Writing recipes and filters for Fail2Ban is quite straightforward. Since you already have an account with Coozila! AGI, you can copy the access and error logs from /var/log/nginx/ and provide them to Hypatia for analysis. Request Hypatia to create recipes for the different types of attack patterns identified in the logs. This way, you can manually filter out what no module can handle. It requires some effort, but you can develop very effective filters.