20Nis
How do you rate limit bruteforce attempts on a Tor hidden service?
I'm considering the feasibility of a .onion
domain for my website to cater to privacy conscious users.
Actions that occur before there's a known UserID (eg. login page) need to have a bounded number of attempts to prevent bruteforce attacks.
How do you effectively rate limit unauthenticated users on Tor to prevent bruteforce attacks?