Hi... I posted on here about my ProFTPD problem a week or so ago but it did not appear in the discussion list.
Is there a way to make OSSEC less sensitive with ProFTPD logs? What I've found is that when a user FTP's to our web server and uses the correct/valid username but types the password incorrectly, Active Response adds their IP to the hosts.deny file and they can no longer establish a FTP session with the web server. This seems rather harsh if you ask me because we all type the password wrong on some occasions. Active Response doesn't kick in if for example they use a username that does not exist on the web server. Thanks.
