[Proftpd-user] Ban Module Behavior Issues

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I have configured on our server:

BanEngine on
BanLog /var/log/proftpd/ban.log
BanMessage "Access Denied."
BanControlsACLs all allow user root
BanTable /usr/local/proftpd/ban.table
BanOnEvent MaxLoginAttempts 3/00:10:00 01:00:00
BanOnEvent ClientConnectRate 20/00:01:00 04:00:00 "Too Frequent Connect 
Attempts!"

I am using: proftpd-1.3.3f-1.el5, proftpd-ldap-1.3.3f-1.el5 on CentOS 
5.7 x86_64.

So, after 3 failed attempts, I would expect to see a ban due to 
MaxLoginAttempts for 1 hour, but instead I see a ban on 
ClientConnectRate which expires two minutes later. Even if for some 
reason a ClientConnectRate ban had occurred, it should have lasted for 4 
hours.

Here is the respective event from ban.log:

Feb 02 13:24:58 mod_ban/0.5.5[24998]: added ban event for ClientConnectRate
Feb 02 13:26:01 mod_ban/0.5.5[2336]: ban event ClientConnectRate entry 
'::ffff:10.10.10.101' has expired (3 seconds ago)

Note that I can't find in the logs any bans due to MaxLoginAttempts; all 
are ClientConnectRate bans and they always expire almost immediately.

What is going wrong?

Thanks,
Nick