From 06f8a1a8ca3a2aa93c941eea52cd7c7606bfe558 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 5 Mar 2008 21:53:33 +0000
Subject: [PATCH] - Fixed Debian bug #468477

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@665 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 ChangeLog                    | 2 +-
 config/filter.d/proftpd.conf | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3e9a0d46..69384094 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,7 +40,7 @@ ver. 0.8.2 (2008/??/??) - stable
 - Replaced "echo" with "printf" in actions. Fix #1839673
 - Replaced "reject" with "drop" in shorwall action. Fix
   #1854875
-- Fixed Debian bug #456567
+- Fixed Debian bug #456567, #468477
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------
diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 4794d084..4d71bf2a 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -14,10 +14,10 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$
-            \(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$
-            \(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$
-            \(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$
+failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$
+            \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
+            \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
+            \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.