I am using the following fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux (because default one is not working for me properly).
File /etc/fail2ban/jail.local or /etc/fail2ban/jail.conf if you have not installed fail2ban using yum package manager which will overwrite your custom configuration files each time you update the package.
[proftpd-iptables]
enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=serveradmin@shkodenko.com]
logpath = /var/log/secure
maxretry = 7
Filter configuration file: /etc/fail2ban/filter.d/proftpd.conf
# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
# \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
# \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
# \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
#
# default failregex does not work @see http://www.howtoforge.com/forums/showthread.php?t=35089
#
failregex = ^(.)+proftpd(.)+\[<HOST>\](.)*no such user found from (.)* to (.)*$
^(.)+proftpd(.)+\[<HOST>\](.)*USER(.)*Login failed(.)*Incorrect password(.)*$
^(.)+proftpd(.)+\[<HOST>\](.)*SECURITY VIOLATION:(.)*login attempted(.)*$
^(.)+proftpd(.)+\[<HOST>\](.)*Maximum login attempts(.)*exceeded(.)*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
To check new ban regex use command:
# /usr/bin/fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/proftpd.conf
Restarted fail2ban using command:
# /sbin/service fail2ban restart