Hosts do not get blocked for e.g. repeatedly providing the wrong password, as for that the initial handshake gets completed. Completed with an "access denied" error, but completed nonetheless.
I think the initial post with error message is clear " blocked because of many connections"
Main problem here though is that you seem to want to provide as little information as possible only, so this turned into a big guessing game.
And with that I'm out, I don't want to waste unpaid time on doing educated guesses with information only being reviled bit by bit instead of describing the full scope of the problem up front.
But my intial question was also if the blocking could be expanded to a match of ip+db and not just ip. I still think this could be an interesting change in design.