[throwaway8491]

Some of BBC News' .onion neighbors are forced to constantly rotate their URLs to evade DDoS attacks (notably Empire Market). Admins constantly publish new PGP-signed links to https://dark.fail . DDoS attackers then scrape this site, shift their attacks. Sites stay online, but users are trained to expect URLs to constantly change. This has resulted in a huge spike in phishing attacks.

Tor hidden services are notoriously difficult to protect from DDoS attacks due to its code being mostly single-threaded. Build 5000 circuits to any darknet site, max out one core on the server, and you take it offline. Cheers to BBC for this great step forward for privacy. Hopefully their traffic surges to bring more attention to .onion scaling problems.

[clubm8]

My pet theory is that these DDOS attacks are not just other merchants. I believe state actors are DDOSing to force traffic through nodes they control to deanonymize traffic.

[bashallah]

Flood certain gates to ease monitoring of specific nodes.

Easy ROI

[cyphar]

While it doesn't solve the problem entirely, onionbalance[1] does mean that you can have more than one server handle traffic. There's also IP load balancing.

[1]: https://github.com/DonnchaC/onionbalance

[_8j50]

Can't you do IP load balancing and run multiple Tor processes to handle different circuits?