The requests come from a wide list of IP addresses and countries, so there is no easy way to blacklist them. The only option that we didn’t try is WAF that requiries a PRO account. Can we be guaranteed that these basic attacks will be blocked by WAF? If not, what would you suggest to defend such attacks?
Out of curiosity, have you tried Bot Fight Mode? It’s under Firewall -> Settings
No, I haven’t. Thanks a bunch for the hint, hope that helps during the next attack.