I've set up a simple ftp site at our office. We have a static ip from our ISP, so I installed the Xlight ftp server and also set up our domain to point to it when someone types in ftp.ourwebsite.com.

There have been a number of times when I've gotten onto the computer that is hosting the ftp site and looked at who is currently accessing the ftp and it shows an ip address hammering it with the username "admin" or "student". When I do a reverse DNS on the ip address it usually shows up as coming from South Korea, China or Russia.

So I'm wondering:

1. How do these people find our ftp site when it is unpublished? Are they using some program that just searches random ip addresses until it finds one that has an ftp on the other end?

2. Should I be worried about someone getting into the site if we don't have an "admin" login or "student" login, since that's the only two usernames I've ever seen these "hackers" try?

Thanks.