Feeding them false info, rate limiting, blackholing, etc, all would likely have helped
I've been doing all of these for a while with various systems in my care.
And as the article points out, these techniques have been around for quite a while, and if whoever was in charge of PM's mail etc systems didn't bother to use any of them, that's very bad practice indeed.
One moderately laughable piece I wrote recently focuses mainly on auto-clobbering bruteforcers, but has pointers to other resources too: http://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html
Biting the hand that feeds IT
