Bloqueo de rutas de bots en Nginx con return 444

Inumerables bots tratan de acceder al vps desde diferentes paises, se consume la ram  y se cuelga el VPS.

Vamos a la sigueinte ruta:

/etc/nginx/sites-available

y configuracion el archivo blog.service

server {
    server_name 68.183.55.76 codigobase.duckdns.org;

    # ===== BLOQUEOS DE SEGURIDAD =====
    
    # Bloquear archivos de configuración y sensibles
    location ~ /\.(env|git|svn|htaccess|htpasswd) {
        return 444;
    }
    
    # Bloquear archivos PHP (tu blog es Django, no necesitas PHP)
    location ~ \.(php|php5|php7|phtml|asp|aspx|jsp)$ {
        return 444;
    }
    
    # Bloquear rutas de WordPress
    location ~ /(wp-admin|wp-login|wp-includes|wp-content|wordpress|xmlrpc\.php) {
        return 444;
    }
    
    # Bloquear rutas comunes de exploits
    location ~ /(phpinfo|phpmyadmin|admin/config|vendor/phpunit|eval-stdin) {
        return 444;
    }
    
    # Bloquear user-agents maliciosos
    if ($http_user_agent ~* (sqlmap|nikto|masscan|nmap|acunetix|metis)) {
        return 403;
    }
    
    # ===== FIN BLOQUEOS =====
    
    location = /favicon.ico { access_log off; log_not_found off; }
    
    location /static/ {
        alias /var/www/blog2025/staticfiles/;
    }
    
    location /media/ {
        alias /var/www/blog2025/media/;
    }
    
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/codigobase.duckdns.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/codigobase.duckdns.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = codigobase.duckdns.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    
    listen 80;
    server_name 68.183.55.76 codigobase.duckdns.org;
    return 404; # managed by Certbot
}

.Deberia bastar es una configuracion basica de seguridad...