Write fail2ban rule(s) to catch common attacks against the server

Repeat login with new usernames leads to the server getting rate limited by mojang - we should be able to catch and kill duplicate login attempts from a single IP with fail2ban:

Write a rule or set of rules to catch this sort of attack, block the IPs, and ideally send abuse report emails.