I’m building an auction website and I was asked to add an “auto bid” function. I’m worried about the scenario where an attacker could create two auto bids from two different accounts. Both accounts, while trying to outbid each other, would generate a large amount of bids, causing a DoS. The question is: how can I easily defend against this type of attack? Currently, the system checks for the amount of bids in the last 24 hours generated by the same user and if it’s more than 1000, the bid is not accepted. This safety measure is probably enough, but I wonder if there’s a better way to deal with this problem.