# Fail2Ban fitler for the Proftpd FTP daemon # # Set "UseReverseDNS off" in proftpd.conf to avoid the need for DNS. # See: http://www.proftpd.org/docs/howto/DNS.html # When the default locale for your system is not en_US.UTF-8 # on Debian-based systems be sure to add this to /etc/default/proftpd # export LC_TIME="en_US.UTF-8" [INCLUDES] before = common.conf [Definition] _daemon = proftpd __suffix_failed_login = (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit (access|configuration) denies login|Not a UserAlias|maximum login length exceeded).? prefregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[\]\)[: -]+ (?:USER|SECURITY|Maximum).+$ failregex = ^USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$ ^USER .* \(Login failed\): %(__suffix_failed_login)s\s*$ ^SECURITY VIOLATION: .* login attempted\. *$ ^Maximum login attempts \(\d+\) exceeded *$ ignoreregex = # Author: Yaroslav Halchenko # Daniel Black - hardening of regex