diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 331849b7..e2e5c1db 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -14,8 +14,10 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
-            \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$
+failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$
+            \(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$
+            \(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$
+            \(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.