I'm very much not clear on what they're claiming the issue is. Fail2ban is generally used to attach failed logins (usually SSH) to iptables to block brute force attempts. What are they saying is actually happening?
If it's just a lot of hits to index.php, that would indicate your traffic is much higher and that may indeed be a (D)DoS, though targeted at layer 7 (the app) rather than layer 3 (the network). Traditional DDoS mitigations don't really handle layer 7 attacks. They potentially need to be mitigated individually by identifying the signature and blocking the requests. This generally needs to be done at steps above the application (such as in iptables; the farther the request gets in, the less effective mitigation is).