Sorry to hear about this. 
Actually, there is. You can use a reverse proxy. I use Traefik, and I’m able to expose a Dgraph cluster with no security at all (no ALC, no Poor man’s ACL and etc) and it is safe from trolls.
See, this above is my ingress setup. I have exposed 8080/, 8080/query, 8080/health, 8080/admin - I can remove any of than any time. So, no one is able to dig around and find any path and mess up with it.
I have also tested other ways to mess up with it. But it is not possible with reverse proxy. Cuz I don’t expose /Alter, /commit, /mutation, or any other. For me, reverse proxies are the holy grail.