So far, you're doing what should be done, in my opinion only.
Cloudfl can partially mitigate a low-to-modeate threat simply by pointing your NSs (Nameservers) at their service.
Cloudflare was started and staffed by the same team that gave us Project HoneyPot. Good stuff.
It's been a few years but they are pretty good and I give that team Mad Props.
The next "God, that wasn't so hard" is "centralized logging" and by that I speak of Elasticserch, Logstash, and Kibana, or "ELK".
https://duckduckgo.com/?q=ELasticsea...ean.com+centos
ELK and others are the shit.
Why they come to your server?
I don't know that answer, but I do know we shouldn't take it personally.
centos-webpanel features csf and I recommend you at poke around
http://forum.centos-webpanel.com/csf-firewall/ and "get a feel"
WhM/cPanel was a big fat Target, so maybe this is too?
Close the database port to the world?
ELK "later", ok?
Code:
cat x | grep y | grep z | awk
... is old-as-dirt
But...that is also another good skill to have.
Comfort at a text prompt.
ELK can slice and dice:
Visualizing Logs Using ElasticSearch, Logstash and Kibana - YouTube
Continue to do as you have been.
That's a good habit to have.
An Intro to badbots was an eye-opener for me.
Details that I found in my logs
every dayfor seven years.
Been centralizing w\ELK ever since.
An Intro to badbots may offer you some hope of keeping this under control..
I'd love to grep your logs.
You familiar with the Apache webserver
LogFormat directive?
Me either, so....Ha!
IDK how far I can encourage you, since I don't know what your equipped with or skilled to accomplish.
Secure your Apache server from DDoS, Slowloris, and DNS
I'll check in "in a few"...see how you are getting on.
Be encouraged.