Re: Err, not yet.
And the general internet does NOT route attacks to your site? Oh, it does? If a defensive strategy is good enough to handle the daily non-TOR attacks, they're good enough to leave TOR open. If they're not, you're pwned anyway. You might as well block all traffic from Brazil, since they're a growing malware hotspot. And Russia, definitely them. And then, and then, and...
It is exactly because we do indeed geo-based blocking that this whole Tor discovery was made. Some of our sites are not that public (no SEO, not "www".somedomain etc) so we used those to see what floated in on requests and a very high quantity of 404 traffic was Tor originated. We then started to look at Tor hits that were non-404, and we had to go back several months before we found site access that wasn't seeking to subvert the site. Ergo, Tor is not a source of customers for us, and it makes sense to block Tor nodes to improve security.
I'm voting with my virtual feet and refusing to do business with TOR-blockers. It's like insisting on Adobe Reader or Java to use a site, forcing me to use an insecure product over a secure one. No thanks!
That makes no sense. You prefer sites that leave themselves open to a major channel for hacking attempts and then state you do that because it's safer? Really? With that sort of logic you wouldn't understand the rather extreme lengths we go through to protect ALL our visitors. In our opinion, someone should not HAVE to use Tor to have their privacy protected but we reserve the right to deny access to those that seek to harm our facilities.
Biting the hand that feeds IT
