What gets processed first? TCP Wrappers or iptables?
I'd imagine that TCP wrappers are processed first because I get messages in my logs saying that libwrap refused connection from IP.x.x.x, but shouldn't it be the other way around? I have the same IP in my iptables list and I'd have hoped that I don't have to see libwrap rejections at all.
Your IP tables rule looks fine for dropping everything from that range. The only other thing I can think of is the ordering then. Do you have a rule before that rule that accepts all connections to your port?
Accpet from all connections on port 80
Drop everything from 188.8.131.52/16
184.108.40.206/16 would still be able to connect to port 80 as it would be matched with the accept rule before your drop rule.
I actually don't accept anything per iptables. I just have rules that deny, deny, deny (drop).
That is what is probably the most baffling. I know iptables is working because I've tested it, but it isn't working for that range (at least, I still have SMTP attempts but I'm not finding any SSH login attempts any longer). I am going to take the paranoid approach. I haven't seen anything good coming from those IPs.