What I do is record failed recaptcha submissions into one logfile, and passed recaptcha submissions into another log file. That's done on the php/form side. Then I run a script to count up how many failures by IP, and from which countries. The script will blacklist IP addresses that pass whatever thresholds I set, using iptables. That'll make sure the server resources are not used as it just completely ignores those incoming connections. It's not unusual to find a single IP making thousands of attempts.
I have another version too for tracking IPs that are trying to log into my server - failed attempt gets your IP banned. But the ban is timestamped and released after a pre-defined time period.
There is probably software out there to do that too, but I first started doing it like 20 years ago, so I just stuck with rolling my own.