GEN:SID 1:545
Message POLICY FTP 'CWD / ' possible warez site
Summary This event is generated when an attempt is made to navigate in an FTP sessions to a hidden directory named "/ ".
Impact Unauthorized file storage.  An attacker may attempt to navigate on an FTP server to the "/ " directory to list or store unauthorized files such as unlicensed software.
Detailed Information An attacker may attempt to hide unauthorized files in a hidden directory named "/ ".   This hidden directory is hard to discover, permitting attackers to store unauthorized "warez" files, such as unlicensed or pirated software.
Affected Systems FTP servers
Attack Scenarios An attacker may navigate to the hidden directory named "/ " to list or store unauthorized files.
Ease of Attack Simple.
Corrective Action Assign restrictive permissions to all directories so unauthorized users cannot navigate or write to them.

Regularly monitor directories for sudden or drastic increased use of space.
Additional References