You mentioned gibberish, that's what this plugin works. Legitimate users usually visiting your website and pages via links. Typing gibberish in URL will be considered as hacking attempts, because hackers or bad bots might randomly combine some words in the URL, which is similar to that way, for scanning your website vulnerability or attacking.
If it frequently bans 'real' visitors, you may consider to:
- Disable Blacklist Repeat Offender
- Increase Error Threshold
- Shorten Lockout Period
- Even disable the 404 Detection
Many things can cause 404 errors. It can be simple mistake or a hacking attack. You may need to examine the error logs, study the pattern to know what the problem really is.