What is the .up2date folder that is located in my etc folder? I don't remember putting it there. Is it part of the website builder? Thanks.

No, that isn't part of sitebuilder. Have you recently installed any scripts or similar?

Not that I recall. The site was hacked some time back and the home page was defaced so that's what concerns me.

Ahh...I see. That might have something to do with it then. What's the domain?

clearlakeindiana.org

up2date seems to return Google hits as a Linux utility.

Looks like most of the files in that dir were put there around Sat Oct 16 03:05:32 2004. Was that around the time of the hack/defacement?

Yes. There are references to psyBNC, which seems to be here... http://www.psybnc.info/

Unless someone says otherwise, I'll delete the folder. I don't see any other abnormalities on the site.

This is from http://www.jestrix.net/tuts/psy.html

If you know nothing about bncs, a bnc is short for a 'bouncer.' A bnc acts as a proxy for irc, allowing you to hide your real IP address and use a vhost (vanity host - something like 'this.is.a.l33t.vhost.com'). What are the advantages of this? Well, mainly there's just one important one: It'll stop stupid packet kiddies from trying to knock you off the network. Everyone hates getting disconnected, and with a bnc on a decent shell, you should be pretty immune. Remember though: the kiddies can still nuke you, but it is assumed that the shell provider has a high-bandwidth line that allows it to withstand the numerous packets. If your shell is on a 56.6, you'll still be screwed.

So... why psybnc? There are a variety of other open source bnc's available for you to download, most notably EZBounce and plain-ol BNC. Both of these do the exact same basic thing as psybnc: hide your real host. But that's about where the similarity ends. I've been using psy for a long time now, and I love with all the features that it offers. To name a few:

· You'll always be connected to irc. Even when you close your irc client, psy will maintain your connection. When you connect later, you'll instantly be back on the channels you left. This also lets you hold your nick (if you need that feature), or hold ops on a channel.
· psy hides your IP even in DCC sessions. In other bncs, a direct client-client session is opened, thus revealing your IP. In psy, the connection is bounced through the shell, and your IP remains your dirty little secret ;)
· You can link multiple psy's together. This allows you to share vhosts, and also create a small ircd, termed the 'internal' network on the bncs.
· psyBNC now supports SSL. woohoo :)))
There are tons more features, but you can just download the source and view the README.

It's not anything that we would have placed there. So if you didn't put it there, I'd say it's fairly safe (and smart) to delete it.

It's gone. It sure pays to FTP in and snoop around your site once in a while and be aware of what's supposed to be where.

Thanks Tom, for your assistance.

You're welcome Rick. :cool:

I found a site that lists compromises of a specific domain name and it had recorded my defacement. You can type in a domain name and it tells you when and what happened.

http://www.zone-h.org/en/defacements/filter