The Indymedia publishing server (traven.indymedia.org) is running debian, the primary, community, free (as in freedom), Linux OS, it's running a free (as in GPL'ed) CMS, Mir -- the code to all this is open, if you don't trust it then READ IT and please tell us about any security holes you find.

The server is colocated with the Seattle Community Colo,  http://www.seaccp.org/ where a lot (perhaps too much) activist hardware is colocated -- it's sponsored by Riseup, we know them and trust them, they know us and trust us.

The server is managed by long term, and trusted activists, it does have nmap installed but the suggestion that the sysadmins would use it to port scan users is absurd (and even if they wanted to do, which they don't, they would be a bit more clever about how they did it, they are not stupid).

Apache is set up to not log IP's, I just checked the logs, and, of course there are no IP's there, this is an issue that IMC techies do take seriously because the state keeps taking our servers to get access to the logs, so these are the methods that are used to ensure that there are no IP's in the apache logs:

 https://docs.indymedia.org/view/Sysadmin/ApacheLogsWithoutIPs

In additon all publishing is done via HTTPS and the cert is on an encrypted partition so if someone did sniff all the traffic for a period and then take the server with the idea of getting the private key to decrypt all the traffic they have logged they would be dissapointed -- they couldn't access the private key without the key to decrypt the partition that it's on and of course the key isn't on the server, it's encrypted on encrypted disks of trusted techies... And we are not being paranoid by taking measures like this -- the Italian state has done this.

In terms of the specific accusation here, what port do you think was scanned? This isn't clear from you screen shots. Also, I haven't used Windoze for years and know nothing about this software so it's hard to comment, but I can think of three possibilities:

1. It's some kind of false alarm, you seem to be using software you don't fully understand on an OS that can't be trusted.

2. Some 3rd party did port scan you and spoofed the Indymedia IP.

3. One of the people with root on the server (you need root to read what IP's are connected at any time, this info isn't logged and it's unaviodable that the server knows your IP's -- how else could it send you pages...!?) ran a port scan against you.

The second possibility above seems really unlikley, but who knows, the third is well beyond the relm of possibilities.

My suggestion to you is to start using Tor, then you will never have a direct connection with any server you are requesting web pages from:

 http://tor.eff.org/

More info on this on the security page, which is linked to from all pages...

 https://www.indymedia.org.uk/en/static/security.html