Hackers?

I'm currently running an ftp server on my PC and I often run into this message:

[000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > connected to ip : 192.168.0.7
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > sending welcome message.
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > 220 BradFTP
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > USER anonymous
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > 331 Password required for anonymous.
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > PASS ********
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > 530 Login or Password incorrect.
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > disconnected.

Is this some hacker looking for a random ftp server (based on port)? I have no anonymous account, so they will never be able to log in, and I always add that IP to the block list, but should I still be concerned?

They are scanning for a place to put some slightly shady content most likely. I had anonymous on my server 3 years back and found after a month I had the newest Windows at the time, plus some other pieces of software. They usually try to do tricks to hide the files, but most fail on a Linux box.

What's the point? Just to propogate (sp?) the stuff?

If your on a fast enough connection, usually they will use you to get files off a site. So basicially you become a relay, allowing their slow connection to eventually get the files without fear of being booted off the main server. FTP easially allows redirection to another site, it was a common trick when many sysadmins were on dialup. They would FTP to a site then direct the download to their office computer.

Another possibility is they intend to turn your server into a main site.

How flattering.