Moin, colleagues,
you were right that the operation of the FTP server with the old and unsecured version of Rumpus is not sensible and dangerous.
Apparently some hacker became aware of this thread and hacked my server over the weekend.
Ports 21 and 80 were deleted in my router. And new ports had been set up, 6140–6143 or something like that. There were also two (invisible) files in a user folder on the server, one of which was a Unix executable. Of course, I deleted both immediately.
I assume that the operation of the server is now secured with the ordered new version of Rumpus 9 by the Let's encrypt certificate and that something like this will not happen again.
The acquisition of the update of the new version was therefore a sensible and appropriate investment.
Stay healthy!
Greetings from Hamburg
Thobie