Usually, the attack is for the specific IP address the website is using. If the attack is to the specific site, you should be able to see the information in the Apache logs in the server. The site getting the attacks will have a full log of the requests to it.
You can find the attackers IP using the netstat command, but if it DOS attack only then blocking the IPs would save the server, for DDOS attacks, the attacker IPs would be changing constantly, so blocking the IPs is not a solution.
Alternately you can check the Apache access logs, find which log file is written more and which url was accessed heavily in past hours, that would make a better sense on the attacked target on your server.
In the case of DDOS, either you need contact the provider for any hardware filters to filter the traffic.
If the attack is url/domain specific then you should be using any thirdparty services like CLOUDFLARE to filter the traffic.