I know you all are dealing with DDoS and how that goes. I run DDoS mitigation for some juicy targets and do a lot of on-call response to handle those issues, so believe me when I say I know what you are dealing with.
However, that being said, it appears you are blocking tor exit nodes with a 403, likely at your web termination point (nginx, apache, whatever), and this kind of sucks.
I get that tor can bring some attacks, and I fully support a modulated response to those attacks, preferably one with a reasonable time decay, but please don’t just block all of tor
Alternatively, be one of the cool kids, and setup an onion service for lemmy.world!
Make SURE to host your Exit Node as a foreign LLC entity in a non-cooperating country of the 14 eyes alliance. Or else they might (probably will) go after you for hosting… umm… bad stuff, sometimes involving children.
Not really necessary.