Is my Ban Host working?

Hi Folks,

I have some bad actors in Bulgaria who have been overloading my site many time per day for a couple of weeks.

I am a user, not developer, so I hope you understand what I write here.

They mainly use IP 87.246.7.212, so I first blocked it on Ban Hosts as 87.246.7.*

However that did no good, and 1 week later I added 87.246.7.212 as well.

On the plugin user interface it now shows:

Ban Hosts:
87.246.7.0/24
87.246.7.212

This is confirmed on my .htaccess as it includes:

# Ban Hosts - Security > Settings > Banned Users
	SetEnvIF REMOTE_ADDR "^87\.246\.7\.212$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^87\.246\.7\.212$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^87\.246\.7\.212$" DenyAccess

	SetEnvIF REMOTE_ADDR "^87\.246\.7\.[0-9]{1,3}$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^87\.246\.7\.[0-9]{1,3}$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^87\.246\.7\.[0-9]{1,3}$" DenyAccess

	<IfModule mod_authz_core.c>
		<RequireAll>
			Require all granted
			Require not env DenyAccess
			Require not ip 87.246.7.212
			Require not ip 87.246.7.0/24
		</RequireAll>
	</IfModule>
	<IfModule !mod_authz_core.c>
		Order allow,deny
		Allow from all
		Deny from env=DenyAccess
		Deny from 87.246.7.212
		Deny from 87.246.7.0/24
	</IfModule>

However again just now, my site db was unavailable due to overload and again I find 7 connections from 87.246.7.212.

This is happening several times per day that I get overload and the site is inaccessible.
On each occasion 87.246.7.212 or 87.246.7.* from Bulgaria are there as the last entry with the most connections on the DirectAdmin server load average warning message. Sometimes >50 from that IP alone – and they are always the last entry.

I though Ban Hosts was meant to stop 87.246.7.212 from being able to even see our site, never mind interact with it. Is that correct?

Is there any help or advice you can offer on this? I am really getting tired of them.

Regards and thanks,
Angus