If you want to catch scrapers even faster, you can add suspicious hosts to the secret ingredient 2
These are some hosts/vpns/tors/proxy servers/ cloud servers that I have on my list (which I have found to be top DeDos offenders):
.amazonaws.com, colocrossing, .contina.com, quadranet.com, .tor-, -tor., .tor., tor-exit, torproxy, tor.exit, torserver, tor.het, .geoca.st, colocall.net, tuthost.ua, azure., privacyfoundation, ip-pool.com, vpnsvc.com, nullbyte.me, heroku.com, .sevpn.com, .alexhost.md, .SteepHost.Net, host1dns.com, serverdale.net, globaltap.com, heilink.com, vultr.com, dataclub.biz, s51430.net, cloudatcost.com, masharikihost.com, scalabledns.com, novalayer.net, unmetered.com,
I've personally gone a little bit further and even added some ISPs that I've found to be top offenders from certain countries that I do not expect traffic from, do not block these if you have real traffic from Ukraine/Russia/China etc:
netbynet.ru, corbina.ru, cpx.ru, ertelecom.ru, elcom.ru, comcor-tv.ru, .mts.ru, a4321.ru, .sat-dv.ru, qwerty.ru, maxnet.ua, .com.ua, .net.ua, nephax.eu,poneytelecom.eu, triolan.net, .eonix.net, .mysipl.com, enjoy.ne.jp, .digicube.fr, .contina.com, .ztomy.com, .krypt.com, embarqhsd.net, chinamobile.com, fastwebserver.de, .cantv.net, gemwallet.biz, .net.il, .totbb.net, ziggo.nl, .163data.com.cn, .enn.lu, kyivstar.net, turkrdns.com, .chello.pl, tpnet.pl, 1113460302.com, .2015.com, .com.cn, .vdc.vn, .hinet.net, .ukrtel.net
Hosts, Tors, proxies are highly likely to be bots
ISPs are less likely (unless you do not expect traffic from this country)
By adding these to the list, the detection is more severe. Of course, if js is detected later, the user is still let back into the site if you do not tick the option to update htaccess.
If you have certain bots on your site that are targeting you specifically, it is likely you have a certain subset of bots. By going through your DeDos logs and clicking each row, you will often see the host name. This allows you to build up a suspicious host list that is relevant to your site under attack (obviously do not block ISPs that allow relevant traffic to your site, instead block hosts/tors proxies and only ISPs that you do not want traffic from)