WoT is not that expensive, and you can use auth to cap legit users usage and more aggressively cap one off npub auth so the IP address gets rate limited if it comes again in a short time with a different auth
be creative, the enemy is wriggling like a stuck pig, nail its jugular by any means necessary