There is a standard and very secure way of doing this through shell selection.
See, every user on your system needs a shell and (AFAIK) proftpd checks /etc/shells to make sure that the user has a "valid" shell. As long as the shell the user has appears in this list proftpd will let them log in.
The trick is giving users you don't want to be able to have terminal access a dummy shell. You can do this by adding /dev/null to the end of the /etc/shells file, and then assigning ftp-only users that shell. This way when they log in via SSH they'll be presented with nothing but they can still log in via FTP.
The slightly cleaner way of doing this is to assign the users a shell script, like /var/nologin, looks like the following
Code:
#!/bin/sh
echo "If you're reading this, you ain't 1337"
exit 1
That way when they log in they're presented with a message then kicked off. This is, however, not strictly necessary.