Security by obscurity and warnings

Good security practice works on a combination of locking down all the holes as tightly as possible and letting as little information about the network out as possible. Additionally some legal systems require that explicit warnings are put up letting the casual connecting host know that unauthorised access is not permitted. To provide these features Proftpd supplies a number of directives which control the message presented to the user.

How can I prevent the server version from being displayed

Setting SeverIdent to "off" should turn off the information about what type of server is running. To have maximum effect this directive should either be in the Global context or included in every virtual host block and the default block.

ServerIdent  on " server"

ServerIdent  off

ServerIdent  on ""

I want to show a message prior to login

Use the DisplayConnect directive to specify a file containing a message to be displayed prior to login.

DisplayConnect /ftp/ftp.virtualhost/login.msg

I want to display a message after login

Use the DisplayLogin directive, this sends a specified ASCII file to the connected user.

DisplayLogin /etc/proftp.msg

Can I have a custom welcome response?

Use the AccessGrantMsg directive, this sends a simple single line message back to the user after a successful authentication. Magic cookies appear to be honoured in this directive.

AccessGrantMsg "Guest access granted for %u."

Note, this directive has an overriding default and needs to be specified in both VirtualHost and Anonymous blocks.