DEV Community

Cover image for Warnings against using unofficial installers

Warnings against using unofficial installers

Dan on November 21, 2020

I was trying to install Pterodactyl, a panel for managing servers for Minecraft, Discord bots, etc, easier. Looking back now, it was stupid of me t...
Collapse
 
lexplt profile image
Alexandre Plt

I would add "always read the code of the installer if it's not too long", you can sometimes find curious things like "why do they need to download a script from that strange website?"

Last but not least, if you find an installer already compiled into an executable file, don't run it unless you 100% trust the people who created it, or you could end up with viruses and more than just having to restore backups

Collapse
 
habereder profile image
Raphael Habereder

You mention in your last line what I think needs more reinforcement.
Always have a backup. If your server contains anything of value, creating a regular backup is a must. You don't have to follow the rule of 3-2-1, but regular backups onto your own host machine should definitely be done.

Collapse
 
onyxcode profile image
Dan

Definitely taught me a valuable lesson.

Thread Thread
 
habereder profile image
Raphael Habereder

Don't worry about it. One of my customers admins once told me "You aren't part of the big-boys club until you completely destroy a production environment" :D
Welcome to the club I'd say :)

Thread Thread
 
onyxcode profile image
Dan

Haha thanks :D

Collapse
 
onyxcode profile image
Dan

Yep. One thing I forgot to mention in the post, not only did it wipe my databases, it also corrupted every SQL and MariaDB package I had. Sadly, there is no such thing as an "executable" for this kind of stuff on Linux. We use shell scripts, install the package (not applicable in this case), or we install things manually.

Collapse
 
yoursunny profile image
Info Comment hidden by post author - thread only accessible via permalink
Junxiao Shi

Where's the backup for your databases?

Where's the pre-production environment for testing changes before deploying to production?

Collapse
 
onyxcode profile image
Dan

I'm no professional. I'm 14. Please don't berate me about these things. I'm going the best I can.

Collapse
 
yoursunny profile image
Junxiao Shi

An "official" installer is not guaranteed to not delete data.
Always read the instructions, understand the script, and test first on pre-production environment.

Thread Thread
 
onyxcode profile image
Dan

There is no pre-production environment in all cases lol

Thread Thread
 
yoursunny profile image
Junxiao Shi

Docker container, virtual machine, hourly VPS, …

Some comments have been hidden by the post's author - find out more