self wrote on December 23, 2020 at 1:59 AM

From my understanding, the CAPTCHA is a very low intensity operation that barely takes any server load, while logging in ot registration or making purchases or even browsing like a script would do repeatedly to complete a DDoS attack. Having a CAPTCHA effectively prevents scripts from doing these high intensity operations multiple times per second.

For clear web sites this is an awful approach, but since you can’t really block IPs on Tor, it’s the best and most effective tool market owners have.

MrBlack OP wrote on December 23, 2020 at 2:25 AM

Oh okay I guess that makes a bit more sense. I always thought a DDOS attack had to have a specific port or webpage as a target. But I don't know how one would be sent through the tor network and I dont even really know how they're sent through the regular internet other than it's just a bunch of requests from different locations.

RichardButte wrote on December 23, 2020 at 8:49 PM

That's basically it, all those request clogs up them internet pipes.

Regular sites often use CDN's (server networks to share the load), and a clearnet solution would have one server sort out illegitimate requests and serve CAPTCHA's while a different server that doesn't see any of the unwanted traffic host the site.

Wahaha wrote on December 23, 2020 at 4:53 PM

Is this a problem solvable through certificates? Like you hide the certificates behind a captcha and revoke certificates of misbehaving users.