Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Let me know... :-)
KDCinfo

I think I found the source of the ha.ckers.org notifications from my firewalls. Here at work, that address is actually blocked. And although I secure proxy to some addresses, my Google Desktop does not; it gets blocked... and one of my Google Desktop tab views are for relevant news feeds. Being that updates every 5 minutes, I'm guessing that's the source of the notifications.

I've shut that down and expect these 5-minute interval notifications to cease.

You never know what's going on 'till you install a firewall and inspect the logs. And even then, you're only just a little more informed.
Guest

Thanks for the response. ZA did report WinSCP as the application that opened the connection. I use the standalone version, so just open the exe via a shortcut. Unfortunately, the log kept rolling and I never could recreate the notification/log entry with ZA.

Moving on: ZA was causing issues this morning, so I uninstalled and installed Kerio. The Kerio log is showing access denied to "<invalid hyperlink removed by admin>" every 5 minutes...
martin

Re: ckers.org

I've never header of such problem. What application does the ZA report to open the connection? WinSCP? Who do you run the WinSCP?
KDCinfo

ckers.org

Hi there,

I'm new here, but have been using winscp for about 6 months now. Its nice feeling secure... even if I am still ignorant of so many other thousand issues that aren't.

My question today is, I noticed in ZoneAlarm, when I connected to my site, ZA showed a 2nd firewall/application entry showing the destination DNS as ckers.org. This is "ha.ckers" - any idea why this would be a destination dns.

What's worse, the IP mentioned goes to 69.12.144.65:53. That's not a pretty sight...

Any thoughts? I'm using 382, and if I recall correctly, I downloaded it via SourceForge.

For one, I'm changing the password to the site I logged into via WinSCP.

Thanks.

Keith D Commiskey