fail2ban/filter.d/nginx-bogus.conf

[Definition]
failregex = ^<ADDR> \S+ \- \[\] \"[A-Z]+ /(\?.*) \S+" 200 [0-9]+ \"(\[object Object\]|https://nosec.dstat.online/.*|https://coolfett.stresser.day/.*|[A-Za-z0-9]{10,})\".*
            ^<ADDR> \S+ \- \[\] \"[A-Z]+ /(\?.*) \S+" 200 [0-9]+ .* \"(Chrome|Safari|Opera|[0-9A-Za-z]{60,}=*)\"$
            ^<ADDR> \S+ \- \[\] \"[A-Z]+ /[^ ]* \S+" [0-9]+ [0-9]+ .* \"[^"]*(Bytespider|GPTBot|SemrushBot|ClaudeBot|DataForSeoBot|MJ12bot)[^"]*\"$
            ^<ADDR> \S+ \- \[\] \"[A-Z]+ /\?[A-Za-z0-9]{6}=[A-Za-z0-9]{160}
            ^<ADDR> \S+ \- \[\] \"[A-Z]+ /+\?((true|q|s)=)[A-Za-z0-9?]{6,} \S+"
            ^<ADDR> \S+ \- \[\] \"[A-Z]+ /\S+(\*jumpBack=|redirectToUrl=)\S+ \S+"
            ^<ADDR> \S+ \- \[\] \"\\x[^"]+" 400

ignoreregex =
datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
              ^[^\[]*\[({DATE})
              {^LN-BEG}