I have a user that is being attacked by someone or a script hitting the forgot_password end point many times a day using their e-mail address. This has been happening for several days. Since this sends e-mail, it is also potentially abusive to the system. From the nginx access.log, I have tracked the IP address for some of this time to another user on the system and sent a warning message, but that might not help. I have also added this IP address to Admin > Logs > Screened IPs; however, I am not certain what that will do except prevent login temporarily. The IP address can and has changed, and it is probably a dynamic address but also someone could switch on a VPN and start again.
Does anyone have a suggestion on how to handle this?