Have you considered using a "honeypot"?
Add an input in your login form, something like:
<input type="text" name="inp_honey" id="inp_honey" value="" autocomplete="off"/>
autocomplete="off" will prevent user browsers to auto-fill this input.
then hide it using CSS:
#inp_honey{
display:none;
}
Then in your server action add a condition, which checks if {{$_POST.inp_honey}} has a value
-> then -> set status 403 Forbidden
-> else -> your login steps
You'll be surprised how good this simple check works 