Fail2ban nginx-botsearch jail

Can the nginx-botsearch jail be safely enabled using its default configuration? The reason I ask is it looks like that slow down web scanners that look for things like wordpress logins. Would any sort of customization be needed before enabling it? The reason I ask is that I see a bunch of 301 162 result code entries in the access log from web scrapers / scanners like the one following and wanted to be able to use fail2ban to block the traffic:

84.247.144.101 - - [04/Jun/2024:19:45:57 -0500] “GET /wp-content/fonts/ HTTP/1.1” 301 162 “-” “Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0”
84.247.144.101 - - [04/Jun/2024:19:45:57 -0500] “GET /wp-content/languages/ HTTP/1.1” 301 162 “-” "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4
84.247.144.101 - - [04/Jun/2024:19:45:57 -0500] “GET /wp-content/plugins/ HTTP/1.1” 301 162 “-” "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
84.247.144.101 - - [04/Jun/2024:19:45:57 -0500] “GET /wp-content/themes/ HTTP/1.1” 301 162 “-” "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.

Shouldn’t garbage like that end with a 404 being returned anyway?

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.