I don’t have a clue neither - for sure I see some attacks using SQLi or RFI in the Referrer headers as they try to also get a backdoor using a possible logging system, but without a username I assume it does not make sense to brute force.
Is there any possibility to use a hook or action, that I can use in other plugins, to trigger a WPfail2ban log to the auth.log?
I also use iThemesSecurityPro - and I would like just to add a fail2ban log to some parts of the plugin - as the only real blocking for me is on iptables layer, not on application layer.