fail2ban Regex for net2ftp and pure-ftpd

[erosbk]

Hello people, I am needing your help with a little regex for fail2ban :P

These are some lines of my log file:

Apr 23 03:07:19 web1 net2ftp: 2011-04-23 03:07:19 190.172.99.244 53059 /webftp/index.php 0 0 localhost xftp browse main 1
Apr 23 03:07:19 web1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 23 03:07:19 web1 pure-ftpd: (?@127.0.0.1) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-SHA, 256 secret bits cipher
Apr 23 03:07:24 web1 pure-ftpd: (?@127.0.0.1) [WARNING] Authentication failed for user [xftp]
Apr 23 03:07:24 web1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.

This is my current /etc/fail2ban/filter.d/pureftpd.conf

[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

I need to modify the regex of pure-ftpd in order to catch too net2ftp login failures, could you help me pls? I don't want to ban my own address (127.0.0.1), so, I need to catch firt the IP from net2ftp... thanks!

____________________________________________

I made this script to install net2ftp in debian 6, use it if you want (at your own risk :P)

#!/bin/bash

echo -e "Alias webftp (eg. xxxftp): \c"
read aliaswebftp

echo -e "URL FTP server (eg. ftp.xxx.com.ar): \c"
read ftpserver

echo -e "Admin mail (admin@xxx.com.ar): \c"
read adminmail

cd /tmp
wget http://www.net2ftp.com/download/net2ftp_v0.98.zip
unzip net2ftp_v0.98.zip
mv /tmp/net2ftp_v0.98/files_to_upload /var/lib/net2ftp
rm -rf /tmp/*

echo 'Alias /'$aliaswebftp /var/lib/net2ftp > /etc/apache2/conf.d/net2ftp.conf
echo "" >> /etc/apache2/conf.d/net2ftp.conf
echo "<Directory /var/lib/net2ftp>" >> /etc/apache2/conf.d/net2ftp.conf
echo " AllowOverride None" >> /etc/apache2/conf.d/net2ftp.conf
echo " Order deny,allow" >> /etc/apache2/conf.d/net2ftp.conf
echo " Allow from all" >> /etc/apache2/conf.d/net2ftp.conf
echo "</Directory>" >> /etc/apache2/conf.d/net2ftp.conf
echo "" >> /etc/apache2/conf.d/net2ftp.conf

/etc/init.d/apache2 restart

cp /var/lib/net2ftp/settings_authorizations.inc.php /var/lib/net2ftp/settings_authorizations.inc.php.backup

sed -i 's/^$net2ftp_settings\[\"allowed_ftpservers\"\]\[1\].*/$net2ftp_settings\[\"allowed_ftpservers\"\]\[1\] = \"'$ftpserver'\";/' /var/lib/net2ftp/settings_authorizations.inc.php
sed -i 's/^$net2ftp_settings\[\"email_feedback\"\].*/$net2ftp_settings\[\"email_feedback\"\] = \"'$adminmail'\";/' /var/lib/net2ftp/settings.inc.php
sed -i 's/^$net2ftp_settings\[\"use_syslog\"\].*/$net2ftp_settings\[\"use_syslog\"\] = \"yes\";/' /var/lib/net2ftp/settings.inc.php