Since the IPs and UAs would be difficult to block, and since they are requesting a limited number of URLs:

few specific URLs that doesn't exist

Maybe one way would be to redirect those requests to a 403?

Since it sounds like a botnet activity they might not pay any more attention to a 403 than they do to a 404 though..

is thr a way to redirect all requests for tese specific urls to a static blank html page.
Will it reduce resource usage

what response are these requests getting and does it come from the script or the server?
i would use mod_rewrite directives to either:
- exclude these url patterns (using RewriteCond) from the internal rewrite to the WP index.php so they get 404 from the server, or
- respond to requests for these patterns with 403 Forbidden, using the [F] flag with the RewriteRule directive.
either of these solutions will require less server resources than the wordpress script.

redirect those requests to a 403

What did you mean by that?

If they're requesting nonexistent pages, the only response they could be getting is a 404. So what more does the host want? A 404 response doesn't consume significantly more or less server resources than a 403...

Unless ...

... unless you've got a CMS that grabs all requests, feeds them to a database, and only issues a 404 after it has already done quite a bit of work. Is that your situation?

@phranque
what response are these requests getting and does it come from the script or the server?
--> I am not sure about the source.... how I can find it?

@lucy24

I think high resource usage issue is occuring because high number of request to nonexisting url per second

I think high resource usage issue is occuring because high number of request to nonexisting url per second

I think you might want to have a chat with the host again. AFTER you have sent these none existent requests to 403. And, after you have that second talk they tell you it is too much, you need to change to a different host. Seriously. This kind of bot activity is pretty mundane, annoying, but to be expected. If this small stuff bothers your host, your host is too small.

I am not sure about the source.... how I can find it?

you could look at your mod_rewrite directives to see what they do, or you could turn on rewrite logging for the server and observe the logged results, or you could check your web server access logs since it should show a 200 status code if the request is internally rewritten to the script.

Unless the host sets up a firewall, all requests will reach the server-- whether they end up getting a 403, 404 or something else. (For example mod_security on shared hosting might go to 503 as that's the default.) And this is somehow your fault?

what response are these requests getting and does it come from the script or the server?

I am not sure about the source.... how I can find it?

Your logs will tell you what response is being sent out by the server. But you also need to know how your 404 or 403 page is built, because the server always sends this out, even if the request is from a robot who doesn't look beyond the 40x header.

If all requests are recorded by the server as 200, it means your CMS is doing work. You'll need to hand-code some 403 responses, because the essence of a CMS is !-f ("file doesn't physically exist") and that's exactly what you're trying to avoid.

I realize you never said explicitly that you're using a CMS. But you did say "blog" so it seems a viable guess.