proftpd child process represents a single client connection,
and thus this directive also controls the maximum number of simultaneous
connections allowed. Additional connections beyond the configured limit are
-logged, and silently disconnected. The MaxInstances directive
-can be used to prevent undesirable denial-of-service attacks (e.g.
-by repeatedly connecting to the FTP control port, a malicious client could try
-to cause proftpd to repeatedly fork new processes, creating a
-"fork-bomb"). By default, no limit is placed on the number of child
-processes that may run at one time; it is highly recommended that a
-maximum number, suitable to your sites traffic, be configured.
+logged, and silently disconnected; the clients will not receive an
+FTP response in this case, but instead will encounter connection-level errors
+such as "Connection reset by peer". In order to provide a more user-facing
+error message, use the
+MaxClients directive,
+set to a value lower than MaxInstances, e.g.:
++ # Set MaxClients lower than MaxInstances, so that clients receive a nicer error message when they are rejected. + MaxClients 100 + MaxInstances 101 ++ +
+The MaxInstances directive can be used to prevent undesirable
+denial-of-service attacks (e.g. by repeatedly connecting to the FTP
+control port, a malicious client could try to cause proftpd to
+repeatedly fork new processes, creating a "fork-bomb"). By default, no limit
+is placed on the number of child processes that may run at one time; it is
+highly recommended that a maximum number, suitable to your sites
+traffic, be configured.
-The solution is to use "MultilineRFC2228 off" in your proftpd.conf
-(or simply remove that directive entirely).
+The solution is to use:
+
+ MultilineRFC2228 off ++in your
proftpd.conf (or simply remove that directive entirely).