# Fail2Ban fitler for the Proftpd FTP daemon # # Set "UseReverseDNS off" in proftpd.conf to avoid the need for DNS. # See: http://www.proftpd.org/docs/howto/DNS.html # When the default locale for your system is not en_US.UTF-8 # on Debian-based systems be sure to add this to /etc/default/proftpd # export LC_TIME="en_US.UTF-8" [INCLUDES] before = common.conf [Definition] _daemon = proftpd __suffix_failed_login = ([uU]ser not authorized for login|[nN]o such user found|[iI]ncorrect password|[pP]assword expired|[aA]ccount disabled|[iI]nvalid shell: '\S+'|[uU]ser in \S+|[lL]imit (access|configuration) denies login|[nN]ot a UserAlias|[mM]aximum login length exceeded) prefregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[\]\)[: -]+ (?:USER|SECURITY|Maximum) .+$ failregex = ^USER \S+|.*?(?: \(Login failed\))?: %(__suffix_failed_login)s ^SECURITY VIOLATION: \S+|.*? login attempted ^Maximum login attempts \(\d+\) exceeded ignoreregex = [Init] journalmatch = _SYSTEMD_UNIT=proftpd.service # Author: Yaroslav Halchenko # Daniel Black - hardening of regex