It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. That is accomplished by code execution path timing analysis attack at the ProFTPD login procedure. There is a very small (but significant) difference in time delay of code execution path between valid and non-valid user names. That can be used to remotely determine the difference between existent and non-existent users. Enjoy!