I've just been running through my own website logs for the week, and the majority of hacking attacks (mostly attempts at stealing AWS & Git credentials, but also outright hacking, vulnerability scans, exploit attempts & brute forcing attempts) have all been via VPN, Tor exit nodes, and relays. Legit website users just never use VPN or Tor for anything.
Datacenter is not necessarily a "threat", but if a datacenter is trying to post to your website comment form, it's certainly posting some kind of spam or SQL injection attempt, and it's not a message from a legitimate customer. (Datacenter is actually a highly effective flag for detecting spam.)
> Legit website users just never use VPN or Tor for anything.
You are wrong. I use that and a minority of legit people also do.
The problem with your type of thinking is that you are only thinking in terms of what the population majority is doing and how they are behaving - lumping the minority of privacy conscious user in with all kinds if malicious actors. Basically the type of thinking that leads to all kinds of discrimination, unfortunately.
No, it is based on my web logs across my websites. I have never had a single purchase come through a VPN or Tor node. I have never had a legitimate customer or personal enquiry come through a VPN or Tor node.
100% of VPN and Tor access to my websites have all been hacking and spam attempts.
I have spent the last few months fighting spam & hacking attempts in detail - primarily from a Russian & Chinese exploit botnet that seems to have spun up around Feb 2021. This is why I am so confident in my statement, because I have been logging and collecting data on the spam & hacking attacks, and analyzing my data daily.
I've detected attacks via AVAST's VPN, Nord VPN, Fiber Grid, Tor exit nodes on Frantech, GleSys AB, Hidehost, Performive VPN, HideMyAss, PureVPN, and I just spent this afternoon tracing a particularly dumb bot that tried sending thousands of requests through StrongVPN, just alternating between 2 IP addresses. And that's just a subset of what I've been fighting against. For what it's worth, I only see the Tor exit nodes occasionally, VPNs are much more common.
I used to think VPNs and Tor were a good thing (about a decade ago). My mind has been changed by looking at the quantitative data I have collected.
> I used to think VPNs and Tor were a good thing (about a decade ago). My mind has been changed by looking at the quantitative data I have collected.
They are a good thing! Your mind has changed because your work has changed and you now are solely confronted with the negative aspects of using VPNs and Tor.
I'm pretty sure if you would have worked at an NGO on free speech you'd still be convinced of VPNs and Tor.
From you are staying the solution îs probably to increase the number of legitimate and responsable VPN/Tor users so that sysadmins don't automatically associate VPN/Tor with criminal usage patterns.
Datacenter is not necessarily a "threat", but if a datacenter is trying to post to your website comment form, it's certainly posting some kind of spam or SQL injection attempt, and it's not a message from a legitimate customer. (Datacenter is actually a highly effective flag for detecting spam.)