Resolved w/ following done:

Stopped db brute-force and DoS attacks
Hardened server security with configs ref: https://www.cyberciti.biz/tips/linux-security.html
Prevented brute-force ssh password-guessing attack (ufw rules, change default ssh port, use iptables chain from rutgers university scripts, etc.)
Tighten UFW firewall rules (allow only traffics for trusted agnav WAN IP, updated via dynamic DNS using a customer script)
Notes: A good thing is with the auto update UFW script to periodical detect when AgNav WAN IP changed and updating related UFW firewall rule, we still do not have to add fixed static public IP to our service yet.

Other references:

https://unix.stackexchange.com/questions/91701/ufw-allow-traffic-only-from-a-domain-with-dynamic-ip-address
https://report.cs.rutgers.edu/mrtg/drop/dropstat.cgi?start=-1week

Added crontab tasks (root):
# Check and update firewall rule to allow any traffic from AgNav
*/5 * * * * /usr/local/sbin/update-agn-UFW.sh > /usr/local/sbin/update-agn-UFW.log

# Check and update the iptables block chain (adds LCSRDrop) to prevent Bruteforce attackers, database from IPs registered at blocklist.de
1-56/15 * * * * /usr/local/sbin/lcsrdrop.sh > /dev/null 2>&1