Check if vsftpd is running or proftpd (if proftpd change below were appropriate)
Since SSH will be limited to just the private key, Fail2Ban will block brute force attacks to clients with FTP access.
Copy and paste into the jail.local file. Edit where necessary.
ignoreip = 127.0.0.1/8
# (clients IP, if needed)
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
findtime = 600
maxretry = 5
enabled = true
bantime = 86400