Firewalling is one option. If you're using linux, hosts.deny and hosts.allow is yet another.
Another may be the Proftpd configuration itself; I haven't looked at it in years, but it's designed similarly to the way the apache configuration system is built, and it may have the option. Documention here.
Jeff