diff --git a/ChangeLog b/ChangeLog
index 5ca68994..76011db5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -76,6 +76,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/apache-auth - added expressions for mod_authz, mod_auth and
      mod_auth_digest failures.
    * filter.d/recidive -- support f2b syslog target and anchor regex at start
+   * filter.d/vsftpd - anchored regex at start. disable old pam format regex
    * filter.d/pam-generic - added syslog prefix. Disabled support for
      linux-pam before version 0.99.2.0 (2005)
    * filter.d/gssftpd - anchored regex at start
diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf
index 259e2c82..661fbb61 100644
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@@ -4,8 +4,15 @@
 #
 #
 
+[INCLUDES]
+
+before = common.conf
+
 [Definition]
 
+__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+_daemon =  vsftpd
+
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
@@ -13,8 +20,8 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
-failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
-            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
+failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty= ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+            ^ \[pid \d+\] \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/testcases/files/logs/vsftpd b/testcases/files/logs/vsftpd
index ac6d0454..4be6a8f8 100644
--- a/testcases/files/logs/vsftpd
+++ b/testcases/files/logs/vsftpd
@@ -1,7 +1,9 @@
 #1 PAM based
 # failJSON: { "time": "2004-10-11T01:06:47", "match": true , "host": "209.67.1.67" }
 Oct 11 01:06:47 ServerJV vsftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=209.67.1.67
-# failJSON: { "time": "2005-02-06T12:02:29", "match": true , "host": "64.168.103.1" }
+
+# Pam pre 0.99.2.0 - https://github.com/fail2ban/fail2ban/pull/358
+# failJSON: { "time": "2005-02-06T12:02:29", "match": false , "host": "64.168.103.1" }
 Feb 6 12:02:29 server vsftpd(pam_unix)[15522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=64.168.103.1 user=user1
 
 #2 Internal