You should look into two things:
Seconding the fail2ban tooling - excellent support for just about anything you wish to expose to the random Internet, and you can still pull many stats from it's logs for graphing.
Curious as to how many of the IPs you are seeing attacks from are exit nodes for commercial VPNs or Tor? How many are cloud hosted VMs, or zombie personal machines? IP allocation / reverse DNS should help find this stuff out, as would services like this: ipvoid.com/ip-blacklist-check/ :)
In addition to local controls (such as fail2ban), I would also strongly encourage use of a CDN/anti-DDoS/Web App Firewall product (such as Cloudflare, Azure CDN, AWS CDN, Imperva Cloud WAF, etc.) for your outer layer or protection - they will keep up with threats waay faster than one human!
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.