And the 0.9 track gets quicker attention yet. Saturday morning three days ago for me. There is a mailing list that is active and not too noisy to catch the appropriate updates as they are committed. For the Asterisk fileter June 27 v. January 09 .
You might also want to look at your apache error logs and see if the noscript and nohome jails could be appropriately enabled
FYI the AMI events that need attention look like
SECURITY[1918] res_security_log.c: SecurityEvent="InvalidAccountID",EventTV="1435677997-293779",Severity="Error",Service="AMI",EventVersion="1",AccountID="manager",SessionID="0x7f4c3c7ceac0",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/58.252.4.117/35995",SessionTV="0-0"
SECURITY[2188] res_security_log.c: SecurityEvent="FailedACL",EventTV="1435495355-169186",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7f47c00020b8",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/58.252.4.117/40738",SessionTV="0-0"
I believe covered by current fail2ban regex in asterisk.conf:-
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="(\d*|<unknown>)",SessionID=".+",LocalAddress="IPV[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",ExpectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?(,SessionTV="[\d-]+")$
(should also cover the latest asterisk 13 PJSIP stuff)
replace gamin with pynotify and watch it sing 