How do you rate limit bruteforce attempts on a Tor hidden service?
I’m considering the feasibility of a .onion domain for my website to cater to privacy conscious users.
Actions that occur before there’s a known UserID (eg. login page) need to have a bounded number of attempts to prevent bruteforce attack…