We sometimes see attacks from relays that are hosted on cloud platforms. I have been wondering if the benefit of having cloud-hosted relays outweighs the abuse we see from them.
I don't think banning GCE, AWS and MS Azure is an efficient method to significantly increase the cost of attacks because it is trivial for an attacker to quickly spin up "a large number of disposable machines" at other ISPs as well.
Detecting new groups of relays in a single AS that all sign up in a short timeframe is trivial (DocTor does and did that already [1][2], OrNetRadar [3] does it as well).
Should you decide to continue generally blacklisting entire ISPs/ASes/IP ranges:
Please add that info (including the banned ISPs/ASes/IP ranges) to the documentation (i.e. relay setup guides [4]) so volunteers don't waste their time and money to setup blacklisted relays [5].
[1] https://lists.torproject.org/pipermail/tor-consensus-health/2015-July/005955... [2] https://lists.torproject.org/pipermail/tor-consensus-health/2015-July/005974... [3] https://lists.riseup.net/www/info/ornetradar http://news.gmane.org/gmane.network.onion-routing.ornetradar [4] https://www.torproject.org/getinvolved/relays.html.en [5] https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html