Hi, I got this in my log Apr 23 10:15:48 mymachine wu.ftpd[13697]: connect from 62.2.87.42 (62.2.87.42) Apr 23 10:15:49 mymachine ftpd[13697]: USER anonymous Apr 23 10:15:49 mymachine ftpd[13697]: PASS guest@here.com Apr 23 10:15:49 mymachine ftpd[13697]: CWD /pub/ Apr 23 10:15:49 mymachine ftpd[13697]: MKD 010423101604p Apr 23 10:15:49 mymachine ftpd[13697]: CWD /public/ Apr 23 10:15:49 mymachine ftpd[13697]: CWD /pub/incoming/ Apr 23 10:15:50 mymachine ftpd[13697]: CWD /incoming/ Apr 23 10:15:50 mymachine ftpd[13697]: CWD /_vti_pvt/ Apr 23 10:15:50 mymachine ftpd[13697]: CWD / Apr 23 10:15:50 mymachine ftpd[13697]: MKD 010423101605p Apr 23 10:15:50 mymachine ftpd[13697]: CWD /upload/ after which the person disappeared. Is there an exploit here that I'm unaware of? I couldn't find anything on either cert.org of securityfocus.com. Or is it just someone looking for a place to store warez? Am I being paranoid? :) Regards Anders