Not sure where to post this topic, please move where it corresponds
I supose you’re aware about some stupid people using proxy attacks from Tor using socks5 or socks4 to attack websites using layer 7, and make tons of petitons.
Just get a large proxy list (socks5 for example) and run a python script to make thousand of http 1.1 petitions.
But the question here (related with TOR) I saw some recent attacks (monitoring a website behind CloudFlare) and noticed that too much IP’s , the most are from T1 (Tor exit nodes)
So how you can prevent or monitorize this kind of attacks? For example, limiting you can’t make 100 petitions or more for second to same website. There’s any technical approach?
Well I can block entire TOR (T1) “country” using CloudFLare, but then nobody using Tor can acces my website, so this isn’t a solution.
I can provide some screenshots (cloudfare panel) or list of abusive tor exit IP’s if you need them.
Thank you in advance.