Who do you ban? The idiot that paid for a recovery? He or she wasn’t at fault, and simply paid for a service. The actual guilty party is, for all intents and purposes, anonymous.
English
-
To prevent DDoS, you'd have to know which IP and assume they wouldn't use that IP again...wishful thinking. But as another person said, banning the person/user would be great, but proving it was them, as you mentioned...isn't possible imo.
-
If I were using cyber attacks to level up account recoveries, I’d most certainly be running my box through a VPN.