This sounds like a Denial Of Service (DOS) type of attack rather than a hack.

If the requests are not "normal" ones (if they have long query strings or some other feature that allows you to tell the DOS requests apart from the requests of ordinary visitors), then you can create .htaccess rules that block the requests by those features, rather than blocking by IP.

Webhosts are sometimes able to help mitigate DOS attacks, too. It wouldn't hurt to ask them if there is anything they can do.

Or you could write PHP code that logs the IP of each request, and only allows, for example, 5 requests per minute from any individual IP. After that, issue a 403 Forbidden response. It won't stop the requests from coming, but it would avoid most of your PHP processing from being wasted on the bogus requests.

Thankss.

I blocked the ip address... Right now im getting thousands request from that ip per second, the site is very slow and sometimes give me timeout error but it is still better

if you search for php anti flood class or script
you will find many samples that you could use or adapt to your specific needs, the best ones are those that let you define how many "hits" in a certain amount of time are acceptable.
A decent one, I used a long while ago
was "PHP MYSQL Flood Protection class"
don't know if still ok and usable but you will get the idea.