phpMyAdmin/MySQL attack - how to block with CSF/regex?

153.155.31.225 - - [04/Jul/2017:21:32:15 +0200] "HEAD http://xx.xx.xx.xx:80/PMA2016/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:15 +0200] "HEAD http://xx.xx.xx.xx:80/PMA2017/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:16 +0200] "HEAD http://xx.xx.xx.xx:80/PMA2018/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:17 +0200] "HEAD http://xx.xx.xx.xx:80/pma2011/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:18 +0200] "HEAD http://xx.xx.xx.xx:80/pma2012/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:18 +0200] "HEAD http://xx.xx.xx.xx:80/pma2013/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:19 +0200] "HEAD http://xx.xx.xx.xx:80/pma2014/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:19 +0200] "HEAD http://xx.xx.xx.xx:80/pma2015/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:20 +0200] "HEAD http://xx.xx.xx.xx:80/pma2016/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:21 +0200] "HEAD http://xx.xx.xx.xx:80/pma2017/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:22 +0200] "HEAD http://xx.xx.xx.xx:80/pma2018/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:23 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2011/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:24 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2012/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:24 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2013/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:25 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2014/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:26 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2015/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:26 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2016/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:27 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2017/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:28 +0200] "HEAD http://xx.xx.xx.xx:80/phpmyadmin2018/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"
153.155.31.225 - - [04/Jul/2017:21:32:28 +0200] "HEAD http://xx.xx.xx.xx:80/phpmanager/ HTTP/1.1" 404 182 "-" "Mozilla/5.0 Jorgee"

User-agent: *
Disallow: /

## Scanning for files
if (($globlogs{HTACCESS_LOG}{$lgfile}) and
($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[\w*:?error\] \[pid \d+:tid \d+?\] ?\[client (\S+):\d+\] .*: Got error.*Primary script unknown/))
{ return ("Scanning for files triggerd",$1,"ScanningForFiles","10","80,443","1"); }

Time:     Sat Jul  8 13:38:09 2017 +0200
IP:       xxx.xxx.xxx.xxx (FR/France/APoitiers-xxx.xxx.xxx.abo.wanadoo.fr)
Failures: 10 (ScanningForFiles)
Interval: 3600 seconds
Blocked:  Permanent Block

Log entries:

[Sat Jul 08 13:21:17.994135 2017] [proxy_fcgi:error] [pid 31144:tid 139892470093568] [client xxx.xxx.xxx.xxx:51852] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:22:14.006709 2017] [proxy_fcgi:error] [pid 31144:tid 139892621162240] [client xxx.xxx.xxx.xxx:51952] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:26:46.104859 2017] [proxy_fcgi:error] [pid 31144:tid 139892436522752] [client xxx.xxx.xxx.xxx:52644] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:26:51.783739 2017] [proxy_fcgi:error] [pid 31144:tid 139893032306432] [client xxx.xxx.xxx.xxx:40226] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:27:45.652355 2017] [proxy_fcgi:error] [pid 31144:tid 139892587591424] [client xxx.xxx.xxx.xxx:52754] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:33:14.279631 2017] [proxy_fcgi:error] [pid 31144:tid 139892755445504] [client xxx.xxx.xxx.xxx:41726] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:33:22.001643 2017] [proxy_fcgi:error] [pid 31144:tid 139892595984128] [client xxx.xxx.xxx.xxx:41760] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:35:26.624854 2017] [proxy_fcgi:error] [pid 31144:tid 139892621162240] [client xxx.xxx.xxx.xxx:49288] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:37:57.595718 2017] [proxy_fcgi:error] [pid 31144:tid 139892402951936] [client xxx.xxx.xxx.xxx:42342] AH01071: Got error 'Primary script unknown\n'
[Sat Jul 08 13:38:07.074289 2017] [proxy_fcgi:error] [pid 31144:tid 139892822587136] [client xxx.xxx.xxx.xxx:42364] AH01071: Got error 'Primary script unknown\n'

if (($globlogs{HTACCESS_LOG}{$lgfile}) and

 This option will keep track of the number of "File does not exist" errors in
HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL
seconds then the IP address will be blocked

Care should be used with this option as it could generate many
false-positives, especially Search Bots (use csf.rignore to ignore such bots)
so only use this option if you know you are under this type of attack

A sensible setting for this would be quite high, perhaps 200

To disable set to "0"
LF_APACHE_404 = 100

HTACCESS_LOG = /var/log/httpd/error_log /var/log/nginx/error_log /var/log/httpd/domains/*.error.log /var/log/nginx/domains/*.error.log

traalala.php' not found or unable to stat