Most of these bots are simply hitting the login page, they're not actually trying to brute force their way in, they're simply following all of the links on your forums.
As for blocking bots there are several options, using CloudFlare or modifying your .htaccess file can directly ban them (on CF you have to look at your firewall rules), a simple kludge for your .htaccess would be something like what
ip2location offers for their Firewall List (which blocks bad IPs/countries)
Some people will say a robots.txt file but it's more of a suggestion versus an actual ban (unlike the .htaccess line)