ACZoom

Patterns for capturing host-names can be tricky - but more importantly, blockhosts is completely based on IP addresses. If you really want to code these changes, a quick way would be to do these two things:
1) find a pattern that is as safe as possible (i.e., will match hostname only, not surrounding text), and plug that in as a pattern into blockhosts.cfg
To start, here's a widely used domain-name pattern:
(?=^.{1,254}$)(^(?:(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)
2) in the match_line function in blockhosts.py, check if the matched IP is non-numeric. The existing HOST_IP_REOBJ regex can be used for this check. If not a numeric IP, then do a IP address lookup using socket.gethostbyname(string). Then, let rest of blockhosts work with that numeric IP address.
Note: the above may not work, this is just a off-the-cuff idea, not tested at all. Also - if the hostname to IP address mapping changes, the new IP address won't be blocked until its count crosses the threshold value.

Another option, recommend this over the above: the log line above is from pam_unix, which is actually a secondary logging mechanism. vsftpd itself has logging capabilities, if those can be turned on (and vsftpd has an option to print logs with numeric IP addresses), then blockhosts will work as is without changes.