I often see redirect log entries indicating probes from vulnerability scanners. These scanners will go through a list, one URL after another, looking for something not returning 404 for possible exploition.
It would be great if I could make a group, add these common URLs and set the action to "ban IP". This would stop them from going any further than the first matched probe. In essence, anyone accessing "/timthumb.php" (for example) would be flagging themselves for automatic and instantaneous banning.
I looked for a plugin that would do this and was not able to find any (which is surprising). Thinking about it, it would fit naturally with the redirection plugin.
Apologies if this has been requested before.