Warnings against using unofficial installers
#wordpress#beginners#mysql#security
Dan

Dan @onyxcode

About: They call it "Fall" but nothing's fallen yet.......wait is that a cow?

Location:
Florida, USA
Joined:
Sep 29, 2020

Warnings against using unofficial installers

Publish Date: Nov 21 '20
6 12

I was trying to install Pterodactyl, a panel for managing servers for Minecraft, Discord bots, etc, easier. Looking back now, it was stupid of me to use a script to install it. Installing it manually only took me a couple hours anyways.

parkervcp and his team have no official install script for Pterodactyl. Stupidly, I went in search of unofficial install scripts, without realizing that most of them would be deployed on a fresh machine. Can you see where this is going?

It wiped all of my SQL databases. What did these databases contain you ask? Oh nothing, just about 10 domains worth of content including 2 forums and 6 WordPress installs. Stupid, I know. Luckily, all my previous articles, I had decided to publish on this website as well! Dev.to to the rescue!

In the aftermath, I decided that from now on, my articles will be published mainly on dev.to, with links to these articles on my website, onyxcode.net.

Bottom line, if the program doesn't have an installer, do it yourself. Don't go in search of unofficial methods. They could potentially contain malicious code, and you don't always know what deployment conditions they are meant for.

Thank you for coming to my TED talk.

Comments 12 total

  • АнонимNov 22, 2020

    [hidden by post author]

    • Dan
      DanNov 22, 2020

      I'm no professional. I'm 14. Please don't berate me about these things. I'm going the best I can.

      • Junxiao Shi
        Junxiao ShiNov 22, 2020

        An "official" installer is not guaranteed to not delete data.
        Always read the instructions, understand the script, and test first on pre-production environment.

        • Dan
          DanNov 22, 2020

          There is no pre-production environment in all cases lol

          • Junxiao Shi
            Junxiao ShiNov 22, 2020

            Docker container, virtual machine, hourly VPS, …

  • Lex Plt
    Lex PltNov 22, 2020

    I would add "always read the code of the installer if it's not too long", you can sometimes find curious things like "why do they need to download a script from that strange website?"

    Last but not least, if you find an installer already compiled into an executable file, don't run it unless you 100% trust the people who created it, or you could end up with viruses and more than just having to restore backups

    • Raphael Habereder
      Raphael HaberederNov 22, 2020

      You mention in your last line what I think needs more reinforcement.
      Always have a backup. If your server contains anything of value, creating a regular backup is a must. You don't have to follow the rule of 3-2-1, but regular backups onto your own host machine should definitely be done.

      • Dan
        DanNov 22, 2020

        Definitely taught me a valuable lesson.

        • Raphael Habereder
          Raphael HaberederNov 22, 2020

          Don't worry about it. One of my customers admins once told me "You aren't part of the big-boys club until you completely destroy a production environment" :D
          Welcome to the club I'd say :)

          • Dan
            DanNov 22, 2020

            Haha thanks :D

    • Dan
      DanNov 22, 2020

      Yep. One thing I forgot to mention in the post, not only did it wipe my databases, it also corrupted every SQL and MariaDB package I had. Sadly, there is no such thing as an "executable" for this kind of stuff on Linux. We use shell scripts, install the package (not applicable in this case), or we install things manually.

  • Corbin Chandler
    Corbin ChandlerFeb 13, 2025

    I see how long ago this was, but there is a certain installer I use that is trustworthy. I have used it 10+ times within the year, and can share it with you if needed! :D

Add comment