salmonchild-
The risk is minimal.
Tor exit node IP addresses are pretty dirty, because people do a lot of crappy bot and spam stuff. But the biggest targets for that are either email (does not affect us) or Wordpress comment spam (does not affect us).
Given that our auth system requires a verified email address to actually do anything, and it's trivial for me to ban the email and nuke everything... it shifts the cost (create emails and get a new IP) heavily back onto the spammer.
I don't want to punish regular use of Tor, just spamming... and Stop Forum Spam and other systems I've integrated already handle that.
So I think the risk is basically not there.
That's only true for this site... were I to run Wordpress on this domain I'd say the risk was still there.
You are reading a single comment by @salmonchild and its replies.
Click here to read the full conversation.
Velocio
Another CloudFlare experiment that I'm happy to get behind.
I've whitelisted Tor for this site.
So if you happen to use Tor, you should not get challenged with a captcha everytime you visit the site.