McDonalds, any cafe, a number of homes and businesses with "guest" WiFI). TOR is often slow, whereas sitting in my car or in a nice cafe with a decent coffee, or in a nice quiet library gives me a speedy and largely untraceable location. Warm and cosy in Winter too. And given the number of people like you out there who think that blocking TOR makes a big difference, why would I bother trying to break in via the back door when I can walk in past the large "Welcome" sign by the front door?
More and more people are using TOR or VPNs, and given what is coming out of the UK, US and Europe, those numbers may soon skyrocket. Meanwhile attackers grab IoS toys by the bushel and mount attacks from unsuspecting households the world over, without giving the merest thought even to the existence of TOR.
Oh, the Germans "closed" lots of highways, blowing up bridges etc. Somehow Berlin still fell.
(FTR, my hacking experience is very limited, a little bit of showing friends/customers how shit their router is or how easily breakable some of their other "security" has been - and a few checks of bug reports to test if my systems are (still) vulnerable)