@ wkitty42
I am always eager to learn
So far I am very puzzled by what you write. My understanding is
1. Tor exit nodes are the only Tor nodes from where packets are allowed to exit the Tor network. Therefore all Tor nodes that connect to your server must be exit nodes. I do not see how Tor-non-exit-nodes would ever be contacting your server. And if your IDS blocks exit nodes, then no Tor node should be connecting to your server. What am I not getting here?
2. Even if you are able to collect meta data, the data can be falsified (again: Tor-browser does that) and also I would like to learn from you how you would be able to find out who is behind the connection just with some meta data. I know there are companies who can do that. But they have a large network of (publicity driven) data collection services that aggregate data from hundreds of places and then you still need to relate that to a Facebook account or another of those internet service companies' account (that I alway say you should not have) in order to find a real life name and address. So your meta data idea (to my understanding) only works if a) the idiot does not use Tor browser (so that meta data is valid), b) uses the same system to surf on other web sites who collect data and c) you have one of the big players (Facebook, Google, Amazon, Apple....) who are willing to give you the real life name/address.
Well, of course that idiot is obviously an idiot, so maybe he makes some of the mistakes you can make. But he does seem to be smart enough to use proxies, so maybe he is only an idiot in the a**hole sense and not so much in the intelligence sense.
But then, IF you are able to get him, then for gods sake do it
Jomo is doing such a great job there, that it hurts to see him (and his customers of course) getting anoyed!!