Thank you both for your replies.
Google, DFP, and Ad Networks should implement some of these measures but they refuse, making it the issue and cost of the publishers instead. Something that the publishers cannot stop effectively and many publishers do not have the funds to higher bigger less intrusive methods.
I have been using the following methods for a little while now.
Default Security Level: High
Pagerule: domain.com/* “I am under attack” mode (It just works better for some reason like this)
Challenge Passage set low to 15 minutes
I noticed an immediate drop in server requests. More “direct” source traffic in analytics because of the JS Challenge script. Bounce rates are returning to normal.
I was hoping to get some of those webmasters already using this method to speak out.