I have a server hosting multiple domains and protected by Fail2Ban with WP Fail2Ban and wordpress-hard + wordpress-soft rules.
Recently I notice that our server is heavily loaded and seems like we are under heavy brute force attack. I can see that Fail2Ban is doing its job by banning a lot of IPs, but the server is still busy banning IP and I need a better solution to bring down the load.
I notice that from Apache server status page (Refer print screen), seems like the abnormal requests are all coming from Client -> static.vnpt.vn. I queried the IP of this domain (203.162.0.78) and banned it via UFW/IPTables but it doesn't work, massive requests from the same domain are still showing in Apache server status page. I also tried to ban it in .htaccess but it doesn't work too.
My question is it possible to ban a client based on the client's domain in Apache server status page? If yes, what I did wrong and how?