I installed Cerb4 and everything seems to be working, but the Helpdesk keeps telling me to delete the ‘install’ directory? What does this mean and how do I delete it?

I see this question come up every so often in our support inbox and thought it was finally time to officially address it. For those reading this before actually trying Cerb4, let me show you what all the fuss is about. On the last page of the Cerb4 installer you will see the following image:

If you ignore it, a second warning appears whenever you browse the ‘helpdesk setup’. Unfortunately this ugly warning will not go away until you actually do what it says.

So why are we constantly reminding you to delete this “potential security risk”? I’m sure there are a host of legitimate reasons, but a couple of obvious reasons come to mind. For one thing the ‘install’ folder contains a phpinfo file, giving sneaky individuals a possible entry point to grab information about your server. And second by removing this directory, it eliminates the possiblity of someone purposely or accidentally running the installer again — destroying your current setup.

Ironically the most confusing part of this whole message, is where to actually find this directory. It’s a lot simpler than you might think as there is nothing to do in the Cerb4 web interface. You simply need to delete the physical ‘install’ directory from inside the Cerb4 folder you downloaded and unzipped on your server.

Note that if you grabbed Cerb4 through Subversion, the directory will re-appear on future ‘SVN Update(s)’. It’s a bit of a pain but you will have to delete it again.

With the ‘install’ folder gone you should be a little safer and you can finally kiss those annoying pink messages goodbye.

-joegeck@wgm