There should be CAPTCHA or Javascript Challenge for direct IP. Otherwise attacker can exhaust all resources on the server by hitting http://(IP) instead of domain
reCAPTCHA cannot be used for IP, Javascript is possible, but you do not need to worry about attacks on IP, if you do not have a web source serving some of those IPs, leave an empty index.htm file.
There should be CAPTCHA or Javascript Challenge for direct IP. Otherwise attacker can exhaust all resources on the server by hitting http://(IP) instead of domain