Suse 7.1 kernel 2.4.4 Last night it appears someone logged on to my system. It was suggested that I look in the file /var/log/xferlog to see if any files were removed. Evidently xferlog is supposed to log all ftp transfers. Is there anything like this in my Suse system ? Is there anything I can check in relation to this connection ? I have made changes to host.allow and hosts.deny allready. Brian Aug 5 04:49:26 gringo ipppd[1515]: sent [0][LCP EchoRep id=0x7c f3 8e 0f a6 00 06 c0 0e] Aug 5 04:54:26 gringo ipppd[1515]: rcvd [0][LCP EchoReq id=0x7d da 6a da 55 00 bd f6 26] Aug 5 04:54:26 gringo ipppd[1515]: sent [0][LCP EchoRep id=0x7d f3 8e 0f a6 00 bd f6 26] Aug 5 04:55:19 gringo in.ftpd[3209]: warning: /etc/hosts.allow, line 5: missing ":" separator Aug 5 04:55:20 gringo in.ftpd[3209]: connect from 213.44.213.24 (213.44.213.24) Aug 5 04:59:00 gringo /USR/SBIN/CRON[3211]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Aug 5 04:59:26 gringo ipppd[1515]: rcvd [0][LCP EchoReq id=0x7e da 6a da 55 00 58 b9 b8] Aug 5 04:59:26 gringo ipppd[1515]: sent [0][LCP EchoRep id=0x7e f3 8e 0f a6 00 58 b9 b8] Aug 5 05:04:26 gringo ipppd[1515]: rcvd [0][LCP EchoReq id=0x7f da 6a da 55 00 50 73 1d] Aug 5 05:04:26 gringo ipppd[1515]: sent [0][LCP EchoRep id=0x7f f3 8e 0f a6 00 50 73 1d] Aug 5 05:09:26 gringo ipppd[1515]: rcvd [0][LCP EchoReq id=0x80 da 6a da 55 00 fd e4 c0]